Initial import of wrapper-validation-action

sources/test/jest/wrapper-validation/checksums.test.ts

@@ -0,0 +1,55 @@
+import * as checksums from '../../../src/wrapper-validation/checksums'
+import nock from 'nock'
+import {afterEach, describe, expect, test, jest} from '@jest/globals'
+
+jest.setTimeout(30000)
+
+test('has loaded hardcoded wrapper jars checksums', async () => {
+  // Sanity check that generated checksums file is not empty and was properly imported
+  expect(checksums.KNOWN_VALID_CHECKSUMS.size).toBeGreaterThan(10)
+  // Verify that checksums of arbitrary versions are contained
+  expect(
+    checksums.KNOWN_VALID_CHECKSUMS.get(
+      '660ab018b8e319e9ae779fdb1b7ac47d0321bde953bf0eb4545f14952cfdcaa3'
+    )
+  ).toEqual(new Set(['4.10.3']))
+  expect(
+    checksums.KNOWN_VALID_CHECKSUMS.get(
+      '28b330c20a9a73881dfe9702df78d4d78bf72368e8906c70080ab6932462fe9e'
+    )
+  ).toEqual(new Set(['6.0-rc-1', '6.0-rc-2', '6.0-rc-3', '6.0', '6.0.1']))
+})
+
+test('fetches wrapper jars checksums', async () => {
+  const validChecksums = await checksums.fetchValidChecksums(false)
+  expect(validChecksums.size).toBeGreaterThan(10)
+  // Verify that checksum of arbitrary version is contained
+  expect(
+    validChecksums.has(
+      // Checksum for version 6.0
+      '28b330c20a9a73881dfe9702df78d4d78bf72368e8906c70080ab6932462fe9e'
+    )
+  ).toBe(true)
+})
+
+describe('retry', () => {
+  afterEach(() => {
+    nock.cleanAll()
+  })
+
+  describe('for /versions/all API', () => {
+    test('retry three times', async () => {
+      nock('https://services.gradle.org', {allowUnmocked: true})
+        .get('/versions/all')
+        .times(3)
+        .replyWithError({
+          message: 'connect ECONNREFUSED 104.18.191.9:443',
+          code: 'ECONNREFUSED'
+        })
+
+      const validChecksums = await checksums.fetchValidChecksums(false)
+      expect(validChecksums.size).toBeGreaterThan(10)
+      nock.isDone()
+    })
+  })
+})

sources/test/jest/wrapper-validation/find.test.ts

@@ -0,0 +1,12 @@
+import * as path from 'path'
+import * as find from '../../../src/wrapper-validation/find'
+import {expect, test} from '@jest/globals'
+
+test('finds test data wrapper jars', async () => {
+  const repoRoot = path.resolve('./test/jest/wrapper-validation')
+  const wrapperJars = await find.findWrapperJars(repoRoot)
+  expect(wrapperJars.length).toBe(3)
+  expect(wrapperJars).toContain('data/valid/gradle-wrapper.jar')
+  expect(wrapperJars).toContain('data/invalid/gradle-wrapper.jar')
+  expect(wrapperJars).toContain('data/invalid/gradlе-wrapper.jar') // homoglyph
+})

sources/test/jest/wrapper-validation/hash.test.ts

@@ -0,0 +1,12 @@
+import * as path from 'path'
+import * as hash from '../../../src/wrapper-validation/hash'
+import {expect, test} from '@jest/globals'
+
+test('can sha256 files', async () => {
+  const sha = await hash.sha256File(
+    path.resolve('test/jest/wrapper-validation/data/invalid/gradle-wrapper.jar')
+  )
+  expect(sha).toEqual(
+    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+  )
+})

sources/test/jest/wrapper-validation/validate.test.ts

@@ -0,0 +1,98 @@
+import * as path from 'path'
+import * as validate from '../../../src/wrapper-validation/validate'
+import {expect, test, jest} from '@jest/globals'
+
+jest.setTimeout(30000)
+
+const baseDir = path.resolve('./test/jest/wrapper-validation')
+
+test('succeeds if all found wrapper jars are valid', async () => {
+  const result = await validate.findInvalidWrapperJars(baseDir, 3, false, [
+    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+  ])
+
+  expect(result.isValid()).toBe(true)
+  // Only hardcoded and explicitly allowed checksums should have been used
+  expect(result.fetchedChecksums).toBe(false)
+
+  expect(result.toDisplayString()).toBe(
+    '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})
+
+test('succeeds if all found wrapper jars are valid (and checksums are fetched from Gradle API)', async () => {
+  const knownValidChecksums = new Map<string, Set<string>>()
+  const result = await validate.findInvalidWrapperJars(
+    baseDir,
+    1,
+    false,
+    ['e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'],
+    knownValidChecksums
+  )
+
+  expect(result.isValid()).toBe(true)
+  // Should have fetched checksums because no known checksums were provided
+  expect(result.fetchedChecksums).toBe(true)
+
+  expect(result.toDisplayString()).toBe(
+    '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})
+
+test('fails if invalid wrapper jars are found', async () => {
+  const result = await validate.findInvalidWrapperJars(baseDir, 3, false, [])
+
+  expect(result.isValid()).toBe(false)
+
+  expect(result.valid).toEqual([
+    new validate.WrapperJar(
+      'data/valid/gradle-wrapper.jar',
+      '3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce'
+    )
+  ])
+
+  expect(result.invalid).toEqual([
+    new validate.WrapperJar(
+      'data/invalid/gradle-wrapper.jar',
+      'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+    ),
+    new validate.WrapperJar(
+      'data/invalid/gradlе-wrapper.jar', // homoglyph
+      'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+    )
+  ])
+
+  expect(result.toDisplayString()).toBe(
+    '✗ Found unknown Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})
+
+test('fails if not enough wrapper jars are found', async () => {
+  const result = await validate.findInvalidWrapperJars(baseDir, 4, false, [])
+
+  expect(result.isValid()).toBe(false)
+
+  expect(result.errors).toEqual([
+    'Expected to find at least 4 Gradle Wrapper JARs but got only 3'
+  ])
+
+  expect(result.toDisplayString()).toBe(
+    '✗ Found unknown Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '✗ Other validation errors:\n' +
+      '  Expected to find at least 4 Gradle Wrapper JARs but got only 3\n' +
+      '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})