jedarden/ai-code-battle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(test): use deterministic garbage signature in TestVerifyRequest

Browse source 
The old test used "0"+sig[1:] to corrupt the signature. If the real HMAC
starts with "0", the corruption is a no-op and the test fails non-deterministically.
Replace with a fixed 64-char hex constant that is never a valid HMAC output.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
jedarden 2026-04-30 21:53:15 -04:00
parent e64230b122
commit 3a2d48b3b5
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
engine/auth_test.go
View file

@ -87,9 +87,9 @@ func TestVerifyRequest(t *testing.T) {
t.Error("wrong secret should fail verification")
}
// Wrong signature should fail
// Wrong signature should fail — use a fixed garbage value that is never a valid HMAC
auth2 := auth
auth2.Signature = "0" + auth.Signature[1:]
auth2.Signature = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
if err := VerifyRequest(secret, auth2, body); err == nil {
t.Error("wrong signature should fail verification")
}