Skip to content

Commit 5572aac

Browse files
committed
Add more checks to decodeCheck function
1 parent 4d382b1 commit 5572aac

File tree

3 files changed

+31
-8
lines changed

3 files changed

+31
-8
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,13 +62,13 @@
6262
},
6363
"dependencies": {
6464
"babel-runtime": "^4.7.16",
65+
"base32.js": "~0.1.0",
6566
"crc": "^3.3.0",
6667
"ed25519": "0.0.3",
6768
"js-xdr": "0.0.10",
6869
"karma": "^0.13.9",
6970
"lodash": "^3.6.0",
7071
"sha.js": "^2.3.6",
71-
"thirty-two": "^0.0.2",
7272
"tweetnacl": "^0.13.0"
7373
}
7474
}

src/strkey.js

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,27 @@
1-
import base32 from "thirty-two";
1+
import base32 from "base32.js";
22
import crc from "crc";
3-
import {isUndefined, isNull} from "lodash";
3+
import {contains, isUndefined, isNull, isString} from "lodash";
44

55
const versionBytes = {
66
accountId: 0x30,
77
seed: 0x90
88
};
99

1010
export function decodeCheck(versionByteName, encoded) {
11+
if (!isString(encoded)) {
12+
throw new TypeError('encoded argument must be of type String');
13+
}
14+
1115
let decoded = base32.decode(encoded);
1216
let versionByte = decoded[0];
1317
let payload = decoded.slice(0, -2);
1418
let data = payload.slice(1);
1519
let checksum = decoded.slice(-2);
1620

21+
if (encoded != base32.encode(decoded)) {
22+
throw new Error('invalid encoded string');
23+
}
24+
1725
let expectedVersion = versionBytes[versionByteName];
1826

1927
if (isUndefined(expectedVersion)) {
@@ -24,16 +32,16 @@ export function decodeCheck(versionByteName, encoded) {
2432
throw new Error(`invalid version byte. expected ${expectedVersion}, got ${versionByte}`);
2533
}
2634

35+
if (decoded.length !== 35) {
36+
throw new Error(`Decoded length is invalid. Expected 35, got ${decoded.length}`);
37+
}
38+
2739
let expectedChecksum = calculateChecksum(payload);
2840

2941
if (!verifyChecksum(expectedChecksum, checksum)) {
3042
throw new Error(`invalid checksum`);
3143
}
3244

33-
if (versionByteName === 'accountId' && decoded.length !== 35) {
34-
throw new Error(`Decoded address length is invalid. Expected 35, got ${decoded.length}`);
35-
}
36-
3745
return new Buffer(data);
3846
}
3947

@@ -54,7 +62,7 @@ export function encodeCheck(versionByteName, data) {
5462
let checksum = calculateChecksum(payload);
5563
let unencoded = Buffer.concat([payload, checksum]);
5664

57-
return base32.encode(unencoded).toString();
65+
return base32.encode(unencoded);
5866
}
5967

6068
function calculateChecksum(payload) {

test/unit/strkey_test.js

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,21 @@ describe('StellarBase#decodeCheck', function() {
2121
expect(() => StellarBase.decodeCheck("accountId", "SBGWKM3CD4IL47QN6X54N6Y33T3JDNVI6AIJ6CD5IM47HG3IG4O36XCU")).to.throw(/invalid version/);
2222
});
2323

24+
it("throws an error when decoded data encodes to other string", function() {
25+
// accountId
26+
expect(() => StellarBase.decodeCheck("accountId", "GBPXX0A5N4JYPESHAADMQKBPWZWQDQ64ZV6ZL2S3LAGW4SY7NTCMWIVL")).to.throw(/invalid encoded string/);
27+
expect(() => StellarBase.decodeCheck("accountId", "GCFZB6L25D26RQFDWSSBDEYQ32JHLRMTT44ZYE3DZQUTYOL7WY43PLBG++")).to.throw(/invalid encoded string/);
28+
expect(() => StellarBase.decodeCheck("accountId", "GADE5QJ2TY7S5ZB65Q43DFGWYWCPHIYDJ2326KZGAGBN7AE5UY6JVDRRA")).to.throw(/invalid encoded string/);
29+
expect(() => StellarBase.decodeCheck("accountId", "GB6OWYST45X57HCJY5XWOHDEBULB6XUROWPIKW77L5DSNANBEQGUPADT2")).to.throw(/invalid encoded string/);
30+
expect(() => StellarBase.decodeCheck("accountId", "GB6OWYST45X57HCJY5XWOHDEBULB6XUROWPIKW77L5DSNANBEQGUPADT2T")).to.throw(/invalid encoded string/);
31+
// seed
32+
expect(() => StellarBase.decodeCheck("seed", "SB7OJNF5727F3RJUG5ASQJ3LUM44ELLNKW35ZZQDHMVUUQNGYW")).to.throw(/invalid encoded string/);
33+
expect(() => StellarBase.decodeCheck("seed", "SB7OJNF5727F3RJUG5ASQJ3LUM44ELLNKW35ZZQDHMVUUQNGYWMEGB2W2")).to.throw(/invalid encoded string/);
34+
expect(() => StellarBase.decodeCheck("seed", "SB7OJNF5727F3RJUG5ASQJ3LUM44ELLNKW35ZZQDHMVUUQNGYWMEGB2W2T")).to.throw(/invalid encoded string/);
35+
expect(() => StellarBase.decodeCheck("seed", "SCMB30FQCIQAWZ4WQTS6SVK37LGMAFJGXOZIHTH2PY6EXLP37G46H6DT")).to.throw(/invalid encoded string/);
36+
expect(() => StellarBase.decodeCheck("seed", "SAYC2LQ322EEHZYWNSKBEW6N66IRTDREEBUXXU5HPVZGMAXKLIZNM45H++")).to.throw(/invalid encoded string/);
37+
});
38+
2439
it("throws an error when the checksum is wrong", function() {
2540
expect(() => StellarBase.decodeCheck("accountId", "GBPXXOA5N4JYPESHAADMQKBPWZWQDQ64ZV6ZL2S3LAGW4SY7NTCMWIVT")).to.throw(/invalid checksum/);
2641
expect(() => StellarBase.decodeCheck("seed", "SBGWKM3CD4IL47QN6X54N6Y33T3JDNVI6AIJ6CD5IM47HG3IG4O36XCX")).to.throw(/invalid checksum/);

0 commit comments

Comments
 (0)