From 960b797445ec2cec56bb9d82a4d3f9e5c5f7bc75 Mon Sep 17 00:00:00 2001 From: Caleb Xu Date: Mon, 11 May 2026 13:59:51 -0400 Subject: [PATCH] refactor(chartverifier): simplify GetPackageDigest and document helpers Extract openChartPackageReader for clearer scheme handling and a single defer rc.Close() on success. Propagate os.Open errors instead of ignoring them. Add godoc for GetPackageDigest and openChartPackageReader. Co-authored-by: Cursor --- internal/chartverifier/reportBuilder.go | 47 ++++++++++++++++--------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/internal/chartverifier/reportBuilder.go b/internal/chartverifier/reportBuilder.go index 97f825f6..75d6d27b 100644 --- a/internal/chartverifier/reportBuilder.go +++ b/internal/chartverifier/reportBuilder.go @@ -223,30 +223,45 @@ func GenerateSha(rawFiles []*helmchart.File) string { return fmt.Sprintf("sha256:%x", chartSha.Sum(nil)) } -func GetPackageDigest(uri string) string { - url, err := url.Parse(uri) - if err != nil { - return "" - } - var chartReader io.Reader - switch url.Scheme { +// openChartPackageReader opens the chart package byte stream at u for digesting. +// On success, it returns an [io.ReadCloser]: for http or https, the response body from [http.Get]; +// for file or an empty scheme, the file from [os.Open] when the URL path ends with ".tgz". +// It returns (nil, nil) for file or an empty scheme when the path does not end with ".tgz". +// It returns (nil, err) if the scheme is unsupported, or if [http.Get] or [os.Open] fails. +func openChartPackageReader(u *url.URL) (io.ReadCloser, error) { + switch u.Scheme { case "http", "https": - var chartGetResponse *http.Response - chartGetResponse, err = http.Get(url.String()) - if err == nil { - chartReader = chartGetResponse.Body + resp, err := http.Get(u.String()) + if err != nil { + return nil, err } + return resp.Body, nil case "file", "": - if strings.HasSuffix(url.Path, ".tgz") { - chartReader, _ = os.Open(url.Path) + if !strings.HasSuffix(u.Path, ".tgz") { + return nil, nil } + return os.Open(u.Path) default: - err = fmt.Errorf("scheme %q not supported", url.Scheme) + return nil, fmt.Errorf("scheme %q not supported", u.Scheme) + } +} + +// GetPackageDigest returns a hex-encoded SHA256 hash of the chart package bytes at uri. +// Supported schemes are http, https, file, and the empty scheme (local path). Only paths +// ending in ".tgz" are read for file and empty-scheme URIs. It returns an empty string if +// uri cannot be parsed, the scheme is unsupported, the resource cannot be opened or read, +// or the URI does not denote a .tgz chart package for file and path-only forms. +func GetPackageDigest(uri string) string { + u, err := url.Parse(uri) + if err != nil { + return "" } - if err != nil || chartReader == nil { + rc, err := openChartPackageReader(u) + if err != nil || rc == nil { return "" } - return getDigest(chartReader) + defer rc.Close() + return getDigest(rc) } // Digest hashes a reader and returns a SHA256 digest.