From ec3ec2a13669754fe5893707efd8cc7ed0795fba Mon Sep 17 00:00:00 2001
From: Nikolas De Giorgis <nikolas.degiorgis@gmail.com>
Date: Mon, 16 Jun 2025 12:41:22 +0100
Subject: [PATCH] tests: check for hash matching after downloading.

Previously, we were not verifying the file's hash after downloading
simulators.
This commit adds a post-download hash check to ensure the downloaded
file matches the expected SHA-256 hash before continuing.
---
 tests/util/mod.rs | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/tests/util/mod.rs b/tests/util/mod.rs
index d58c849..367fc10 100644
--- a/tests/util/mod.rs
+++ b/tests/util/mod.rs
@@ -76,16 +76,17 @@ impl Drop for Server {
     }
 }
 
-async fn file_not_exist_or_hash_mismatch(filename: &Path, expected_hash: &str) -> Result<bool, ()> {
-    match File::open(filename).await {
-        Ok(mut file) => {
-            let mut buffer = Vec::new();
-            file.read_to_end(&mut buffer).await.map_err(|_| ())?;
+async fn hashes_match(mut file: File, expected_hash: &str) -> Result<bool, ()> {
+    let mut buffer = Vec::new();
+    file.read_to_end(&mut buffer).await.map_err(|_| ())?;
 
-            let actual_hash = hex::encode(bitcoin::hashes::sha256::Hash::hash(&buffer));
+    let actual_hash = hex::encode(bitcoin::hashes::sha256::Hash::hash(&buffer));
+    Ok(actual_hash == expected_hash)
+}
 
-            Ok(actual_hash != expected_hash)
-        }
+async fn file_not_exist_or_hash_mismatch(filename: &Path, expected_hash: &str) -> Result<bool, ()> {
+    match File::open(filename).await {
+        Ok(file) => Ok(!hashes_match(file, expected_hash).await?),
         Err(ref e) if e.kind() == io::ErrorKind::NotFound => Ok(true),
         Err(_) => Err(()),
     }
@@ -133,6 +134,22 @@ async fn download_simulators() -> Result<Vec<String>, ()> {
             fs::set_permissions(&filename, std::fs::Permissions::from_mode(0o755))
                 .await
                 .map_err(|_| ())?;
+            match File::open(&filename).await {
+                Ok(file) => {
+                    if !hashes_match(file, &simulator.sha256)
+                        .await
+                        .map_err(|_| ())?
+                    {
+                        eprintln!(
+                            "Hash mismatch for simulator file '{}', expected {}",
+                            filename.display(),
+                            simulator.sha256
+                        );
+                        return Err(());
+                    }
+                }
+                Err(_) => return Err(()), // This should never happen as we just created it.
+            }
         }
         filenames.push(filename.to_str().unwrap().to_string());
     }