Skip to content

Commit

Permalink
fix: throw error if hexToBytes or hexToString is provided a strin…
Browse files Browse the repository at this point in the history
…g that is not in hex (XRPLF#2657)

* better error handling

* fix browser tests

* add shared variable

* re-add test case
  • Loading branch information
mvadari authored and ckeshava committed Jun 6, 2024
1 parent f29a948 commit 21c683e
Show file tree
Hide file tree
Showing 9 changed files with 31 additions and 98 deletions.
24 changes: 6 additions & 18 deletions packages/isomorphic/HISTORY.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# @xrplf/isomorphic Release History

## Unreleased

### Fixed

* Throw error if `hexToBytes` or `hexToString` is provided a string that is not in hex

## 1.0.0 (2024-02-01)

Initial release providing isomorphic and tree-shakable implementations of:
Expand All @@ -14,21 +20,3 @@ Initial release providing isomorphic and tree-shakable implementations of:
* randomBytes
* stringToHex
* ws

## 1.0.0 Beta 1 (2023-11-30)

## Added
* hexToString
* stringToHex

## 1.0.0 Beta 0 (2023-10-19)

Initial release providing isomorphic and tree-shakable implementations of:

* ripemd160
* sha256
* sha512
* bytesToHash
* hashToBytes
* randomBytes
* ws_
4 changes: 4 additions & 0 deletions packages/isomorphic/src/utils/browser.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import type {
RandomBytesFn,
StringToHexFn,
} from './types'
import { HEX_REGEX } from './shared'

/* eslint-disable func-style -- Typed to ensure uniformity between node and browser implementations and docs */
export const bytesToHex: typeof BytesToHexFn = (bytes) => {
Expand All @@ -22,6 +23,9 @@ export const bytesToHex: typeof BytesToHexFn = (bytes) => {
export const hexToBytes: typeof HexToBytesFn = (hex): Uint8Array => {
const len = hex.length
const array = new Uint8Array(len / 2)
if (!HEX_REGEX.test(hex)) {
throw new Error('Invalid hex string')
}
for (let i = 0; i < array.length; i++) {
const j = i * 2
const hexByte = hex.slice(j, j + 2)
Expand Down
7 changes: 7 additions & 0 deletions packages/isomorphic/src/utils/index.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { randomBytes as cryptoRandomBytes } from 'crypto'
import type { BytesToHexFn, HexToBytesFn, RandomBytesFn } from './types'
import { HexToStringFn, StringToHexFn } from './types'
import { HEX_REGEX } from './shared'

const OriginalBuffer = Symbol('OriginalBuffer')

Expand Down Expand Up @@ -64,6 +65,9 @@ export const bytesToHex: typeof BytesToHexFn = (bytes) => {
}

export const hexToBytes: typeof HexToBytesFn = (hex) => {
if (!HEX_REGEX.test(hex)) {
throw new Error('Invalid hex string')
}
return toUint8Array(Buffer.from(hex, 'hex'))
}

Expand All @@ -75,6 +79,9 @@ export const hexToString: typeof HexToStringFn = (
hex: string,
encoding = 'utf8',
): string => {
if (!HEX_REGEX.test(hex)) {
throw new Error('Invalid hex string')
}
return new TextDecoder(encoding).decode(hexToBytes(hex))
}

Expand Down
2 changes: 2 additions & 0 deletions packages/isomorphic/src/utils/shared.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import { concatBytes } from '@noble/hashes/utils'

export const HEX_REGEX = /^[A-F0-9]*$/iu

export function concat(views: Uint8Array[]): Uint8Array {
return concatBytes(...views)
}
Expand Down
12 changes: 12 additions & 0 deletions packages/isomorphic/test/utils.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,18 @@ describe('utils', function () {
expect(hexToBytes('DEADBEEF')).toEqual(new Uint8Array([222, 173, 190, 239]))
})

it('hexToBytes - DEADBEEF', () => {
expect(hexToBytes('DEADBEEF')).toEqual(new Uint8Array([222, 173, 190, 239]))
})

it('bytesToHex - DEADBEEF', () => {
expect(bytesToHex([222, 173, 190, 239])).toEqual('DEADBEEF')
})

