Add tests for passwdqc pwqcheck

[Zaiba-S]

Currently, there are no tests implemented for the package, so this serves as an initial attempt to implement basic testing coverage.
This PR introduces an initial set of tests for the pwqcheck binary of the passwdqc package.

Any feedback or suggestions would be appreciated.

[solardiz]

Thank you for the contribution. Yes, we need tests.

[solardiz]

I think we want this target called check, and it should exit non-zero on any test failures.

And we should run it from GitHub Actions, but that may be a separate PR or at least separate commit.

[solardiz]

I think this is excessive. For my manual testing, I simply set LD_LIBRARY_PATH=. and it just works.

The change of LDFLAGS wouldn't take effect at this point anyway, because the test scripts being invoked from here assume the tool has already been built.

[solardiz]

My thinking was to start with what I've been doing in manual testing - running pwqcheck on a large file and confirming the hash of its output isn't unexpectedly changed. This wouldn't directly test the individual checks, but it would ensure stable behavior. So if we ever make code changes that change the behavior on such large test input, we'll need to explicitly acknowledge this and update the hash. A drawback is the large input file would need to be stored somewhere in here or download from somewhere external (e.g., the run/password.lst file we have in the john repo) or reproducibly generated.

$ LD_LIBRARY_PATH=. ./pwqcheck -1 --multi < ~/john/run/password.lst | grep -c ^OK:
1733
$ LD_LIBRARY_PATH=. ./pwqcheck -1 --multi < ~/john/run/password.lst | grep -c ^Bad
1793975
$ LD_LIBRARY_PATH=. ./pwqcheck -1 --multi < ~/john/run/password.lst | md5sum 
3eccb6ef49eb84b494c61954c240e76c  -

I see that you also test a few features that the above would not.

[solardiz]

Typo: lenght.

Also, if we do these tests, there should probably be one for a password that's just above max length, with expected fail.

Also, shouldn't we expect specific fail reasons?

[Zaiba-S]

Thanks for the review !

• I will correct the typo and add test case for a password just above the max length and ensure it fails as expected.

• Reagarding the fail reason,Could you please clarify if you are expecting specific fail reasons for each test case?

[solardiz]

• Reagarding the fail reason,Could you please clarify if you are expecting specific fail reasons for each test case?

Yes, like you already have in another script where you check against expected output. Instead of the word fail, you could include those reason strings.

[Zaiba-S]

My thinking was to start with what I've been doing in manual testing - running pwqcheck on a large file and confirming the hash of its output isn't unexpectedly changed. This wouldn't directly test the individual checks, but it would ensure stable behavior. So if we ever make code changes that change the behavior on such large test input, we'll need to explicitly acknowledge this and update the hash. A drawback is the large input file would need to be stored somewhere in here or download from somewhere external (e.g., the run/password.lst file we have in the john repo) or reproducibly generated.

$ LD_LIBRARY_PATH=. ./pwqcheck -1 --multi < ~/john/run/password.lst | grep -c ^OK:
1733
$ LD_LIBRARY_PATH=. ./pwqcheck -1 --multi < ~/john/run/password.lst | grep -c ^Bad
1793975
$ LD_LIBRARY_PATH=. ./pwqcheck -1 --multi < ~/john/run/password.lst | md5sum 
3eccb6ef49eb84b494c61954c240e76c  -

I see that you also test a few features that the above would not.

Thanks for sharing your approach
Your method of hashing the output of pwqcheck on a large input file sounds like a great way to ensure stability across changes.
Are you suggesting that we implement this approach in addition to the individual tests I proposed?
If so, For storing the large input file and expected output hash for comparison, do you have a preference on where it should be stored ?

[solardiz]

This PR currently fails our whitespace-errors test:

Run git diff-index --check --cached 4b825dc642cb6eb9a060e54bf8d69288fbee4904
tests/test-pwqcheck-length.sh:14: trailing whitespace.
+    
tests/test-pwqcheck-length.sh:18: trailing whitespace.
+    
tests/test-pwqcheck-length.sh:22: trailing whitespace.
+    
tests/test-pwqcheck-multi.sh:13: trailing whitespace.
+    
tests/test-pwqcheck-multi.sh:16: trailing whitespace.
+    
tests/test-pwqcheck-multi.sh:25: trailing whitespace.
+    
tests/test-pwqcheck-multi.sh:39: trailing whitespace.
+    
tests/test-pwqcheck-multi.sh:85: trailing whitespace.
+  
tests/test-pwqcheck-multi.sh:109: trailing whitespace.
+            echo "StrongP@ss${i}!" 
tests/test-pwqcheck-multi.sh:111: trailing whitespace.
+            echo "weak${i}" 
tests/test-pwqcheck-similarity.sh:94: new blank line at EOF.

[solardiz]

Are you suggesting that we implement this approach in addition to the individual tests I proposed?

In general, yes. In this same PR, no.

If so, For storing the large input file and expected output hash for comparison, do you have a preference on where it should be stored ?

Currently no. I'd like to hear from @ldv-alt on this. Off the top of my head, the options are:

1. In this repo and included in release archive (so that make check can use it from there as well).
2. In this repo, but excluded from release archive (available for use in GitHub Actions).
3. External reference (what kind?) to john/run/password.lst.
4. Generate a large list into a pipe programmatically (the lines wouldn't look so much like real passwords, but that's OK if we're only testing stability).

[solardiz]

The color output could be undesired when redirected to a build log file. I suggest to use color only when outputting to a tty, which I think you can test with test -t 1, e.g. if [ -t 1 ]; then.

We use 8-wide tabs for indentation in this source tree, and I think it makes sense to continue with this style for the shell scripts in here as well (not switch to 4 spaces).

[solardiz]

This could be more portable (to other shells) if written as a test expression (so in single brackets and using -a and -o for AND and OR) rather than as two bash conditional expressions.

[Zaiba-S]

should we set the default shell to sh instead of bash?

[solardiz]

We could, if we actually test these scripts with non-bash as well.

[solardiz]

Please also add your copyright statements and references to LICENSE as source code comments near the start of your scripts, similarly to how we have this in existing source files.

[solardiz]

This PR currently fails our whitespace-errors test:

Run git diff-index --check --cached 4b825dc642cb6eb9a060e54bf8d69288fbee4904

This is still failing. You can run the above git command on your computer to see (and then fix) these errors before you push.