refactor(model)!: Use a secondary Hash constructor instead of `crea…

…te()` Move the sanity check from the `create()` function overload that takes strings to an `init` block so that it affects all constructors, and add a secondary constructor to replace that function. Change calling code accordingly and simplify the cases for `Conan` and `Pub` where the hash is known to be SHA256. Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
oss-review-toolkit · Jul 19, 2024 · 56e2fb7 · 56e2fb7
1 parent 636411b
commit 56e2fb7
Show file tree

Hide file tree

Showing 9 changed files with 21 additions and 21 deletions.
diff --git a/model/src/main/kotlin/Hash.kt b/model/src/main/kotlin/Hash.kt
@@ -67,19 +67,19 @@ data class Hash(
                 Hash(value.lowercase(), HashAlgorithm.create(value))
             }
         }
+    }
 
-        /**
-         * Create a [Hash] instance from a known hash [value] and [algorithm]. This is mostly used for deserialization
-         * to verify the algorithm matches the one determined by the value.
-         */
-        fun create(value: String, algorithm: String): Hash =
-            create(value).also { hash ->
-                require(hash.algorithm == HashAlgorithm.fromString(algorithm)) {
-                    "'$value' is not a $algorithm hash."
-                }
-            }
+    init {
+        require(value.length == algorithm.size || algorithm == HashAlgorithm.UNKNOWN) {
+            "'$value' is not a $algorithm hash."
+        }
     }
 
+    /**
+     * Construct a [Hash] instance from hash [value] and [algorithm] strings.
+     */
+    constructor(value: String, algorithm: String) : this(value, HashAlgorithm.fromString(algorithm))
+
     /**
      * Return the hash in Support Subresource Integrity (SRI) format.
      */

diff --git a/model/src/main/kotlin/utils/PurlExtensions.kt b/model/src/main/kotlin/utils/PurlExtensions.kt
@@ -121,7 +121,7 @@ fun String.toProvenance(): Provenance {
             ArtifactProvenance(
                 sourceArtifact = RemoteArtifact(
                     url = URLDecoder.decode(encodedUrl, "UTF-8"),
-                    hash = Hash.create(value, algorithm)
+                    hash = Hash(value, algorithm)
                 )
             )
         }

diff --git a/model/src/test/kotlin/HashTest.kt b/model/src/test/kotlin/HashTest.kt
@@ -73,12 +73,12 @@ class HashTest : WordSpec({
 
     "Passing a string value and name to create()" should {
         "succeed if the name is valid for the created hash" {
-            Hash.create("6a7d2814506e9801f13e767964ae3a8f", "MD5").algorithm shouldBe HashAlgorithm.MD5
+            Hash("6a7d2814506e9801f13e767964ae3a8f", "MD5").algorithm shouldBe HashAlgorithm.MD5
         }
 
         "fail if the name is invalid for the created hash" {
             shouldThrow<IllegalArgumentException> {
-                Hash.create("0123456789", "MD5")
+                Hash("0123456789", "MD5")
             }
         }
     }

diff --git a/plugins/package-managers/conan/src/main/kotlin/Conan.kt b/plugins/package-managers/conan/src/main/kotlin/Conan.kt
@@ -381,7 +381,7 @@ class Conan(
     private fun parseSourceArtifact(conanData: ConanData): RemoteArtifact {
         val url = conanData.url ?: return RemoteArtifact.EMPTY
         val hashValue = conanData.sha256.orEmpty()
-        val hash = Hash.NONE.takeIf { hashValue.isEmpty() } ?: Hash.create(hashValue, HashAlgorithm.SHA256.name)
+        val hash = Hash.NONE.takeIf { hashValue.isEmpty() } ?: Hash(hashValue, HashAlgorithm.SHA256)
 
         return RemoteArtifact(url, hash)
     }

diff --git a/plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt b/plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt
@@ -403,7 +403,7 @@ private fun GradleInspector.createRemoteArtifact(
  */
 private fun parseChecksum(checksum: String, algorithm: String) =
     checksum.splitOnWhitespace().firstNotNullOfOrNull {
-        runCatching { Hash.create(it, algorithm) }.getOrNull()
+        runCatching { Hash(it, algorithm) }.getOrNull()
     } ?: Hash.NONE
 
 // See http://maven.apache.org/pom.html#SCM.

diff --git a/plugins/package-managers/maven/src/main/kotlin/utils/MavenSupport.kt b/plugins/package-managers/maven/src/main/kotlin/utils/MavenSupport.kt
@@ -307,7 +307,7 @@ class MavenSupport(private val workspaceReader: WorkspaceReader) {
          */
         internal fun parseChecksum(checksum: String, algorithm: String) =
             checksum.splitOnWhitespace().firstNotNullOfOrNull {
-                runCatching { Hash.create(it, algorithm) }.getOrNull()
+                runCatching { Hash(it, algorithm) }.getOrNull()
             } ?: Hash.NONE
 
         /**

diff --git a/plugins/package-managers/maven/src/test/kotlin/utils/MavenSupportTest.kt b/plugins/package-managers/maven/src/test/kotlin/utils/MavenSupportTest.kt
@@ -200,14 +200,14 @@ class MavenSupportTest : WordSpec({
             MavenSupport.parseChecksum(
                 checksum = "868c0792233fc78d8c9bac29ac79ade988301318 7de43522ca1a2a65d7c3b9eacb802a51745b245c",
                 algorithm = "SHA1"
-            ) shouldBe Hash.create("868c0792233fc78d8c9bac29ac79ade988301318", "SHA1")
+            ) shouldBe Hash("868c0792233fc78d8c9bac29ac79ade988301318", "SHA1")
         }
 
         "ignore prefixes and suffixes" {
             MavenSupport.parseChecksum(
                 checksum = "prefix 868c0792233fc78d8c9bac29ac79ade988301318 suffix",
                 algorithm = "SHA1"
-            ) shouldBe Hash.create("868c0792233fc78d8c9bac29ac79ade988301318", "SHA1")
+            ) shouldBe Hash("868c0792233fc78d8c9bac29ac79ade988301318", "SHA1")
         }
     }
 })
diff --git a/plugins/package-managers/pub/src/main/kotlin/Pub.kt b/plugins/package-managers/pub/src/main/kotlin/Pub.kt
@@ -616,11 +616,11 @@ class Pub(
                     val hostUrl = pkgInfoFromLockfile["description"]["url"].textValueOrEmpty()
 
                     val sourceArtifact = if (source == "hosted" && hostUrl.isNotEmpty() && version.isNotEmpty()) {
-                        val sha256 = pkgInfoFromLockfile["description"]["sha256"].textValueOrEmpty()
+                        val sha256 = pkgInfoFromLockfile["description"]["sha256"].textValue()
 
                         RemoteArtifact(
                             url = "$hostUrl/packages/$rawName/versions/$version.tar.gz",
-                            hash = Hash.create(sha256, HashAlgorithm.SHA256.name)
+                            hash = Hash(sha256, HashAlgorithm.SHA256)
                         )
                     } else {
                         RemoteArtifact.EMPTY

diff --git a/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt b/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt
@@ -394,7 +394,7 @@ private fun SpdxExternalDocumentReference.resolveFromDownload(
  * checksum. If not, return an [Issue] based on the document [uri] and [managerName].
  */
 private fun SpdxExternalDocumentReference.verifyChecksum(file: File, uri: URI, managerName: String): Issue? {
-    val hash = Hash.create(checksum.checksumValue, checksum.algorithm.name)
+    val hash = Hash(checksum.checksumValue, checksum.algorithm.name)
     if (hash.verify(file)) return null
 
     return SpdxResolvedDocument.createAndLogIssue(