diff --git a/packages/isomorphic/HISTORY.md b/packages/isomorphic/HISTORY.md index d758b1e4..155182ce 100644 --- a/packages/isomorphic/HISTORY.md +++ b/packages/isomorphic/HISTORY.md @@ -1,5 +1,11 @@ # @xrplf/isomorphic Release History +## Unreleased + +### Fixed + +* Throw error if `hexToBytes` or `hexToString` is provided a string that is not in hex + ## 1.0.0 (2024-02-01) Initial release providing isomorphic and tree-shakable implementations of: @@ -14,21 +20,3 @@ Initial release providing isomorphic and tree-shakable implementations of: * randomBytes * stringToHex * ws - -## 1.0.0 Beta 1 (2023-11-30) - -## Added -* hexToString -* stringToHex - -## 1.0.0 Beta 0 (2023-10-19) - -Initial release providing isomorphic and tree-shakable implementations of: - -* ripemd160 -* sha256 -* sha512 -* bytesToHash -* hashToBytes -* randomBytes -* ws_ diff --git a/packages/isomorphic/src/utils/browser.ts b/packages/isomorphic/src/utils/browser.ts index 89bcf8f8..a9fd016b 100644 --- a/packages/isomorphic/src/utils/browser.ts +++ b/packages/isomorphic/src/utils/browser.ts @@ -9,6 +9,7 @@ import type { RandomBytesFn, StringToHexFn, } from './types' +import { HEX_REGEX } from './shared' /* eslint-disable func-style -- Typed to ensure uniformity between node and browser implementations and docs */ export const bytesToHex: typeof BytesToHexFn = (bytes) => { @@ -22,6 +23,9 @@ export const bytesToHex: typeof BytesToHexFn = (bytes) => { export const hexToBytes: typeof HexToBytesFn = (hex): Uint8Array => { const len = hex.length const array = new Uint8Array(len / 2) + if (!HEX_REGEX.test(hex)) { + throw new Error('Invalid hex string') + } for (let i = 0; i < array.length; i++) { const j = i * 2 const hexByte = hex.slice(j, j + 2) diff --git a/packages/isomorphic/src/utils/index.ts b/packages/isomorphic/src/utils/index.ts index 0a57ee55..70cd22c0 100644 --- a/packages/isomorphic/src/utils/index.ts +++ b/packages/isomorphic/src/utils/index.ts @@ -1,6 +1,7 @@ import { randomBytes as cryptoRandomBytes } from 'crypto' import type { BytesToHexFn, HexToBytesFn, RandomBytesFn } from './types' import { HexToStringFn, StringToHexFn } from './types' +import { HEX_REGEX } from './shared' const OriginalBuffer = Symbol('OriginalBuffer') @@ -64,6 +65,9 @@ export const bytesToHex: typeof BytesToHexFn = (bytes) => { } export const hexToBytes: typeof HexToBytesFn = (hex) => { + if (!HEX_REGEX.test(hex)) { + throw new Error('Invalid hex string') + } return toUint8Array(Buffer.from(hex, 'hex')) } @@ -75,6 +79,9 @@ export const hexToString: typeof HexToStringFn = ( hex: string, encoding = 'utf8', ): string => { + if (!HEX_REGEX.test(hex)) { + throw new Error('Invalid hex string') + } return new TextDecoder(encoding).decode(hexToBytes(hex)) } diff --git a/packages/isomorphic/src/utils/shared.ts b/packages/isomorphic/src/utils/shared.ts index 408c07f9..890a42d9 100644 --- a/packages/isomorphic/src/utils/shared.ts +++ b/packages/isomorphic/src/utils/shared.ts @@ -1,5 +1,7 @@ import { concatBytes } from '@noble/hashes/utils' +export const HEX_REGEX = /^[A-F0-9]*$/iu + export function concat(views: Uint8Array[]): Uint8Array { return concatBytes(...views) } diff --git a/packages/isomorphic/test/utils.test.ts b/packages/isomorphic/test/utils.test.ts index 4953a457..02a692e9 100644 --- a/packages/isomorphic/test/utils.test.ts +++ b/packages/isomorphic/test/utils.test.ts @@ -23,10 +23,18 @@ describe('utils', function () { expect(hexToBytes('DEADBEEF')).toEqual(new Uint8Array([222, 173, 190, 239])) }) + it('hexToBytes - DEADBEEF', () => { + expect(hexToBytes('DEADBEEF')).toEqual(new Uint8Array([222, 173, 190, 239])) + }) + it('bytesToHex - DEADBEEF', () => { expect(bytesToHex([222, 173, 190, 239])).toEqual('DEADBEEF') }) + it('bytesToHex - bad hex', () => { + expect(() => hexToBytes('hello')).toThrow(new Error('Invalid hex string')) + }) + it('bytesToHex - 010203', () => { expect(bytesToHex([1, 2, 3])).toEqual('010203') }) @@ -43,6 +51,10 @@ describe('utils', function () { expect(hexToString('6465616462656566D68D')).toEqual('deadbeef֍') }) + it('hexToString - bad hex', () => { + expect(() => hexToString('hello')).toThrow(new Error('Invalid hex string')) + }) + it('stringToHex - deadbeef+infinity symbol (utf8)', () => { expect(stringToHex('deadbeef֍')).toEqual('6465616462656566D68D') }) diff --git a/packages/ripple-address-codec/HISTORY.md b/packages/ripple-address-codec/HISTORY.md index ce2ca026..d3d33c4b 100644 --- a/packages/ripple-address-codec/HISTORY.md +++ b/packages/ripple-address-codec/HISTORY.md @@ -15,25 +15,6 @@ * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. * Execute test in a browser in addition to node -## 5.0.0 Beta 1 (2023-11-30) - -### Breaking Changes -* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`. - -### Changes -* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. - -## 5.0.0 Beta 0 (2023-10-19) - -### Breaking Changes -* Bump typescript to 5.x -* Remove Node 14 support -* Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`. -* Remove `create-hash` in favor of `@noble/hashes` - -### Changes -* Execute test in a browser in addition to node - ## 4.3.1 (2023-09-27) ### Fixed * Fix source-maps not finding their designated source diff --git a/packages/ripple-binary-codec/HISTORY.md b/packages/ripple-binary-codec/HISTORY.md index fdf9ecb3..871c2020 100644 --- a/packages/ripple-binary-codec/HISTORY.md +++ b/packages/ripple-binary-codec/HISTORY.md @@ -22,23 +22,6 @@ * `Comparable` is now a generic type so that it allows `compareTo` methods to take more that the type itself. * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. -## 2.0.0 Beta 1 (2023-11-30) - -### Breaking Changes -* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`. - -### Changes -* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. - -## 2.0.0 Beta 0 (2023-10-19) - -### Breaking Changes -* Bump typescript to 5.x -* Remove Node 14 support -* Remove decimal.js and big-integer. Use `BigNumber` from `bignumber.js` instead of `Decimal` and the native `BigInt` instead of `bigInt`. -* Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`. -* Remove `create-hash` in favor of `@noble/hashes` - ### Changes * Update type definitions which causing errors in tests that the code already supported * `makeParser` to accept a `Buffer` in addition to `string` diff --git a/packages/ripple-keypairs/HISTORY.md b/packages/ripple-keypairs/HISTORY.md index 6a20d8af..7f4003b3 100644 --- a/packages/ripple-keypairs/HISTORY.md +++ b/packages/ripple-keypairs/HISTORY.md @@ -19,29 +19,6 @@ * Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead. * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. -## 2.0.0 Beta 1 (2023-11-30) - -### Breaking Changes -* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`. - -### Changes -* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. - -## 2.0.0 Beta 0 (2023-10-19) - -### Breaking Changes -* Bump typescript to 5.x -* Remove Node 14 support -* Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`. -* Fix `deriveKeypair` ignoring manual decoding algorithm. (Specifying algorithm=`ed25519` in `opts` now works on secrets like `sNa1...`) -* Remove `crypto` polyfills, `create-hash`, `elliptic`, `hash.js`, and their many dependencies in favor of `@noble/hashes` and `@nobel/curves` -* Remove `bytesToHex` and `hexToBytes`. They can now be found in `@xrplf/isomorphic/utils` -* `verifyTransaction` will throw an error if there is no signature -* Improved key algorithm detection. It will now throw Errors with helpful messages - -### Changes -* Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead. - ## 1.3.1 (2023-09-27) ### Fixed * Fix source-maps not finding their designated source diff --git a/packages/secret-numbers/HISTORY.md b/packages/secret-numbers/HISTORY.md index 366bfbfc..15311a3e 100644 --- a/packages/secret-numbers/HISTORY.md +++ b/packages/secret-numbers/HISTORY.md @@ -19,24 +19,3 @@ Subscribe to [the **xrpl-announce** mailing list](https://groups.google.com/g/xr * Unit tests run in a browser and node. * Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead. * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. - -## 1.0.0 Beta 1 (2023-11-30) - -### BREAKING CHANGES: -* Moved all methods that were on `Utils` are now individually exported. -* `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`. - -### Changes -* Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`. - -## 1.0.0 Beta 0 (2023-10-19) - -* Add `xrpl-secret-numbers` by @WietseWind to the mono repo. -* `unpkg` and `jsdelivr` support was simplified. -* Unit tests run in a browser and node. -* Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead. - -### BREAKING CHANGES: -* `xrpl-secret-numbers` is now `@xrplf/secret-numbers`. -* The bundled file produced changed from `dist/browerified.js` to `build/xrplf-secret-numbers-latest.js`. -* Bundle variable is `xrplf_secret_numbers` instead of using browserify's loader.