Skip to content

test: cover untested signature-verification branches in Utility#332

Open
eeshsaxena wants to merge 1 commit into
razorpay:masterfrom
eeshsaxena:test-utility-signature-branches
Open

test: cover untested signature-verification branches in Utility#332
eeshsaxena wants to merge 1 commit into
razorpay:masterfrom
eeshsaxena:test-utility-signature-branches

Conversation

@eeshsaxena

Copy link
Copy Markdown

Summary

The Utility signature helpers had a few untested branches, including some that are security-relevant. This adds coverage for them:

  • compare_string — the constant-time string comparison used as the pre-hmac.compare_digest fallback. Tests equal strings, equal-length-but-differing content, and differing lengths. It had no tests at all.
  • verify_payment_link_signature — the branch that returns False when payment_link_reference_id / payment_link_status are absent (the existing test only exercised the fully-populated happy path).
  • verify_subscription_payment_signature — its failure path, asserting SignatureVerificationError is raised on a bad signature (only the success case was covered before).

Tests only — no library code changed. tests/test_client_utility.py passes (11 passed).

Adds tests for the timing-safe compare_string helper (equal, differing
content, differing length), for verify_payment_link_signature returning
False when required keys are absent, and for the failure path of
verify_subscription_payment_signature.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant