Skip to content

test : add unit tests for safeCompare timing-safe comparison#850

Open
tmdeveloper007 wants to merge 2 commits into
Priyanshu-byte-coder:mainfrom
tmdeveloper007:#827
Open

test : add unit tests for safeCompare timing-safe comparison#850
tmdeveloper007 wants to merge 2 commits into
Priyanshu-byte-coder:mainfrom
tmdeveloper007:#827

Conversation

@tmdeveloper007
Copy link
Copy Markdown
Contributor

@tmdeveloper007 tmdeveloper007 commented May 23, 2026

Closes #827.

Summary of What Has Been Done:
Created test/github-webhook.test.ts with tests for safeCompare timing-safe comparison behavior.

Changes Made:
New file: test/github-webhook.test.ts

Test coverage:

  • Returns false immediately when buffer lengths differ (before timingSafeEqual)
  • Returns true when buffers are identical
  • Handles empty strings correctly
  • verifyGitHubSignature returns false for invalid/missing/empty signatures

Impact it Made:
Validates timing-safe comparison. Ensures the early return optimization doesn't reveal length information.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 23, 2026

@TESTPERSONAL is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added gssoc26 GSSoC 2026 contribution type:feature GSSoC type bonus: new feature type:testing GSSoC type bonus: tests (+10 pts) labels May 23, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

  • level:beginner — 20 pts
  • level:intermediate — 35 pts
  • level:advanced — 55 pts
  • level:critical — 80 pts

Quality (optional):

  • quality:clean — ×1.2 multiplier
  • quality:exceptional — ×1.5 multiplier

Validation (required to score):

  • gssoc:approved — counts for points
  • gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

Priyanshu-byte-coder
Priyanshu-byte-coder requested changes May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@Priyanshu-byte-coder Priyanshu-byte-coder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests must import from source — not reimplement the function locally.

The test file re-implements the function being tested inside the test itself. This defeats the purpose of testing — changes to the real implementation won't fail these tests.

Fix: import the actual function from its source file and test that import. Example:

import { safeCompare } from '../src/lib/crypto'
// then test safeCompare directly

Also fix:

  • Add "test": "vitest run" to scripts in package.json
  • Add vitest.config.ts with resolve.alias: { '@': path.resolve(__dirname, 'src') }
  • Add EOF newline to test file

@Priyanshu-byte-coder Priyanshu-byte-coder added gssoc:approved GSSoC: PR approved for scoring level:beginner GSSoC: Beginner difficulty (20 pts) labels May 23, 2026
@tmdeveloper007 tmdeveloper007 force-pushed the #827 branch 2 times, most recently from 165b3f8 to 43855e4 Compare May 23, 2026 14:50
@tmdeveloper007
Copy link
Copy Markdown
Contributor Author

tmdeveloper007 commented May 23, 2026

This pull request is fully up-to-date with the latest upstream merges, all review items are addressed, local tests are passing cleanly, and it is fully ready to be merged! 🚀

@Priyanshu-byte-coder
Copy link
Copy Markdown
Owner

Priyanshu-byte-coder commented May 24, 2026

Merge conflict: vitest.config.ts already exists in main (created by PR #801). Please rebase against main before this can be merged.

@Priyanshu-byte-coder
Copy link
Copy Markdown
Owner

Priyanshu-byte-coder commented May 24, 2026

This PR has merge conflicts with main. Please rebase on current main to resolve and re-request review. All changes look good otherwise.

@tmdeveloper007
Copy link
Copy Markdown
Contributor Author

tmdeveloper007 commented May 25, 2026
edited
Loading

Hi! This branch has been rebased and is ready to merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Priyanshu-byte-coder Priyanshu-byte-coder Priyanshu-byte-coder requested changes

Assignees

@tmdeveloper007 tmdeveloper007

Labels

gssoc:approved GSSoC: PR approved for scoring gssoc26 GSSoC 2026 contribution level:beginner GSSoC: Beginner difficulty (20 pts) type:feature GSSoC type bonus: new feature type:testing GSSoC type bonus: tests (+10 pts)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

test : add unit tests for safeCompare timing-safe comparison

2 participants

@tmdeveloper007 @Priyanshu-byte-coder