it('bytesToHex - bad hex', () => {
expect(() => hexToBytes('hello')).toThrow(new Error('Invalid hex string'))
})

it('bytesToHex - 010203', () => {
expect(bytesToHex([1, 2, 3])).toEqual('010203')
})
Expand All @@ -43,6 +51,10 @@ describe('utils', function () {
expect(hexToString('6465616462656566D68D')).toEqual('deadbeef֍')
})

it('hexToString - bad hex', () => {
expect(() => hexToString('hello')).toThrow(new Error('Invalid hex string'))
})

it('stringToHex - deadbeef+infinity symbol (utf8)', () => {
expect(stringToHex('deadbeef֍')).toEqual('6465616462656566D68D')
})
Expand Down
19 changes: 0 additions & 19 deletions packages/ripple-address-codec/HISTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,25 +15,6 @@
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
* Execute test in a browser in addition to node

## 5.0.0 Beta 1 (2023-11-30)

### Breaking Changes
* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.

### Changes
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.

## 5.0.0 Beta 0 (2023-10-19)

### Breaking Changes
* Bump typescript to 5.x
* Remove Node 14 support
* Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`.
* Remove `create-hash` in favor of `@noble/hashes`

### Changes
* Execute test in a browser in addition to node

## 4.3.1 (2023-09-27)
### Fixed
* Fix source-maps not finding their designated source
Expand Down
17 changes: 0 additions & 17 deletions packages/ripple-binary-codec/HISTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,23 +22,6 @@
* `Comparable` is now a generic type so that it allows `compareTo` methods to take more that the type itself.
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.

## 2.0.0 Beta 1 (2023-11-30)

### Breaking Changes
* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.

### Changes
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.

## 2.0.0 Beta 0 (2023-10-19)

### Breaking Changes
* Bump typescript to 5.x
* Remove Node 14 support
* Remove decimal.js and big-integer. Use `BigNumber` from `bignumber.js` instead of `Decimal` and the native `BigInt` instead of `bigInt`.
* Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`.
* Remove `create-hash` in favor of `@noble/hashes`

### Changes
* Update type definitions which causing errors in tests that the code already supported
* `makeParser` to accept a `Buffer` in addition to `string`
Expand Down
23 changes: 0 additions & 23 deletions packages/ripple-keypairs/HISTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,29 +19,6 @@
* Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.

## 2.0.0 Beta 1 (2023-11-30)

### Breaking Changes
* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.

### Changes
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.

## 2.0.0 Beta 0 (2023-10-19)

### Breaking Changes
* Bump typescript to 5.x
* Remove Node 14 support
* Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`.
* Fix `deriveKeypair` ignoring manual decoding algorithm. (Specifying algorithm=`ed25519` in `opts` now works on secrets like `sNa1...`)
* Remove `crypto` polyfills, `create-hash`, `elliptic`, `hash.js`, and their many dependencies in favor of `@noble/hashes` and `@nobel/curves`
* Remove `bytesToHex` and `hexToBytes`. They can now be found in `@xrplf/isomorphic/utils`
* `verifyTransaction` will throw an error if there is no signature
* Improved key algorithm detection. It will now throw Errors with helpful messages

### Changes
* Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.

## 1.3.1 (2023-09-27)
### Fixed
* Fix source-maps not finding their designated source
Expand Down
21 changes: 0 additions & 21 deletions packages/secret-numbers/HISTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,3 @@ Subscribe to [the **xrpl-announce** mailing list](https://groups.google.com/g/xr
* Unit tests run in a browser and node.
* Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.

## 1.0.0 Beta 1 (2023-11-30)

### BREAKING CHANGES:
* Moved all methods that were on `Utils` are now individually exported.
* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.

### Changes
* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.

## 1.0.0 Beta 0 (2023-10-19)

* Add `xrpl-secret-numbers` by @WietseWind to the mono repo.
* `unpkg` and `jsdelivr` support was simplified.
* Unit tests run in a browser and node.
* Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.

### BREAKING CHANGES:
* `xrpl-secret-numbers` is now `@xrplf/secret-numbers`.
* The bundled file produced changed from `dist/browerified.js` to `build/xrplf-secret-numbers-latest.js`.
* Bundle variable is `xrplf_secret_numbers` instead of using browserify's loader.

0 comments on commit 21c683e

Please sign in to comment.