aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport
diff options
context:
space:
mode:
Diffstat (limited to 'activesupport')
-rw-r--r--activesupport/lib/active_support/message_verifier.rb2
-rw-r--r--activesupport/test/message_verifier_test.rb5
2 files changed, 7 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 74e080a23d..fcdc09ff08 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -26,6 +26,8 @@ module ActiveSupport
end
def verify(signed_message)
+ raise InvalidSignature if signed_message.blank?
+
data, digest = signed_message.split("--")
if secure_compare(digest, generate_digest(data))
Marshal.load(ActiveSupport::Base64.decode64(data))
diff --git a/activesupport/test/message_verifier_test.rb b/activesupport/test/message_verifier_test.rb
index 4f8837ba4e..e6370bc3db 100644
--- a/activesupport/test/message_verifier_test.rb
+++ b/activesupport/test/message_verifier_test.rb
@@ -18,6 +18,11 @@ class MessageVerifierTest < Test::Unit::TestCase
assert_equal @data, @verifier.verify(message)
end
+ def test_missing_signature_raises
+ assert_not_verified(nil)
+ assert_not_verified("")
+ end
+
def test_tampered_data_raises
data, hash = @verifier.generate(@data).split("--")
assert_not_verified("#{data.reverse}--#{hash}")
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 17:18:50 +0000