kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge pull request #10635 from vipulnsward/change_to_strict

Browse source 
Use `Base.strict_decode64` instead of `Base.decode64`
This commit is contained in:
Jeremy Kemper 2013-12-06 08:08:28 -08:00
commit 8ef1ef1b82
3 changed files with 20 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
activesupport/lib/active_support/message_encryptor.rb
View file

@ -76,12 +76,12 @@ module ActiveSupport
encrypted_data = cipher.update(@serializer.dump(value)) encrypted_data = cipher.update(@serializer.dump(value))
encrypted_data << cipher.final encrypted_data << cipher.final
[encrypted_data, iv].map {|v| ::Base64.strict_encode64(v)}.join("--") "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
end end
def _decrypt(encrypted_message) def _decrypt(encrypted_message)
cipher = new_cipher cipher = new_cipher
encrypted_data, iv = encrypted_message.split("--").map {|v| ::Base64.decode64(v)} encrypted_data, iv = encrypted_message.split("--").map {|v| ::Base64.strict_decode64(v)}
cipher.decrypt cipher.decrypt
cipher.key = @secret cipher.key = @secret
@ -91,7 +91,7 @@ module ActiveSupport
decrypted_data << cipher.final decrypted_data << cipher.final
@serializer.load(decrypted_data) @serializer.load(decrypted_data)
rescue OpenSSLCipherError, TypeError rescue OpenSSLCipherError, TypeError, ArgumentError
raise InvalidMessage raise InvalidMessage
end end

6
activesupport/lib/active_support/message_verifier.rb
View file

@ -37,7 +37,11 @@ module ActiveSupport
data, digest = signed_message.split("--") data, digest = signed_message.split("--")
if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
@serializer.load(::Base64.decode64(data)) begin
@serializer.load(::Base64.strict_decode64(data))
rescue ArgumentError
raise InvalidSignature
end
else else
raise InvalidSignature raise InvalidSignature
end end

13
activesupport/test/message_encryptor_test.rb
View file

@ -66,6 +66,17 @@ class MessageEncryptorTest < ActiveSupport::TestCase
ActiveSupport.use_standard_json_time_format = prev ActiveSupport.use_standard_json_time_format = prev
end end
def test_message_obeys_strict_encoding
bad_encoding_characters = "\n!@#"
message, iv = @encryptor.encrypt_and_sign("This is a very \n\nhumble string"+bad_encoding_characters)
assert_not_decrypted("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
assert_not_verified("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
assert_not_decrypted([iv, message] * bad_encoding_characters)
assert_not_verified([iv, message] * bad_encoding_characters)
end
private private
def assert_not_decrypted(value) def assert_not_decrypted(value)
@ -81,7 +92,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase
end end
def munge(base64_string) def munge(base64_string)
bits = ::Base64.decode64(base64_string) bits = ::Base64.strict_decode64(base64_string)
bits.reverse! bits.reverse!
::Base64.strict_encode64(bits) ::Base64.strict_encode64(bits)
end end