fix: throw error if hexToBytes or hexToString is provided a string that is not in hex (#2657)

* better error handling * fix browser tests * add shared variable * re-add test case
2025-11-04 13:05:49 +00:00 · 2024-05-08 13:02:34 -04:00
parent d441361999
commit 9b3bb9c14b
9 changed files with 31 additions and 98 deletions
--- a/packages/isomorphic/HISTORY.md
+++ b/packages/isomorphic/HISTORY.md
@@ -1,5 +1,11 @@
 # @xrplf/isomorphic Release History
 ## Unreleased
 ### Fixed
 * Throw error if `hexToBytes` or `hexToString` is provided a string that is not in hex
 ## 1.0.0 (2024-02-01)
 Initial release providing isomorphic and tree-shakable implementations of:
@@ -14,21 +20,3 @@ Initial release providing isomorphic and tree-shakable implementations of:
 * randomBytes
 * stringToHex
 * ws
 ## 1.0.0 Beta 1 (2023-11-30)
 ## Added
 * hexToString
 * stringToHex
 ## 1.0.0 Beta 0 (2023-10-19)
 Initial release providing isomorphic and tree-shakable implementations of:
 * ripemd160
 * sha256
 * sha512
 * bytesToHash
 * hashToBytes
 * randomBytes
 * ws_
--- a/packages/isomorphic/src/utils/browser.ts
+++ b/packages/isomorphic/src/utils/browser.ts
@@ -9,6 +9,7 @@ import type {
  RandomBytesFn,
  StringToHexFn,
 } from './types'
 import { HEX_REGEX } from './shared'
 /* eslint-disable func-style -- Typed to ensure uniformity between node and browser implementations and docs */
 export const bytesToHex: typeof BytesToHexFn = (bytes) => {
@@ -22,6 +23,9 @@ export const bytesToHex: typeof BytesToHexFn = (bytes) => {
 export const hexToBytes: typeof HexToBytesFn = (hex): Uint8Array => {
  const len = hex.length
  const array = new Uint8Array(len / 2)
  if (!HEX_REGEX.test(hex)) {
    throw new Error('Invalid hex string')
  }
  for (let i = 0; i < array.length; i++) {
    const j = i * 2
    const hexByte = hex.slice(j, j + 2)
--- a/packages/isomorphic/src/utils/index.ts
+++ b/packages/isomorphic/src/utils/index.ts
@@ -1,6 +1,7 @@
 import { randomBytes as cryptoRandomBytes } from 'crypto'
 import type { BytesToHexFn, HexToBytesFn, RandomBytesFn } from './types'
 import { HexToStringFn, StringToHexFn } from './types'
 import { HEX_REGEX } from './shared'
 const OriginalBuffer = Symbol('OriginalBuffer')
@@ -64,6 +65,9 @@ export const bytesToHex: typeof BytesToHexFn = (bytes) => {
 }
 export const hexToBytes: typeof HexToBytesFn = (hex) => {
  if (!HEX_REGEX.test(hex)) {
    throw new Error('Invalid hex string')
  }
  return toUint8Array(Buffer.from(hex, 'hex'))
 }
@@ -75,6 +79,9 @@ export const hexToString: typeof HexToStringFn = (
  hex: string,
  encoding = 'utf8',
 ): string => {
  if (!HEX_REGEX.test(hex)) {
    throw new Error('Invalid hex string')
  }
  return new TextDecoder(encoding).decode(hexToBytes(hex))
 }
--- a/packages/isomorphic/src/utils/shared.ts
+++ b/packages/isomorphic/src/utils/shared.ts
@@ -1,5 +1,7 @@
 import { concatBytes } from '@noble/hashes/utils'
 export const HEX_REGEX = /^[A-F0-9]*$/iu
 export function concat(views: Uint8Array[]): Uint8Array {
  return concatBytes(...views)
 }
--- a/packages/isomorphic/test/utils.test.ts
+++ b/packages/isomorphic/test/utils.test.ts
@@ -23,10 +23,18 @@ describe('utils', function () {
    expect(hexToBytes('DEADBEEF')).toEqual(new Uint8Array([222, 173, 190, 239]))
  })
  it('hexToBytes - DEADBEEF', () => {
    expect(hexToBytes('DEADBEEF')).toEqual(new Uint8Array([222, 173, 190, 239]))
  })
  it('bytesToHex - DEADBEEF', () => {
    expect(bytesToHex([222, 173, 190, 239])).toEqual('DEADBEEF')
  })
  it('bytesToHex - bad hex', () => {
    expect(() => hexToBytes('hello')).toThrow(new Error('Invalid hex string'))
  })
  it('bytesToHex - 010203', () => {
    expect(bytesToHex([1, 2, 3])).toEqual('010203')
  })
@@ -43,6 +51,10 @@ describe('utils', function () {
    expect(hexToString('6465616462656566D68D')).toEqual('deadbeef֍')
  })
  it('hexToString - bad hex', () => {
    expect(() => hexToString('hello')).toThrow(new Error('Invalid hex string'))
  })
  it('stringToHex - deadbeef+infinity symbol (utf8)', () => {
    expect(stringToHex('deadbeef֍')).toEqual('6465616462656566D68D')
  })
--- a/packages/ripple-address-codec/HISTORY.md
+++ b/packages/ripple-address-codec/HISTORY.md
@@ -15,25 +15,6 @@
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 * Execute test in a browser in addition to node
 ## 5.0.0 Beta 1 (2023-11-30)
 ### Breaking Changes
 * `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.
