There is no source-of-truth for valid Vehicle VINs

[alextaujenis]

Bug Description

This library includes both;

1. the method to generate a valid Vehicle VIN number
2. the method to verify a valid Vehicle VIN number

BUT it doesn't include any tests verifying known good or bad VIN numbers.

An issue could occur where both the Vehicle VIN generator and validator are refactored in this library (for instance, changing the modulus operator from 11 to 10). This would change both the checksum generator and validator, allowing the test suite to pass, but fundamentally changing (and corrupting) the VIN checksum algorithm.

[alextaujenis]

I just pushed #2678 as a POC to show how and why this issue exists. I changed the vin generation code in a single place, which corrupted the algorithm so it no longer produces valid vin numbers, but all tests are green.

The PR #2640 adds the necessary tests to this library that catches this problem.

You can see proof here in #2679 that these tests actually catch the corrupted algorithm.

[alextaujenis]

@stefannibrasil #2640 is ready to merge.

[alextaujenis]

@stefannibrasil you mentioned we should move the conversation from #2640 back to here... Do you have any further questions or contributions on how this can be resolved?

[stefannibrasil]

hi @alextaujenis I was pairing with a colleague on this, and have some ideas. Haven't had the time to write up something, hoping to do it this Friday.