Prevent Base62Uuid decoding from panicing

An extra long encoded uuid could crash the server, now it's handled as an error.
2023-10-17 00:59:01 -04:00 · 2023-10-17 00:59:01 -04:00 · 5f9d64f2d9
commit 5f9d64f2d9
parent 7f86612899
1 changed files with 46 additions and 10 deletions
--- a/src/uuid.rs
+++ b/src/uuid.rs
@ -1,5 +1,6 @@
 use std::fmt::{self, Display, Formatter};

+use anyhow::{Context, Result};
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;

@ -44,9 +45,11 @@ impl Display for Base62Uuid {
    }
 }

-impl From<&str> for Base62Uuid {
-    fn from(s: &str) -> Self {
-        Self(Uuid::from_u128(base62_decode(s)))
+impl TryFrom<&str> for Base62Uuid {
+    type Error = anyhow::Error;
+
+    fn try_from(s: &str) -> Result<Self> {
+        Ok(Self(Uuid::from_u128(base62_decode(s)?)))
    }
 }

@ -68,7 +71,9 @@ where
    D: serde::Deserializer<'de>,
 {
    let s = String::deserialize(deserializer)?;
-    Ok(Uuid::from_u128(base62_decode(&s)))
+    Ok(Uuid::from_u128(
+        base62_decode(&s).map_err(serde::de::Error::custom)?,
+    ))
 }

 pub fn base62_encode(mut number: u128) -> String {
@ -82,18 +87,25 @@ pub fn base62_encode(mut number: u128) -> String {
    }

    encoded.reverse();
-    String::from_utf8(encoded).unwrap()
+    unsafe {
+        // Safety: all characters in `encoded` must come from BASE62_CHARS, and characters in 
+        // BASE62_CHARS are valid UTF-8 (they are ASCII). Therefore, `encoded` must contain only
+        // valid UTF-8.
+        String::from_utf8_unchecked(encoded)
+    }
 }

-pub fn base62_decode(input: &str) -> u128 {
+pub fn base62_decode(input: &str) -> Result<u128> {
    let base = BASE62_CHARS.len() as u128;
    let mut number = 0u128;

    for &byte in input.as_bytes() {
-        number = number * base + (BASE62_CHARS.iter().position(|&ch| ch == byte).unwrap() as u128);
+        if let Some(value) = BASE62_CHARS.iter().position(|&ch| ch == byte) {
+            number = number.checked_mul(base).context("u128 overflow")? + value as u128;
+        }
    }

-    number
+    Ok(number)
 }

 #[cfg(test)]
@ -113,9 +125,33 @@ mod tests {

        for original_uuid in original_uuids.iter() {
            let encoded = base62_encode(original_uuid.as_u128());
-            let decoded_uuid = Uuid::from_u128(base62_decode(&encoded));
+            let decoded = base62_decode(&encoded).unwrap();
+            let decoded_uuid = Uuid::from_u128(decoded);

            assert_eq!(*original_uuid, decoded_uuid);
        }
    }
+
+    #[test]
+    fn errors_if_encoded_string_has_extra_bytes() {
+        let uuid = Uuid::new_v4();
+
+        let encoded = base62_encode(uuid.as_u128());
+        let encoded_plus_extra = format!("{}{}", encoded, "extra");
+        let decode_result = base62_decode(&encoded_plus_extra);
+
+        assert!(decode_result.is_err());
+    }
+
+    #[test]
+    fn ignores_invalid_chars_in_encoded_string() {
+        let uuid = Uuid::new_v4();
+
+        let encoded = base62_encode(uuid.as_u128());
+        let encoded_plus_invalid_chars = format!("!??{}", encoded);
+        let decoded = base62_decode(&encoded_plus_invalid_chars).unwrap();
+        let decoded_uuid = Uuid::from_u128(decoded);
+
+        assert_eq!(uuid, decoded_uuid);
+    }
 }