Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: check length of public key after decoding #1115

Merged
merged 8 commits into from May 15, 2023
Merged

fix: check length of public key after decoding #1115

merged 8 commits into from May 15, 2023

Conversation

isoldo
Copy link
Contributor

@isoldo isoldo commented Apr 24, 2023
edited

Pre-flight checklist

  • I have read the Contributing Guidelines on pull requests.
  • Commit messages follow the conventional commits spec
  • If this is a code change: I have written unit tests.
  • If this changes code in a published package: I have run pnpm changeset to create a changeset JSON document appropriate for this change.
  • If this is a new API or substantial change: the PR has an accompanying issue (closes #0000) and the maintainers have approved on my working plan.

Motivation

Used PublicKey.fromString() as a validator for user input. As it turns out, the function doesn't check for length of the decoded public key.

Test Plan

Call PublicKey.fromString(baseEncode(publicKey)) with publicKey being a string with less than 32 characters - the function throws an error.

Related issues/PRs

#1114

@changeset-bot
Copy link

changeset-bot bot commented Apr 24, 2023
edited

🦋 Changeset detected

Latest commit: 435d19d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 12 packages
Name Type
@near-js/crypto Patch
@near-js/accounts Patch
@near-js/biometric-ed25519 Patch
@near-js/keystores-browser Patch
@near-js/keystores-node Patch
@near-js/keystores Patch
near-api-js Patch
@near-js/signers Patch
@near-js/transactions Patch
@near-js/wallet-account Patch
@near-js/cookbook Patch
@near-js/providers Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@firatNEAR firatNEAR requested a review from andy-haynes May 9, 2023 08:30
andy-haynes
andy-haynes previously approved these changes May 12, 2023
View reviewed changes
Copy link
Collaborator

@andy-haynes andy-haynes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch, thank you @isoldo for the contribution!

I have one minor comment inline but it's not a blocker. Let me know what you think but either way we'll get this into the next release.

packages/crypto/test/key_pair.test.js Outdated Show resolved Hide resolved
@isoldo @andy-haynes
Update packages/crypto/test/key_pair.test.js
435d19d 
Co-authored-by: andy-haynes <36863574+andy-haynes@users.noreply.github.com>
@isoldo isoldo requested a review from andy-haynes May 15, 2023 07:50
andy-haynes
andy-haynes approved these changes May 15, 2023
View reviewed changes
Copy link
Collaborator

@andy-haynes andy-haynes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again @isoldo!

@andy-haynes andy-haynes merged commit 299ce39 into near:master May 15, 2023
1 check passed
@github-actions github-actions bot mentioned this pull request May 15, 2023
Merged
@isoldo isoldo deleted the fix--public-key-length-check branch June 15, 2023 08:00
@frol frol mentioned this pull request Jun 28, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andy-haynes andy-haynes andy-haynes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@isoldo @andy-haynes