Skip to content

Commit

Permalink
Catches Infinity and NaN in case of parseInt (spruceid#125)
Browse files Browse the repository at this point in the history
  • Loading branch information
w4ll3 authored Oct 10, 2022
1 parent f32a960 commit 4b775d1
Show file tree
Hide file tree
Showing 7 changed files with 2,040 additions and 1,689 deletions.
3,531 changes: 2,009 additions & 1,522 deletions package-lock.json

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions packages/siwe-parser/lib/abnf.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import apgApi from "apg-js/src/apg-api/api";
import apgLib from "apg-js/src/apg-lib/node-exports";
import { isEIP55Address } from "./utils";
import { isEIP55Address, parseIntegerNumber } from "./utils";

const GRAMMAR = `
sign-in-with-ethereum =
Expand Down Expand Up @@ -245,7 +245,7 @@ export class ParsedMessage {
const chainId = function (state, chars, phraseIndex, phraseLength, data) {
const ret = id.SEM_OK;
if (state === id.SEM_PRE) {
data.chainId = parseInt(
data.chainId = parseIntegerNumber(
apgLib.utils.charsToString(chars, phraseIndex, phraseLength)
);
}
Expand Down
4 changes: 2 additions & 2 deletions packages/siwe-parser/lib/regex.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import * as uri from "valid-url";
import { isEIP55Address } from "./utils";
import { isEIP55Address, parseIntegerNumber } from "./utils";

const DOMAIN =
"(?<domain>([^?#]*)) wants you to sign in with your Ethereum account:";
Expand Down Expand Up @@ -64,7 +64,7 @@ export class ParsedMessage {

this.version = match?.groups?.version;
this.nonce = match?.groups?.nonce;
this.chainId = parseInt(match?.groups?.chainId);
this.chainId = parseIntegerNumber(match?.groups?.chainId);
this.issuedAt = match?.groups?.issuedAt;
this.expirationTime = match?.groups?.expirationTime;
this.notBefore = match?.groups?.notBefore;
Expand Down
7 changes: 7 additions & 0 deletions packages/siwe-parser/lib/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,10 @@ export const isEIP55Address = (address: string) => {
}
return address === ret;
}

export const parseIntegerNumber = (number: string): number => {
const parsed = parseInt(number);
if(parsed === NaN) throw new Error("Invalid number.");
if(parsed === Infinity) throw new Error("Invalid number.");
return parsed;
}
3 changes: 2 additions & 1 deletion packages/siwe/lib/client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import {
isEIP55Address,
ParsedMessage,
ParsedMessageRegExp,
parseIntegerNumber,
} from '@spruceid/siwe-parser';
import { providers, utils } from 'ethers';
import * as uri from 'valid-url';
Expand Down Expand Up @@ -77,7 +78,7 @@ export class SiweMessage {
} else {
Object.assign(this, param);
if (typeof this.chainId === 'string') {
this.chainId = parseInt(this.chainId);
this.chainId = parseIntegerNumber(this.chainId);
}
}
this.nonce = this.nonce || generateNonce();
Expand Down
178 changes: 17 additions & 161 deletions packages/siwe/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion packages/siwe/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
],
"homepage": "https://github.com/spruceid/siwe",
"dependencies": {
"@spruceid/siwe-parser": "2.0.0",
"@spruceid/siwe-parser": "file:../siwe-parser",
"@stablelib/random": "^1.0.1",
"uri-js": "^4.4.1",
"valid-url": "^1.0.9"
Expand Down

0 comments on commit 4b775d1

Please sign in to comment.