Skip to content

test : add unit tests for safeCompare timing-safe comparison#850

Closed
tmdeveloper007 wants to merge 0 commit into
Priyanshu-byte-coder:mainfrom
tmdeveloper007:#827
Closed

test : add unit tests for safeCompare timing-safe comparison#850
tmdeveloper007 wants to merge 0 commit into
Priyanshu-byte-coder:mainfrom
tmdeveloper007:#827

Conversation

@tmdeveloper007
Copy link
Copy Markdown
Contributor

@tmdeveloper007 tmdeveloper007 commented May 23, 2026

Closes #827.

Summary of What Has Been Done:
Created test/github-webhook.test.ts with tests for safeCompare timing-safe comparison behavior.

Changes Made:
New file: test/github-webhook.test.ts

Test coverage:

  • Returns false immediately when buffer lengths differ (before timingSafeEqual)
  • Returns true when buffers are identical
  • Handles empty strings correctly
  • verifyGitHubSignature returns false for invalid/missing/empty signatures

Impact it Made:
Validates timing-safe comparison. Ensures the early return optimization doesn't reveal length information.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 23, 2026

@TESTPERSONAL is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added gssoc26 GSSoC 2026 contribution type:feature GSSoC type bonus: new feature type:testing GSSoC type bonus: tests (+10 pts) labels May 23, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

  • level:beginner — 20 pts
  • level:intermediate — 35 pts
  • level:advanced — 55 pts
  • level:critical — 80 pts

Quality (optional):

  • quality:clean — ×1.2 multiplier
  • quality:exceptional — ×1.5 multiplier

Validation (required to score):

  • gssoc:approved — counts for points
  • gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

Priyanshu-byte-coder
Priyanshu-byte-coder requested changes May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@Priyanshu-byte-coder Priyanshu-byte-coder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests must import from source — not reimplement the function locally.

The test file re-implements the function being tested inside the test itself. This defeats the purpose of testing — changes to the real implementation won't fail these tests.

Fix: import the actual function from its source file and test that import. Example:

import { safeCompare } from '../src/lib/crypto'
// then test safeCompare directly

Also fix:

  • Add "test": "vitest run" to scripts in package.json
  • Add vitest.config.ts with resolve.alias: { '@': path.resolve(__dirname, 'src') }
  • Add EOF newline to test file

@Priyanshu-byte-coder Priyanshu-byte-coder added gssoc:approved GSSoC: PR approved for scoring level:beginner GSSoC: Beginner difficulty (20 pts) labels May 23, 2026
@tmdeveloper007 tmdeveloper007 force-pushed the #827 branch 2 times, most recently from 165b3f8 to 43855e4 Compare May 23, 2026 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Priyanshu-byte-coder Priyanshu-byte-coder Priyanshu-byte-coder requested changes

Assignees

@tmdeveloper007 tmdeveloper007

Labels

gssoc:approved GSSoC: PR approved for scoring gssoc26 GSSoC 2026 contribution level:beginner GSSoC: Beginner difficulty (20 pts) type:feature GSSoC type bonus: new feature type:testing GSSoC type bonus: tests (+10 pts)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

test : add unit tests for safeCompare timing-safe comparison

2 participants

@tmdeveloper007 @Priyanshu-byte-coder