Reject variable-length (SHAKE) checksum algorithms instead of crashing#210
Open
arpitjain099 wants to merge 1 commit into
Open
Reject variable-length (SHAKE) checksum algorithms instead of crashing#210arpitjain099 wants to merge 1 commit into
arpitjain099 wants to merge 1 commit into
Conversation
bagit advertised the SHAKE algorithms (shake_128, shake_256) as usable manifest checksums because they are in hashlib.algorithms_guaranteed, but their hexdigest() needs a length argument that bagit never supplies, so make_bag crashed with a TypeError partway through. Detect variable-length digests by behavior (not by name) and filter them out of CHECKSUM_ALGOS, raise a clear BagError if one is requested directly, and skip them in get_hashers as a safeguard. Closes LibraryOfCongress#158. Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Picking shake_128 or shake_256 as a checksum currently crashes make_bag partway through with "TypeError: shake_128.hexdigest() takes exactly one argument (0 given)", because those SHAKE digests need a length argument that bagit never passes even though they show up in hashlib.algorithms_guaranteed and get offered as CLI flags. This is issue #158.
The fix detects variable-length digests by behavior rather than hardcoding the SHAKE names, so it keeps working if hashlib ever adds more of them. SHAKE is filtered out of CHECKSUM_ALGOS (so it is no longer auto-discovered or shown in --help), make_bag now raises a clear BagError if you ask for one directly, and get_hashers skips them as a safeguard. A normal algorithm like sha3_256 still produces a bag that validates.
Added a few tests for the BagError cases and that SHAKE is no longer advertised. The whole suite passes (117) and black/ruff are happy.