Add Get-StringHash and Get-FileHash cmdlets#3024
Conversation
lzybkr
left a comment
lzybkr
left a comment
There was a problem hiding this comment.
@PowerShell/powershell-committee - needs to review the new cmdlet - parameters, output type, allowing null.
| $hashSHA256forEmptyString = "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855" | ||
|
|
||
| # Keep "sHA1" below! It is for testing that the cmdlet accept a hash algorithm name in any case! | ||
| $testcases = |
There was a problem hiding this comment.
With the use of a common variable name, this should be moved closer to the use to limit the scope.
|
|
||
| Context "Default result tests" { | ||
| It "Should default to correct hash (SHA256)" { | ||
|
|
There was a problem hiding this comment.
Consider removing some of the blank lines just after or just before opening/closing braces.
| $result[1] | Should Be $hashSHA256forEmptyString | ||
| } | ||
|
|
||
| It "Should be able to set the default hash algorithm" { |
There was a problem hiding this comment.
This test is unnecessary - there is no reason to test PSDefaultParameterValues on specific cmdlets, the generic tests for PSDefaultParameterValues are sufficient.
There was a problem hiding this comment.
It is from original tests.
Removed.
|
|
||
| It "Should not throw for empty or null input string" { | ||
| Get-StringHash -InputString "" | Should Be $hashSHA256forEmptyString | ||
| Get-StringHash -InputString $null | Should Be $null |
There was a problem hiding this comment.
Is this really desirable? Allowing $null?
There was a problem hiding this comment.
I thought about this example:
$stringarray | Get-StringHash If the string array contains a null string member then we throw - is this the desired behavior?
The following example does not cause a exception:
"a",$null | Select-String -Pattern ".*"There was a problem hiding this comment.
$null is not passed through the pipeline and Select-String allows $null anyway, so that's not a good example.
There was a problem hiding this comment.
Yes, but key is that null string don't throw an exception here.
| @@ -0,0 +1,62 @@ | |||
| Describe "Get-StringHash" -Tags "CI" { | |||
There was a problem hiding this comment.
I would expect very few changes to this feature once merged, so maybe we don't need the tests in CI.
There was a problem hiding this comment.
We can change it after the merger. (Or just before.)
| /// <summary> | ||
| /// Create FileHashInfo object and output it | ||
| /// </summary> | ||
| private void WriteHashResult(String Algorithm, String hash, String path) |
| /// </summary> | ||
| /// <value></value> | ||
| [Parameter(Position = 1)] | ||
| [ValidateSet(HashAlgorithmNames.SHA1, |
There was a problem hiding this comment.
The PowerShell version supports additional algorithms - why are they not included here?
There was a problem hiding this comment.
It is from original cmdlet and HashAlgorithmNames class.
If there are other useful algorithms, please give a link.
And whether we should do something specifically for Mac?
There was a problem hiding this comment.
According to the ValidateSet use here, the original function has:
- MACTripleDES
- MD5
- RIPEMD160
- SHA1
- SHA256
- SHA384
- SHA512
I suppose it's not surprising that a couple of these are missing for .Net Core.
We should probably add the missing algorithms for Windows PowerShell or explore alternative implementations to that we can have completely portable scripts.
/cc @SteveL-MSFT
There was a problem hiding this comment.
@lzybkr if .Net Core doesn't support those, we should treat it as a separate issue (not block this PR). however, we should see if .Net Core will implement them or why they no longer support it (patents? no longer secure?)
There was a problem hiding this comment.
I believe these are hashing algorithms, so security isn't the issue. My guess is less demand.
But the real question here - are we OK with a PR that would be a breaking change to Windows PowerShell if we took this code back to Windows as is?
There was a problem hiding this comment.
The security concern is that hashes are used to determine if something (like a file/package) has been modified. However, SHA1, for example, has been proven that you can generate collisions meaning that it is feasible someone could modify a file and produce the same resulting SHA1 hash so it appears to be legit.
We can discuss this at the Committee meeting.
| It "Should default to correct hash algorithm" { | ||
| $result = Get-FileHash $testDocument | ||
| BeforeAll { | ||
| New-Variable testDocument -Value (Join-Path -Path (Join-Path -Path $PSScriptRoot -ChildPath assets) -ChildPath testablescript.ps1) -Scope Global -Force |
There was a problem hiding this comment.
A test shouldn't normally create a variable in global scope.
| } | ||
|
|
||
| $result.Algorithm | Should Be "MD5" | ||
| It "Should be able to set the default hash algorithm" { |
There was a problem hiding this comment.
This test should not be necessary, PSDefaultParameterValues is already well tested.
| $result.Algorithm | Should Be "SHA256" | ||
| } | ||
| # Keep "sHA1" below! It is for testing that the cmdlet accept a hash algorithm name in any case! | ||
| $testcases = |
There was a problem hiding this comment.
Should be moved closer to the use to limit the scope of the variable.
lzybkr
added
the
Review - Committee
| @{ algorithm = "SHA384"; hash = "656215B6A07011E625206F43E57873F49AD7B36DFCABB70F6CDCE2303D7A603E55D052774D26F339A6D80A264340CB8C" }, | ||
| @{ algorithm = "SHA512"; hash = "C688C33027D89ACAC920545471C8053D8F64A54E21D0415F1E03766DDCDA215420E74FAFD1DC399864C6B6B5723A3358BD337339906797A39090B02229BF31FE" }, | ||
| @{ algorithm = "MD5"; hash = "7B09811D1631C9FD46B39D1D35522F0A" } | ||
| New-Variable testDocument -Value (Join-Path -Path (Join-Path -Path $PSScriptRoot -ChildPath assets) -ChildPath testablescript.ps1) -Force |
There was a problem hiding this comment.
Can't this just use $testDocument = Join-Path ...?
|
@PowerShell/powershell-committeeTeam |
+ $testDocument' in test
|
@PowerShell/powershell-committee has decided we need an RFC for the The biggest concern was how PowerShell will convert anything to The output type was also of some concern when combined with allowing |
lzybkr
added
Committee-Reviewed
|
The committee also agreed that we do not need any updates with regards to the algorithms supported - we've marked the PR wit |
|
What will be the road map for the PR? I do not have the forces for the RFC to write the big text correctly in English. |
|
By all means - remove Your English seems more than sufficient to write a RFC, but if @rkeithhill is up for it, I assume he'll jump in. |
Removed for future RFC.
|
@lzybkr I create new PR with RFC PowerShell/PowerShell-RFC#63 Now |
|
@lzybkr Should I do something else in the PR? |
|
@lzybkr Thanks! |
5 participants
Close #2731
Rewrite Get-FileHash on C# and refactoring tests
The original Get-FileHash output type is
Microsoft.Powershell.Utility.FileHash. The type was defined by ExtendedTypeDefinition. It is not C# type and reported asPSCustomObject.Therefore, the output type was changed and now it is native C# type
Microsoft.PowerShell.Commands.FileHashInfo.Add new cmdlet Get-StringHash and add tests
The original idea was to add a InputString parameter to the common cmdlet but due to a conflict with the Path parameter (paths is strings too!) I had to make a new cmdlet to provide a pipeline support for the InputString parameter.