Merge pull request #282 from aryan9600/known-key

Add tests for `ParseKnownHosts` and `KnownKey.Matches`
fluxcd · May 26, 2022 · 3d631df · 3d631df
2 parents 9b9adf5 + d65cdf0
commit 3d631df
Showing 1 changed file with 111 additions and 10 deletions.
diff --git a/ssh/knownhosts/known_key_test.go b/ssh/knownhosts/known_key_test.go
@@ -17,11 +17,17 @@ limitations under the License.
 package knownhosts
 
 import (
+	"crypto/sha256"
+	"encoding/base64"
 	"testing"
 
 	. "github.com/onsi/gomega"
 )
 
+// knownHostsFixture is known_hosts fixture in the expected
+// format.
+var knownHostsFixture = `github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==`
+
 func Test_matchHashedHost(t *testing.T) {
 	tests := []struct {
 		name       string
@@ -84,16 +90,111 @@ func Test_matchHashedHost(t *testing.T) {
 	}
 }
 
-func TestParseKnownHosts(t *testing.T) {
-	known_host := "11.101.41.142 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLBfOI4ma6GtSaWssT8pqJ7kVxuMfcYhTIs5p0TiiY7Wz8WVArUzzQjoKUJ60HT5CqHmOMb8ux6nDIXNRamf+VE="
+func Test_parseKnownHosts_matches(t *testing.T) {
+	hasher := sha256.New()
+	tests := []struct {
+		name        string
+		fingerprint []byte
+		wantMatches bool
+	}{
+		{
+			name:        "good sha256 hostkey",
+			fingerprint: sha256Fingerprint("nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8"),
+			wantMatches: true,
+		},
+		{
+			name:        "bad sha256 hostkey",
+			fingerprint: sha256Fingerprint("ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ"),
+			wantMatches: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
 
-	kk, err := ParseKnownHosts(known_host)
-	g := NewWithT(t)
-	g.Expect(err).ToNot(HaveOccurred())
-	g.Expect(len(kk)).To(Equal(1))
-	known_host = known_host + "invalidbase"
+			knownKeys, err := ParseKnownHosts(knownHostsFixture)
+			if err != nil {
+				t.Error(err)
+				return
+			}
+			matches := knownKeys[0].Matches("github.com", tt.fingerprint, hasher)
+			g.Expect(matches).To(Equal(tt.wantMatches))
+		})
+	}
+}
 
-	kk, err = ParseKnownHosts(known_host)
-	g.Expect(err).To(HaveOccurred())
-	g.Expect(len(kk)).To(Equal(0))
+func Test_parseKnownHosts(t *testing.T) {
+	tests := []struct {
+		name    string
+		fixture string
+		wantErr bool
+	}{
+		{
+			name:    "empty file",
+			fixture: "",
+			wantErr: false,
+		},
+		{
+			name:    "single host",
+			fixture: `github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==`,
+			wantErr: false,
+		},
+		{
+			name: "single host with comment",
+			fixture: `# github.com
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==`,
+			wantErr: false,
+		},
+		{
+			name: "multiple hosts with comments",
+			fixture: `# github.com
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+# gitlab.com
+gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf`,
+		},
+		{
+			name: "no host key, only comments",
+			fixture: `# example.com
+#github.com
+# gitlab.com`,
+			wantErr: false,
+		},
+		{
+			name:    "invalid host entry",
+			fixture: `github.com ssh-rsa`,
+			wantErr: true,
+		},
+		{
+			name:    "invalid content",
+			fixture: `some random text`,
+			wantErr: true,
+		},
+		{
+			name: "invalid line with valid host key",
+			fixture: `some random text
+gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf`,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			_, err := ParseKnownHosts(tt.fixture)
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+			} else {
+				g.Expect(err).ToNot(HaveOccurred())
+			}
+		})
+	}
+}
+
+func sha256Fingerprint(in string) []byte {
+	d, err := base64.RawStdEncoding.DecodeString(in)
+	if err != nil {
+		panic(err)
+	}
+	var out [32]byte
+	copy(out[:], d)
+	return out[:]
 }