Skip to content

Commit

Permalink
Merge pull request from GHSA-xg2h-wx96-xgxr
Browse files Browse the repository at this point in the history
Remove unnecessary checks on a value that is already definitely an alphanum
  • Loading branch information
technosophos authored Feb 4, 2021
2 parents 864fea7 + c707277 commit f192353
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 45 deletions.
25 changes: 2 additions & 23 deletions cryptorandomstringutils.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"fmt"
"math"
"math/big"
"regexp"
"unicode"
)

Expand Down Expand Up @@ -99,27 +98,7 @@ Returns:
error - an error stemming from an invalid parameter within underlying function, CryptoRandom(...)
*/
func CryptoRandomAlphaNumeric(count int) (string, error) {
if count == 0 {
return "", nil
}
RandomString, err := CryptoRandom(count, 0, 0, true, true)
if err != nil {
return "", fmt.Errorf("Error: %s", err)
}
match, err := regexp.MatchString("([0-9]+)", RandomString)
if err != nil {
panic(err)
}

if !match {
//Get the position between 0 and the length of the string-1 to insert a random number
position := getCryptoRandomInt(count)
//Insert a random number between [0-9] in the position
RandomString = RandomString[:position] + string('0' + getCryptoRandomInt(10)) + RandomString[position + 1:]
return RandomString, err
}
return RandomString, err

return CryptoRandom(count, 0, 0, true, true)
}

/*
Expand Down Expand Up @@ -204,7 +183,7 @@ func CryptoRandom(count int, start int, end int, letters bool, numbers bool, cha
if chars == nil {
ch = rune(getCryptoRandomInt(gap) + int64(start))
} else {
ch = chars[getCryptoRandomInt(gap) + int64(start)]
ch = chars[getCryptoRandomInt(gap)+int64(start)]
}

if letters && unicode.IsLetter(ch) || numbers && unicode.IsDigit(ch) || !letters && !numbers {
Expand Down
36 changes: 36 additions & 0 deletions cryptorandomstringutils_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package goutils

import (
"regexp"
"strconv"
"testing"
"unicode/utf8"
)
Expand Down Expand Up @@ -74,3 +76,37 @@ func TestCryptoRandomAlphaNumeric(t *testing.T) {
}
}
}

func TestCryptoRandAlphaNumeric_FuzzOnlyNumeric(t *testing.T) {

// Testing for a reported regression in which some versions produced
// a predictably small set of chars.
iters := 1000
charlen := 0
for i := 0; i < 16; i++ {
numOnly := 0
charlen++
for i := 0; i < iters; i++ {
out, err := CryptoRandomAlphaNumeric(charlen)
if err != nil {
t.Fatal("func failed to produce a random thinger")
}
if _, err := strconv.Atoi(out); err == nil {
numOnly++
}

m, err := regexp.MatchString("^[0-9a-zA-Z]+$", out)
if err != nil {
t.Fatal(err)
}
if !m {
t.Fatal("Character is not alphanum")
}
}

if numOnly == iters {
t.Fatalf("Got %d numeric-only random sequences", numOnly)
}
}

}
24 changes: 2 additions & 22 deletions randomstringutils.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"fmt"
"math"
"math/rand"
"regexp"
"time"
"unicode"
)
Expand Down Expand Up @@ -75,12 +74,10 @@ func RandomNumeric(count int) (string, error) {

/*
RandomAlphabetic creates a random string whose length is the number of characters specified.
Characters will be chosen from the set of alpha-numeric characters as indicated by the arguments.
Characters will be chosen from the set of alphabetic characters.
Parameters:
count - the length of random string to create
letters - if true, generated string may include alphabetic characters
numbers - if true, generated string may include numeric characters
Returns:
string - the random string
Expand All @@ -102,24 +99,7 @@ Returns:
error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
*/
func RandomAlphaNumeric(count int) (string, error) {
RandomString, err := Random(count, 0, 0, true, true)
if err != nil {
return "", fmt.Errorf("Error: %s", err)
}
match, err := regexp.MatchString("([0-9]+)", RandomString)
if err != nil {
panic(err)
}

if !match {
//Get the position between 0 and the length of the string-1 to insert a random number
position := rand.Intn(count)
//Insert a random number between [0-9] in the position
RandomString = RandomString[:position] + string('0'+rand.Intn(10)) + RandomString[position+1:]
return RandomString, err
}
return RandomString, err

return Random(count, 0, 0, true, true)
}

/*
Expand Down
36 changes: 36 additions & 0 deletions randomstringutils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package goutils
import (
"fmt"
"math/rand"
"regexp"
"strconv"
"testing"
)

Expand Down Expand Up @@ -76,3 +78,37 @@ func ExampleRandomSeed() {
// H_I;E
// 2b2ca
}

func TestRandAlphaNumeric_FuzzOnlyNumeric(t *testing.T) {

// Testing for a reported regression in which some versions produced
// a predictably small set of chars.
iters := 1000
charlen := 0
for i := 0; i < 16; i++ {
numOnly := 0
charlen++
for i := 0; i < iters; i++ {
out, err := RandomAlphaNumeric(charlen)
if err != nil {
t.Fatal("func failed to produce a random thinger")
}
if _, err := strconv.Atoi(out); err == nil {
numOnly++
}

m, err := regexp.MatchString("^[0-9a-zA-Z]+$", out)
if err != nil {
t.Fatal(err)
}
if !m {
t.Fatal("Character is not alphanum")
}
}

if numOnly == iters {
t.Fatalf("Got %d numeric-only random sequences", numOnly)
}
}

}

0 comments on commit f192353

Please sign in to comment.