Hex format validator allows empty and odd-length strings #8531

ishantiw · 2023-06-02T15:22:16Z

Description

The lisk-validator method that validates hex-encoded data, isHexString, returns true if the provided string is empty ('') or consists of just one hex character (e.g., 'f'):

export const isHexString = (data: unknown): boolean => {
      if (typeof data !== 'string') {
         return false;
       }
  return data === '' || /^[a-f0-9]+$/i.test(data);
};

Both cases will cause a subsequent call to Buffer.from(data, 'hex') to return an empty Buffer object. This may violate the assumption that because the string passed hex format validation, it must encode usable data. Furthermore, when the number of characters is odd but greater than one (e.g., 'fff'), it results in incomplete decoding.

Which version(s) does this affect? (Environment, OS, etc...)

v6.0.0-beta.1

The text was updated successfully, but these errors were encountered:

shuse2 · 2023-06-06T04:22:42Z

empty string should return true to represent the empty bytes

ishantiw added type: bug elements/validator labels Jun 2, 2023

shuse2 self-assigned this Jun 5, 2023

shuse2 mentioned this issue Jun 5, 2023

Fix isHexString validation #8556

Merged

Madhulearn added this to the Sprint 97 milestone Jun 5, 2023

shuse2 closed this as completed Jun 6, 2023

Madhulearn mentioned this issue Jun 6, 2023

Prepare Lisk SDK v6.0.0 for rc #7226

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hex format validator allows empty and odd-length strings #8531

Hex format validator allows empty and odd-length strings #8531

ishantiw commented Jun 2, 2023

shuse2 commented Jun 6, 2023

Hex format validator allows empty and odd-length strings #8531

Hex format validator allows empty and odd-length strings #8531

Comments

ishantiw commented Jun 2, 2023

Description

Which version(s) does this affect? (Environment, OS, etc...)

shuse2 commented Jun 6, 2023