akanealw
eec8c28fb3
Some checks failed
Go Benchmark / Performance Regression Check (push) Has been cancelled
Cerberus Integration / Cerberus Security Stack Integration (push) Has been cancelled
Upload Coverage to Codecov / Backend Codecov Upload (push) Has been cancelled
Upload Coverage to Codecov / Frontend Codecov Upload (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (go) (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Has been cancelled
CrowdSec Integration / CrowdSec Bouncer Integration (push) Has been cancelled
Docker Build, Publish & Test / build-and-push (push) Has been cancelled
Quality Checks / Auth Route Protection Contract (push) Has been cancelled
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Has been cancelled
Quality Checks / Backend (Go) (push) Has been cancelled
Quality Checks / Frontend (React) (push) Has been cancelled
Rate Limit integration / Rate Limiting Integration (push) Has been cancelled
Security Scan (PR) / Trivy Binary Scan (push) Has been cancelled
Supply Chain Verification (PR) / Verify Supply Chain (push) Has been cancelled
WAF integration / Coraza WAF Integration (push) Has been cancelled
Docker Build, Publish & Test / Security Scan PR Image (push) Has been cancelled
Repo Health Check / Repo health (push) Has been cancelled
History Rewrite Dry-Run / Dry-run preview for history rewrite (push) Has been cancelled
Prune Renovate Branches / prune (push) Has been cancelled
Renovate / renovate (push) Has been cancelled
Nightly Build & Package / sync-development-to-nightly (push) Has been cancelled
Nightly Build & Package / Trigger Nightly Validation Workflows (push) Has been cancelled
Nightly Build & Package / build-and-push-nightly (push) Has been cancelled
Nightly Build & Package / test-nightly-image (push) Has been cancelled
Nightly Build & Package / verify-nightly-supply-chain (push) Has been cancelled
Update GeoLite2 Checksum / update-checksum (push) Has been cancelled
Container Registry Prune / prune-ghcr (push) Has been cancelled
Container Registry Prune / prune-dockerhub (push) Has been cancelled
Container Registry Prune / summarize (push) Has been cancelled
Supply Chain Verification / Verify SBOM (push) Has been cancelled
Supply Chain Verification / Verify Release Artifacts (push) Has been cancelled
Supply Chain Verification / Verify Docker Image Supply Chain (push) Has been cancelled
Monitor Caddy Major Release / check-caddy-major (push) Has been cancelled
Weekly Nightly to Main Promotion / Verify Nightly Branch Health (push) Has been cancelled
Weekly Nightly to Main Promotion / Create Promotion PR (push) Has been cancelled
Weekly Nightly to Main Promotion / Trigger Missing Required Checks (push) Has been cancelled
Weekly Nightly to Main Promotion / Notify on Failure (push) Has been cancelled
Weekly Nightly to Main Promotion / Workflow Summary (push) Has been cancelled
86 lines
2.3 KiB
Go
Executable File
86 lines
2.3 KiB
Go
Executable File
package util
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestConstantTimeCompare(t *testing.T) {
|
|
t.Parallel()
|
|
tests := []struct {
|
|
name string
|
|
a string
|
|
b string
|
|
expected bool
|
|
}{
|
|
{"equal strings", "secret123", "secret123", true},
|
|
{"different strings", "secret123", "secret456", false},
|
|
{"different lengths", "short", "muchlonger", false},
|
|
{"empty strings", "", "", true},
|
|
{"one empty", "notempty", "", false},
|
|
{"unicode equal", "héllo", "héllo", true},
|
|
{"unicode different", "héllo", "hëllo", false},
|
|
{"special chars equal", "!@#$%^&*()", "!@#$%^&*()", true},
|
|
{"whitespace matters", "hello ", "hello", false},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result := ConstantTimeCompare(tt.a, tt.b)
|
|
if result != tt.expected {
|
|
t.Errorf("ConstantTimeCompare(%q, %q) = %v, want %v", tt.a, tt.b, result, tt.expected)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestConstantTimeCompareBytes(t *testing.T) {
|
|
t.Parallel()
|
|
tests := []struct {
|
|
name string
|
|
a []byte
|
|
b []byte
|
|
expected bool
|
|
}{
|
|
{"equal bytes", []byte{1, 2, 3}, []byte{1, 2, 3}, true},
|
|
{"different bytes", []byte{1, 2, 3}, []byte{1, 2, 4}, false},
|
|
{"different lengths", []byte{1, 2}, []byte{1, 2, 3}, false},
|
|
{"empty slices", []byte{}, []byte{}, true},
|
|
{"nil slices", nil, nil, true},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result := ConstantTimeCompareBytes(tt.a, tt.b)
|
|
if result != tt.expected {
|
|
t.Errorf("ConstantTimeCompareBytes(%v, %v) = %v, want %v", tt.a, tt.b, result, tt.expected)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
// BenchmarkConstantTimeCompare ensures the function remains constant-time.
|
|
func BenchmarkConstantTimeCompare(b *testing.B) {
|
|
// #nosec G101 -- Test fixture for benchmarking constant-time comparison, not a real credential
|
|
secret := "a]3kL9#mP2$vN7@qR5*wX1&yT4^uI8%oE0!"
|
|
|
|
b.Run("equal", func(b *testing.B) {
|
|
for i := 0; i < b.N; i++ {
|
|
ConstantTimeCompare(secret, secret)
|
|
}
|
|
})
|
|
|
|
b.Run("different_first_char", func(b *testing.B) {
|
|
different := "b]3kL9#mP2$vN7@qR5*wX1&yT4^uI8%oE0!"
|
|
for i := 0; i < b.N; i++ {
|
|
ConstantTimeCompare(secret, different)
|
|
}
|
|
})
|
|
|
|
b.Run("different_last_char", func(b *testing.B) {
|
|
different := "a]3kL9#mP2$vN7@qR5*wX1&yT4^uI8%oE0?"
|
|
for i := 0; i < b.N; i++ {
|
|
ConstantTimeCompare(secret, different)
|
|
}
|
|
})
|
|
}
|