diff options
| author | Vipul A M <vipulnsward@gmail.com> | 2016-04-12 02:41:06 +0530 |
|---|---|---|
| committer | Vipul A M <vipulnsward@gmail.com> | 2017-06-07 03:45:10 +0530 |
| commit | fa487763d98ccf9c3e66fdb44f09af5c37a50fe5 (patch) | |
| tree | 64fdab96c6cd6c085366c2d4c3eb6a0f83e8fbd6 /activesupport/test | |
| parent | ac8b79d553592b3c9515940b5fe5e9d3c7ec9a45 (diff) | |
| download | rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.tar.gz rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.tar.bz2 rails-fa487763d98ccf9c3e66fdb44f09af5c37a50fe5.zip | |
Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,
to make it not leak length information even for variable length string.
Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`,
and started raising `ArgumentError` in case of length mismatch of passed strings.
Diffstat (limited to 'activesupport/test')
| -rw-r--r-- | activesupport/test/security_utils_test.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/activesupport/test/security_utils_test.rb b/activesupport/test/security_utils_test.rb index e8f762da22..8d7f7d699a 100644 --- a/activesupport/test/security_utils_test.rb +++ b/activesupport/test/security_utils_test.rb @@ -11,4 +11,15 @@ class SecurityUtilsTest < ActiveSupport::TestCase assert ActiveSupport::SecurityUtils.variable_size_secure_compare("a", "a") assert_not ActiveSupport::SecurityUtils.variable_size_secure_compare("a", "b") end + + def test_fixed_length_secure_compare_should_perform_string_comparison + assert ActiveSupport::SecurityUtils.fixed_length_secure_compare("a", "a") + assert !ActiveSupport::SecurityUtils.fixed_length_secure_compare("a", "b") + end + + def test_fixed_length_secure_compare_raise_on_length_mismatch + assert_raises(ArgumentError, "string length mismatch.") do + ActiveSupport::SecurityUtils.fixed_length_secure_compare("a", "ab") + end + end end |