Skip to content

Commit

Permalink
Fix CWE-843 II
Browse files Browse the repository at this point in the history 
- https://github.com/52North/read2burn/security/code-scanning/3

- https://cwe.mitre.org/data/definitions/843.html
  • Loading branch information
@EHJ-52n
EHJ-52n committed Dec 2, 2024
1 parent 0d9f53b commit adf2547
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions routes/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ class CryptorFactory {
}

createFromId(id) {
if (typeof id !== 'string') {
throw new Error('Received non string id.');
}
switch (id.length) {
case 19:
return this.createFromVersion("v1");
Expand Down Expand Up @@ -181,6 +184,9 @@ class CryptorV1 extends Cryptor {
}

decrypt( message, id ) {
if (typeof id !== 'string') {
throw new Error('Received non string id.');
}
const password = id.slice(this.KEY_LENGTH, this.KEY_LENGTH + this.PASSWORD_LENGTH)
const decipherSecret = new Buffer.from(password).toString('binary');
const decipher = crypto.createDecipher(this.CIPHER_ALGORITHM, decipherSecret);
Expand Down Expand Up @@ -222,6 +228,9 @@ class CryptorV2 extends Cryptor {
}

decrypt(message, id ) {
if (typeof id !== 'string') {
throw new Error('Received non string id.');
}
const baseBuf = Buffer.from(id);
const password = baseBuf.subarray(this.KEY_LENGTH, this.KEY_LENGTH + this.PASSWORD_LENGTH)
const iV = baseBuf.subarray(this.KEY_LENGTH + this.PASSWORD_LENGTH, this.KEY_LENGTH + this.PASSWORD_LENGTH + this.IV_LENGTH)
Expand Down

0 comments on commit adf2547

Please sign in to comment.