mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-08-04 10:58:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Replace unwrap with ? in hash generation (#3003)

Browse source 
And add tests to catch it.
This commit is contained in:
Charlie Marsh 2024-04-11 20:41:08 -04:00 committed by GitHub
parent 8507ba872f
commit 3df8df656b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 68 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crates/pypi-types/src/simple_json.rs
View file

@ -340,7 +340,7 @@ pub enum HashError {
InvalidStructure(String), InvalidStructure(String),
#[error( #[error(
"Unsupported hash algorithm (expected `md5`, `sha256`, `sha384`, or `sha512`) on: {0}" "Unsupported hash algorithm: `{0}` (expected one of: `md5`, `sha256`, `sha384`, or `sha512`)"
)] )]
UnsupportedHashAlgorithm(String), UnsupportedHashAlgorithm(String),
} }

3
crates/uv-types/src/hash.rs
View file

@ -141,8 +141,7 @@ impl HashStrategy {
let digests = digests let digests = digests
.iter() .iter()
.map(|digest| HashDigest::from_str(digest)) .map(|digest| HashDigest::from_str(digest))
.collect::<Result<Vec<_>, _>>() .collect::<Result<Vec<_>, _>>()?;
.unwrap();
hashes.insert(id, digests); hashes.insert(id, digests);
} }

66
crates/uv/tests/pip_sync.rs
View file

@ -3088,6 +3088,31 @@ requires-python = "<=3.5"
Ok(()) Ok(())
} }
/// Use an unknown hash algorithm with `--require-hashes`.
#[test]
fn require_hashes_unknown_algorithm() -> Result<()> {
let context = TestContext::new("3.12");
let requirements_txt = context.temp_dir.child("requirements.txt");
requirements_txt.write_str(
"anyio==4.0.0 --hash=foo:cfdb2b588b9fc25ede96d8db56ed50848b0b649dca3dd1df0b11f683bb9e0b5f",
)?;
uv_snapshot!(command(&context)
.arg("requirements.txt")
.arg("--require-hashes"), @r###"
success: false
exit_code: 2
----- stdout -----
----- stderr -----
error: Unsupported hash algorithm: `foo` (expected one of: `md5`, `sha256`, `sha384`, or `sha512`)
"###
);
Ok(())
}
/// Omit the hash with `--require-hashes`. /// Omit the hash with `--require-hashes`.
#[test] #[test]
fn require_hashes_missing_hash() -> Result<()> { fn require_hashes_missing_hash() -> Result<()> {
@ -3168,6 +3193,47 @@ fn require_hashes_missing_version() -> Result<()> {
Ok(()) Ok(())
} }
/// Use a non-`==` operator with `--require-hashes`.
#[test]
fn require_hashes_invalid_operator() -> Result<()> {
let context = TestContext::new("3.12");
let requirements_txt = context.temp_dir.child("requirements.txt");
requirements_txt.write_str(
"anyio>4.0.0 --hash=sha256:cfdb2b588b9fc25ede96d8db56ed50848b0b649dca3dd1df0b11f683bb9e0b5f",
)?;
// Install without error when `--require-hashes` is omitted.
uv_snapshot!(command(&context)
.arg("requirements.txt"), @r###"
success: true
exit_code: 0
----- stdout -----
----- stderr -----
Resolved 1 package in [TIME]
Downloaded 1 package in [TIME]
Installed 1 package in [TIME]
+ anyio==4.3.0
"###
);
// Error when `--require-hashes` is provided.
uv_snapshot!(command(&context)
.arg("requirements.txt")
.arg("--require-hashes"), @r###"
success: false
exit_code: 2
----- stdout -----
----- stderr -----
error: In `--require-hashes` mode, all requirement must have their versions pinned with `==`, but found: anyio>4.0.0
"###
);
Ok(())
}
/// Include the hash for _just_ the wheel with `--no-binary`. /// Include the hash for _just_ the wheel with `--no-binary`.
#[test] #[test]
fn require_hashes_wheel_no_binary() -> Result<()> { fn require_hashes_wheel_no_binary() -> Result<()> {