Validate requested length is random string generator

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
This commit is contained in:
Vincent Petry 2022-05-12 13:58:18 +02:00
parent 33ffaad14b
commit 01dbd22c9c
No known key found for this signature in database
GPG key ID: E055D6A4D513575C
2 changed files with 22 additions and 2 deletions

View file

@ -40,14 +40,19 @@ use OCP\Security\ISecureRandom;
*/
class SecureRandom implements ISecureRandom {
/**
* Generate a random string of specified length.
* Generate a secure random string of specified length.
* @param int $length The length of the generated string
* @param string $characters An optional list of characters to use if no character list is
* specified all valid base64 characters are used.
* @return string
* @throws \LengthException if an invalid length is requested
*/
public function generate(int $length,
string $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'): string {
if ($length <= 0) {
throw new \LengthException('Invalid length specified: ' . $length . ' must be bigger than 0');
}
$maxCharIndex = \strlen($characters) - 1;
$randomString = '';

View file

@ -16,7 +16,6 @@ use OC\Security\SecureRandom;
class SecureRandomTest extends \Test\TestCase {
public function stringGenerationProvider() {
return [
[0, 0],
[1, 1],
[128, 128],
[256, 256],
@ -77,4 +76,20 @@ class SecureRandomTest extends \Test\TestCase {
$matchesRegex = preg_match('/^'.$chars.'+$/', $randomString);
$this->assertSame(1, $matchesRegex);
}
public static function invalidLengths() {
return [
[0],
[-1],
];
}
/**
* @dataProvider invalidLengths
*/
public function testInvalidLengths($length) {
$this->expectException(\LengthException::class);
$generator = $this->rng;
$generator->generate($length);
}
}