Skip to content

fix(bcrypt): handle invalid rounds by throwing OperationError#2560

Open
anushkagupta200615-jpg wants to merge 1 commit into
gchq:masterfrom
anushkagupta200615-jpg:master
Open

fix(bcrypt): handle invalid rounds by throwing OperationError#2560
anushkagupta200615-jpg wants to merge 1 commit into
gchq:masterfrom
anushkagupta200615-jpg:master

Conversation

@anushkagupta200615-jpg

Copy link
Copy Markdown

Description
Provide a description of the pull request and the changes that it makes.

Existing Issue
If this pull request relates to an existing issue in the repository, please link it here.

Screenshots
If the pull request changes any visual aspects of CyberChef, please include screenshots.

AI disclosure
If you have used any AI tools while creating this code, you must declare your usage along with the name of the tools that you used.
Regardless of AI tool usage, you are responsible for any code that you submit, and we expect you to have checked the code and have enough of an understanding of it to answer any questions we might have.

Test Coverage
Please ensure you have added test coverage for your changes.

Fixes #2534

Description

This PR fixes an issue where attempting to hash or compare with an invalid number of bcrypt rounds (e.g. <4 or >31) would result in an uncaught exception from the bcryptjs dependency, completely breaking the operation execution instead of bubbling the error to the user interface.

Changes Made

  • Wrapped the core functions (bcrypt.compare, bcrypt.genSalt, and bcrypt.hash) in Bcrypt.mjs and BcryptCompare.mjs with try/catch blocks.
  • When an error is caught, it now correctly throws an OperationError, which matches the established architectural pattern in CyberChef (and aligns with BcryptParse.mjs). This allows the error message (e.g., Illegal number of rounds (4-31)) to safely display in the output panel.
  • Added a new unit test in Hash.mjs (Bcrypt compare: invalid rounds) to verify that the out-of-bounds error is properly caught. Verified that the test runner correctly passes this using the expected string output.

@CLAassistant

CLAassistant commented Jun 15, 2026

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@HackingRepo

HackingRepo commented Jul 4, 2026

Copy link
Copy Markdown

no need that, now fixed, however thank's for the beautifil contribution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

bug(Bcrypt Compare): an uncaught Illegal number of rounds (4-31) error

3 participants