]> source.dussan.org Git - nextcloud-server.git/commitdiff
Validate requested length is random string generator 32355/head
authorVincent Petry <vincent@nextcloud.com>
Thu, 12 May 2022 11:58:18 +0000 (13:58 +0200)
committerVincent Petry <vincent@nextcloud.com>
Thu, 12 May 2022 11:58:18 +0000 (13:58 +0200)
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
lib/private/Security/SecureRandom.php
tests/lib/Security/SecureRandomTest.php

index 4bf8995d737d3a2990394d4c3b94a9286ba24890..cbd1dc8db6dc93674b781f08287369ab6b3c7186 100644 (file)
@@ -40,14 +40,19 @@ use OCP\Security\ISecureRandom;
  */
 class SecureRandom implements ISecureRandom {
        /**
-        * Generate a random string of specified length.
+        * Generate a secure random string of specified length.
         * @param int $length The length of the generated string
         * @param string $characters An optional list of characters to use if no character list is
         *                                                      specified all valid base64 characters are used.
         * @return string
+        * @throws \LengthException if an invalid length is requested
         */
        public function generate(int $length,
                                                         string $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'): string {
+               if ($length <= 0) {
+                       throw new \LengthException('Invalid length specified: ' . $length . ' must be bigger than 0');
+               }
+
                $maxCharIndex = \strlen($characters) - 1;
                $randomString = '';
 
index 7257d52e8f5bf4acf9fb80daa6b800d1c3585306..c7ee76a96bb134f453d93e823c27f7037a8d64e0 100644 (file)
@@ -16,7 +16,6 @@ use OC\Security\SecureRandom;
 class SecureRandomTest extends \Test\TestCase {
        public function stringGenerationProvider() {
                return [
-                       [0, 0],
                        [1, 1],
                        [128, 128],
                        [256, 256],
@@ -77,4 +76,20 @@ class SecureRandomTest extends \Test\TestCase {
                $matchesRegex = preg_match('/^'.$chars.'+$/', $randomString);
                $this->assertSame(1, $matchesRegex);
        }
+
+       public static function invalidLengths() {
+               return [
+                       [0],
+                       [-1],
+               ];
+       }
+
+       /**
+        * @dataProvider invalidLengths
+        */
+       public function testInvalidLengths($length) {
+               $this->expectException(\LengthException::class);
+               $generator = $this->rng;
+               $generator->generate($length);
+       }
 }