From 47351c126d8bbd56cc8e206d11e0e9617c05b20c Mon Sep 17 00:00:00 2001 From: Michael Theos Date: Thu, 4 Mar 2021 16:08:29 +1100 Subject: [PATCH 1/3] Added alphabet check before decoding --- node-atob.js | 5 +++++ test.js | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/node-atob.js b/node-atob.js index d7305a3..9e2c2b1 100644 --- a/node-atob.js +++ b/node-atob.js @@ -1,6 +1,11 @@ "use strict"; +const b64Alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=' + function atob(str) { + for (const ch of str) + if (!b64Alphabet.includes(ch)) + throw new Error(`Invalid character '${ch}' in base64 String`); return Buffer.from(str, 'base64').toString('binary'); } diff --git a/test.js b/test.js index bd80a4e..b10bc54 100644 --- a/test.js +++ b/test.js @@ -4,6 +4,7 @@ var atob = require('.'); var encoded = "SGVsbG8sIFdvcmxkIQ==" var unencoded = "Hello, World!"; + var malformed = "SGVsbG8s{" /* , encoded = "SGVsbG8sIBZM" , unencoded = "Hello, 世界" @@ -14,5 +15,13 @@ return; } + try { + const decoded = atob(malformed) + console.log('[FAIL]', malformed, decoded); + return; + } catch (_) { + /* pass */ + } + console.log('[PASS] all tests pass'); }()); -- 2.38.5 From ca3678cddbb2d3df1ed5aded07d7b684459e3fb7 Mon Sep 17 00:00:00 2001 From: Michael Theos Date: Fri, 12 Mar 2021 00:26:12 +1100 Subject: [PATCH 2/3] Range check for b64 Alphabet --- node-atob.js | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/node-atob.js b/node-atob.js index 9e2c2b1..88bf3a3 100644 --- a/node-atob.js +++ b/node-atob.js @@ -1,11 +1,24 @@ "use strict"; -const b64Alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=' +// var b64Alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; + +function toCharCode(ch) { + return ch.charCodeAt(0); +} + +function isValidB64Char(charCode) { + return charCode >= toCharCode('A') && charCode <= toCharCode('Z') + || charCode >= toCharCode('a') && charCode <= toCharCode('z') + || charCode >= toCharCode('0') && charCode <= toCharCode('9') + || charCode === toCharCode('+') + || charCode === toCharCode('/') + || charCode === toCharCode('='); +} function atob(str) { - for (const ch of str) - if (!b64Alphabet.includes(ch)) - throw new Error(`Invalid character '${ch}' in base64 String`); + for (var idx in str) + if (!isValidB64Char(str.charCodeAt(idx))) + throw new Error('Invalid character ' + str.charAt(idx) + ' in base64 String'); return Buffer.from(str, 'base64').toString('binary'); } -- 2.38.5 From 34dd70eb8dc16ca88fd00131d419f577df2c709e Mon Sep 17 00:00:00 2001 From: Michael Theos Date: Fri, 12 Mar 2021 00:27:22 +1100 Subject: [PATCH 3/3] Range check for b64 Alphabet --- test.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test.js b/test.js index b10bc54..6ed0c27 100644 --- a/test.js +++ b/test.js @@ -2,9 +2,9 @@ "use strict"; var atob = require('.'); - var encoded = "SGVsbG8sIFdvcmxkIQ==" + var encoded = "SGVsbG8sIFdvcmxkIQ=="; var unencoded = "Hello, World!"; - var malformed = "SGVsbG8s{" + var malformed = "SGVsbG8s{"; /* , encoded = "SGVsbG8sIBZM" , unencoded = "Hello, 世界" @@ -16,7 +16,7 @@ } try { - const decoded = atob(malformed) + var decoded = atob(malformed); console.log('[FAIL]', malformed, decoded); return; } catch (_) { -- 2.38.5