veraison / go-cose

go library for CBOR Object Signing and Encryption (COSE)
Mozilla Public License 2.0
50 stars 26 forks source link

Unit Test in go-cose repository needs to check for precise error condition #118

Closed yogeshbdeshpande closed 1 year ago

yogeshbdeshpande commented 1 year ago

Current Unit test (example : file verifier_test.go) TestNewVerifier ( )

Only checks whether the negative tests have returned an Error or not ? Then the test code compares it with a Boolean "WantErr" to understand that whether error was expected in the given test instance or not?

However the test code does not check the precise "error string" which maps to precise point in the code where the tests should return an error.

With this type of testing could lead to inaccurate results as code may return an error from incorrect part but the test may still indicate pass.

ivarprudnikov commented 1 year ago

Just to make it explicit, the test file in question is https://github.com/veraison/go-cose/blob/main/verifier_test.go

There are 3 key mismatch test cases: ecdsa key mismatch, ed25519 key mismatch, rsa key mismatch One test that provides unexpected alg: unknown algorithm And one more rsa key under minimum entropy

Looks like a low hanging fruit to increase integrity, @yogeshbdeshpande would you be willing to do a PR?

yogeshbdeshpande commented 1 year ago

@ivarprudnikov I will make a change shortly!