Pierre-Olivier Mercier
54b74fb233
All checks were successful
continuous-integration/drone/push Build is passing
SHA-512 crypt has no 72-char truncation like bcrypt, but an unbounded password length allows DoS via CPU exhaustion. Caps input at 128 chars and adds unit tests for boundary conditions in checkPasswdConstraint. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
33 lines
866 B
Go
33 lines
866 B
Go
package main
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestCheckPasswdConstraint(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
pass string
|
|
wantErr bool
|
|
}{
|
|
{"valid password", "Correct1Horse", false},
|
|
{"too short", "Short1A", true},
|
|
{"exactly 12 chars", "Abcdefgh1234", false},
|
|
{"no uppercase", "correct1horse", true},
|
|
{"no lowercase", "CORRECT1HORSE", true},
|
|
{"no digit", "CorrectHorse!", true},
|
|
{"exactly 128 chars", strings.Repeat("a", 126) + "A1", false},
|
|
{"129 chars is too long", strings.Repeat("a", 127) + "A1", true},
|
|
{"very long password", strings.Repeat("Aa1", 100), true},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := checkPasswdConstraint(tt.pass)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("checkPasswdConstraint(%q) error = %v, wantErr %v", tt.pass, err, tt.wantErr)
|
|
}
|
|
})
|
|
}
|
|
}
|