Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

t/data/binary-test.file has unknown provenance #475

Open
chrisnovakovic opened this issue Apr 3, 2024 · 1 comment · May be fixed by #476
Open

t/data/binary-test.file has unknown provenance #475

chrisnovakovic opened this issue Apr 3, 2024 · 1 comment · May be fixed by #476
Assignees
@chrisnovakovic
Labels
tech-debt Technical debt

Comments

@chrisnovakovic
Copy link
Collaborator

We did a lot of work a few years ago to make the test suite PKI reproducible (see #212). The only remaining binary blob with no clear provenance is t/data/binary-test.file. While I don't for a second suspect that Mike put anything malicious in there, I think it'd be reassuring to be more transparent about the source of the underlying data in a file like this, especially given recent adventures with opaque test data in other open-source projects.

t/data/binary-test.file is only used to test the behaviour of RAND_load_file and various digest functions. In fact there's no reason it has to have binary content at all - we could make it an ASCII text file containing widely-known text, to show we have nothing up our sleeves.
@chrisnovakovic chrisnovakovic added the tech-debt Technical debt label Apr 3, 2024
@chrisnovakovic chrisnovakovic self-assigned this Apr 3, 2024
chrisnovakovic added a commit to chrisnovakovic/p5-net-ssleay that referenced this issue Apr 4, 2024
@chrisnovakovic
Replace binary test file with ASCII text file
38a939c 
t/data/binary-test.file is a binary blob of unknown provenance. To
provide more reassurance that nothing malicious is hidden in binary
blobs in the test suite, replace this file with the ASCII text file
t/data/lorem-ipsum.txt, which contains the first two paragraphs of
lorem ipsum generated by https://lipsum.com with lines wrapped at 80
characters.

Closes radiator-software#475.
@chrisnovakovic chrisnovakovic linked a pull request Apr 4, 2024 that will close this issue
Open
chrisnovakovic added a commit to chrisnovakovic/p5-net-ssleay that referenced this issue Apr 5, 2024
@chrisnovakovic
Replace binary test file with ASCII text file
1133f87 
t/data/binary-test.file is a binary blob of unknown provenance. To
provide more reassurance that nothing malicious is hidden in binary
blobs in the test suite, replace this file with the ASCII text file
t/data/lorem-ipsum.txt, which contains the first two paragraphs of
lorem ipsum generated by https://lipsum.com with lines wrapped at 80
characters.

Closes radiator-software#475.
@h-vn
Copy link
Contributor

h-vn commented Apr 8, 2024

I'm fine with this change as long as we find something suitable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chrisnovakovic chrisnovakovic

Labels
tech-debt Technical debt
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace binary test file with ASCII text file chrisnovakovic/p5-net-ssleay
2 participants
@chrisnovakovic @h-vn