 ### Changes
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 ## 5.0.0 Beta 0 (2023-10-19)
 ### Breaking Changes
 * Bump typescript to 5.x
 * Remove Node 14 support
 * Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`.
 * Remove `create-hash` in favor of `@noble/hashes`
 ### Changes
 * Execute test in a browser in addition to node
 ## 4.3.1 (2023-09-27)
 ### Fixed
 * Fix source-maps not finding their designated source
--- a/packages/ripple-binary-codec/HISTORY.md
+++ b/packages/ripple-binary-codec/HISTORY.md
@@ -22,23 +22,6 @@
  * `Comparable` is now a generic type so that it allows `compareTo` methods to take more that the type itself.
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 ## 2.0.0 Beta 1 (2023-11-30)
 ### Breaking Changes
 * `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.
 ### Changes
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 ## 2.0.0 Beta 0 (2023-10-19)
 ### Breaking Changes
 * Bump typescript to 5.x
 * Remove Node 14 support
 * Remove decimal.js and big-integer. Use `BigNumber` from `bignumber.js` instead of `Decimal` and the native `BigInt` instead of `bigInt`.
 * Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`.
 * Remove `create-hash` in favor of `@noble/hashes`
 ### Changes
 * Update type definitions which causing errors in tests that the code already supported
    * `makeParser` to accept a `Buffer` in addition to `string`
--- a/packages/ripple-keypairs/HISTORY.md
+++ b/packages/ripple-keypairs/HISTORY.md
@@ -19,29 +19,6 @@
 * Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 ## 2.0.0 Beta 1 (2023-11-30)
 ### Breaking Changes
 * `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.
 ### Changes
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 ## 2.0.0 Beta 0 (2023-10-19)
 ### Breaking Changes
 * Bump typescript to 5.x
 * Remove Node 14 support
 * Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`.
 * Fix `deriveKeypair` ignoring manual decoding algorithm. (Specifying algorithm=`ed25519` in `opts` now works on secrets like `sNa1...`)
 * Remove `crypto` polyfills, `create-hash`, `elliptic`, `hash.js`, and their many dependencies in favor of `@noble/hashes` and `@nobel/curves`
 * Remove `bytesToHex` and `hexToBytes`.  They can now be found in `@xrplf/isomorphic/utils`
 * `verifyTransaction` will throw an error if there is no signature
 * Improved key algorithm detection. It will now throw Errors with helpful messages
 ### Changes
 * Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.
 ## 1.3.1 (2023-09-27)
 ### Fixed
 * Fix source-maps not finding their designated source
--- a/packages/secret-numbers/HISTORY.md
+++ b/packages/secret-numbers/HISTORY.md
@@ -19,24 +19,3 @@ Subscribe to [the **xrpl-announce** mailing list](https://groups.google.com/g/xr
 * Unit tests run in a browser and node.
 * Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 ## 1.0.0 Beta 1 (2023-11-30)
 ### BREAKING CHANGES:
 * Moved all methods that were on `Utils` are now individually exported.
 * `Buffer` has been replaced with `UInt8Array` for both params and return values. `Buffer` may continue to work with params since they extend `UInt8Arrays`.
 ### Changes
 * Eliminates 4 runtime dependencies: `base-x`, `base64-js`, `buffer`, and `ieee754`.
 ## 1.0.0 Beta 0 (2023-10-19)
 * Add `xrpl-secret-numbers` by @WietseWind  to the mono repo.
 * `unpkg` and `jsdelivr` support was simplified.
 * Unit tests run in a browser and node.
 * Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.
 ### BREAKING CHANGES:
 * `xrpl-secret-numbers` is now `@xrplf/secret-numbers`.
 * The bundled file produced changed from  `dist/browerified.js` to `build/xrplf-secret-numbers-latest.js`.
 * Bundle variable is `xrplf_secret_numbers` instead of using browserify's loader.