Skip to content

reject non-hex characters in decodeHex#2627

Closed
netliomax25-code wants to merge 1 commit into
apache:masterfrom
netliomax25-code:decodehex-reject-non-hex
Closed

reject non-hex characters in decodeHex#2627
netliomax25-code wants to merge 1 commit into
apache:masterfrom
netliomax25-code:decodehex-reject-non-hex

Conversation

@netliomax25-code

Copy link
Copy Markdown
Contributor
  1. decodeHex decodes each two-character group with Integer.parseInt(value.substring(i, i + 2), 16), which accepts a leading + or - sign and non-ASCII Unicode digit characters.
  2. so malformed input such as "-1", "+a" or "-f" decodes to a byte (0xff, 0x0a, 0xf1) instead of throwing NumberFormatException, which the method javadoc documents for characters that are not valid hexadecimal values.

Replaced the per-group parseInt with a strict per-nibble decode over the ASCII ranges 0-9/a-f/A-F. Valid hex decodes to the same bytes (checked against the old path for every byte value in both letter cases); the rejected inputs are covered by new cases in HexTest. Happy to file a Jira and link it.

@testlens-app

testlens-app Bot commented Jun 25, 2026

Copy link
Copy Markdown

✅ All tests passed ✅

🏷️ Commit: 5136de2
▶️ Tests: 101826 executed
⚪️ Checks: 23/23 completed


Learn more about TestLens at testlens.app.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens EncodingGroovyMethods.decodeHex(String) so it rejects non-hex characters that Integer.parseInt(..., 16) would otherwise accept (e.g., leading +/- signs and non-ASCII digit characters), aligning behavior with the method’s documented NumberFormatException contract.

Changes:

  • Replaced per-byte Integer.parseInt(substring, 16) decoding with strict per-nibble ASCII-range decoding (0-9, a-f, A-F).
  • Added regression tests ensuring signed prefixes and non-ASCII digit characters are rejected.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/main/java/org/codehaus/groovy/runtime/EncodingGroovyMethods.java Implements strict ASCII hex decoding via a new hexToNibble helper to reject +/- and non-ASCII digits.
src/test/groovy/groovy/HexTest.groovy Adds new negative test cases for sign-prefixed and non-ASCII-digit hex strings.

@paulk-asert

Copy link
Copy Markdown
Contributor

Merged. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants