#822 extra validation in CcSalted

yegor256 · Mar 8, 2018 · 3716f4e · 3716f4e
1 parent 7fb5241
commit 3716f4e
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 2 deletions.
diff --git a/src/main/java/org/takes/facets/auth/codecs/CcSalted.java b/src/main/java/org/takes/facets/auth/codecs/CcSalted.java
@@ -100,10 +100,18 @@ private static byte[] unsalt(final byte[] text) {
             throw new DecodingException("empty input");
         }
         final int size = text[0];
+        if (size < 0) {
+            throw new DecodingException(
+                String.format(
+                    "Length of salt %+d is negative, something is wrong",
+                    size
+                )
+            );
+        }
         if (text.length < size + 2) {
             throw new DecodingException(
                 String.format(
-                    "not enough bytes for salt, length is %d while %d required",
+                    "Not enough bytes for salt, length is %d while %d required",
                     text.length, size + 2
                 )
             );
@@ -115,7 +123,7 @@ private static byte[] unsalt(final byte[] text) {
         if (text[text.length - 1] != sum) {
             throw new DecodingException(
                 String.format(
-                    "checksum %d failure, while %d expected",
+                    "Checksum %d failure, while %d expected",
                     text[text.length - 1], sum
                 )
             );

diff --git a/src/test/java/org/takes/facets/auth/codecs/CcSaltedTest.java b/src/test/java/org/takes/facets/auth/codecs/CcSaltedTest.java
@@ -57,4 +57,37 @@ public void decodesInvalidData() throws IOException {
         );
     }
 
+    /**
+     * CcSalted can encrypt/decrypt big chunk of data.
+     * @throws IOException If some problem inside
+     */
+    @Test
+    public void encryptsLargeData() throws IOException {
+        final Identity identity = new Identity.Simple(
+            new String(new char[10000])
+        );
+        final byte[] bytes = new CcSalted(new CcPlain()).encode(identity);
+        new CcSalted(new CcPlain()).decode(bytes);
+    }
+
+    /**
+     * CcSalted can throw when incomplete data.
+     * @throws IOException If some problem inside
+     */
+    @Test(expected = DecodingException.class)
+    public void throwsOnIncompleteData() throws IOException {
+        new CcSalted(new CcPlain()).decode(
+            "\u0010\u0000\u0000\u0000".getBytes()
+        );
+    }
+
+    /**
+     * CcSalted can throw on empty input.
+     * @throws IOException If some problem inside
+     */
+    @Test(expected = DecodingException.class)
+    public void throwsOnEmptyInput() throws IOException {
+        new CcSalted(new CcPlain()).decode(new byte[0]);
+    }
+
 }