Skip to content

Record validation fails on invalid hash algorithm names #178

New issue
New issue
Open
#179
Open
Record validation fails on invalid hash algorithm names#178
#179
Labels
component: recordsRelated to installer.recordstype: bugA confirmed bug or unintended behavior
@dimbleby

Description

@dimbleby
dimbleby
opened on Apr 8, 2023

as encountered in the wild with swat 1.12.1 and reported at python-poetry/poetry#7778 - RECORDS contains lines like

swat-1.12.1.dist-info/METADATA,sha=c2717134222c10492eaaea1040f6d2b1cd077054f1e7e4ea4f8b1cc48498282f,7737

which (among other things wrong with it) says sha where it means sha256.

Current behaviour is an uncaught ValueError from hashlib.new()

Here's a testcase:

    def test_rejects_record_containing_unknown_hash(self, fancy_wheel):
        with WheelFile.open(fancy_wheel) as source:
            record_file_contents = source.read_dist_info("RECORD")

        new_record_file_contents = record_file_contents.replace("sha256=", "sha=")
        replace_file_in_zip(
            fancy_wheel,
            filename="fancy-1.0.0.dist-info/RECORD",
            content=new_record_file_contents,
        )

        with WheelFile.open(fancy_wheel) as source:
            with pytest.raises(
                WheelFile.validation_error,
                match="RECORD file contains invalid hash algorithm `sha`",
            ):
                source.validate_record(validate_contents=True)

but it's not clear to me where would be the cleanest place to detect or catch this error so I have no fix to offer

Edit: changed my mind, #179

Metadata

Metadata

Assignees

No one assigned

    Labels

    component: recordsRelated to installer.recordstype: bugA confirmed bug or unintended behavior

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions