-
Notifications
You must be signed in to change notification settings - Fork 146
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: secret key stored cleartext in memory
- Loading branch information
1 parent
9c0a6e8
commit e0bdec9
Showing
9 changed files
with
97 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
import { decodeText, encodeText } from './text-encoding'; | ||
|
||
describe('encode and decode text', () => { | ||
it('works for UTF-8 text', () => { | ||
const text = 'a Ā 𐀀 文 ❤️'; | ||
const encoded = encodeText(text); | ||
const decoded = decodeText(encoded); | ||
|
||
expect(decoded).toEqual(text); | ||
}); | ||
|
||
it('works for empty strings', () => { | ||
const text = ''; | ||
const encoded = encodeText(text); | ||
const decoded = decodeText(encoded); | ||
expect(decoded).toEqual(text); | ||
}); | ||
|
||
it('does not simply convert to ASCII codes', () => { | ||
const text = 'a'; | ||
const textAsciiHex = '61'; | ||
const encoded = encodeText(text); | ||
expect(encoded).not.toEqual(textAsciiHex); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/** | ||
* Encode `text` to a hex string. Accepts text with any characters (like emojis). | ||
* Does not match ASCII codes for latin-script letters (ie: "a" will not be encoded to "61"). | ||
* @param text string to encode | ||
*/ | ||
export function encodeText(text: string) { | ||
return Array.from(new TextEncoder().encode(btoa(encodeURIComponent(text)))) | ||
.map(byte => byte.toString(16).padStart(2, '0')) | ||
.join(''); | ||
} | ||
|
||
/** | ||
* Decode `hex` previously encoded with [encodeText]{@link encodeText} to the original text. | ||
* @param hex string to decode | ||
*/ | ||
export function decodeText(hex?: string) { | ||
if (!hex) return ''; | ||
const bytes = new Uint8Array((hex.match(/.{1,2}/g) ?? []).map(byte => parseInt(byte, 16))); | ||
return decodeURIComponent(atob(new TextDecoder().decode(bytes))); | ||
} |