Open dimbleby opened 1 year ago
as encountered in the wild with swat 1.12.1 and reported at https://github.com/python-poetry/poetry/issues/7778 - RECORDS contains lines like
RECORDS
swat-1.12.1.dist-info/METADATA,sha=c2717134222c10492eaaea1040f6d2b1cd077054f1e7e4ea4f8b1cc48498282f,7737
which (among other things wrong with it) says sha where it means sha256.
sha
sha256
Current behaviour is an uncaught ValueError from hashlib.new()
ValueError
hashlib.new()
Here's a testcase:
def test_rejects_record_containing_unknown_hash(self, fancy_wheel): with WheelFile.open(fancy_wheel) as source: record_file_contents = source.read_dist_info("RECORD") new_record_file_contents = record_file_contents.replace("sha256=", "sha=") replace_file_in_zip( fancy_wheel, filename="fancy-1.0.0.dist-info/RECORD", content=new_record_file_contents, ) with WheelFile.open(fancy_wheel) as source: with pytest.raises( WheelFile.validation_error, match="RECORD file contains invalid hash algorithm `sha`", ): source.validate_record(validate_contents=True)
but it's not clear to me where would be the cleanest place to detect or catch this error so I have no fix to offer
Edit: changed my mind, #179
as encountered in the wild with swat 1.12.1 and reported at https://github.com/python-poetry/poetry/issues/7778 -
RECORDS
contains lines likewhich (among other things wrong with it) says
sha
where it meanssha256
.Current behaviour is an uncaught
ValueError
fromhashlib.new()
Here's a testcase:
but it's not clear to me where would be the cleanest place to detect or catch this error so I have no fix to offer
Edit: changed my mind, #179