review william and linting

fredmnl · fredmnl · commit 54c5ff8972c8 · 2025-03-11T13:42:37.000+01:00
diff --git a/lib/auth/streamingV4/trailingChecksumTransform.js b/lib/auth/streamingV4/trailingChecksumTransform.js
@@ -48,17 +48,20 @@ class TrailingChecksumTransform extends Transform {
                 continue;
             }
 
-            const lineBreakIndex = chunk.indexOf('\r');
+            // we are now looking for the chunk size field
+            // no need to look further than 10 bytes since the field cannot be bigger
+            const lineBreakIndex = chunk.subarray(0, 10).indexOf('\r');
+            const bytesToKeep = lineBreakIndex === -1 ? chunk.byteLength : lineBreakIndex;
+            if (this.chunkSizeBuffer.byteLength + bytesToKeep > 10) {
+                this.log.error('chunk size field too big', {
+                    chunkSizeBuffer: this.chunkSizeBuffer.toString('hex'),
+                    truncatedChunk: chunk.subarray(0, 10).toString('hex'),
+                });
+                // if bigger, the chunk would be over 5 GB
+                // returning early to avoid a DoS by memory exhaustion
+                return callback(errors.InvalidArgument);
+            }
             if (lineBreakIndex === -1) {
-                if (this.chunkSizeBuffer.byteLength + chunk.byteLength > 10) {
-                    this.log.error('chunk size field too big', {
-                        chunkSizeBuffer: this.chunkSizeBuffer.toString(),
-                        truncatedChunk: chunk.subarray(0, 16).toString(),
-                    });
-                    // if bigger, the chunk would be over 5 GB
-                    // returning early to avoid a DoS by memory exhaustion
-                    return callback(errors.InvalidArgument);
-                }
                 // no delimiter, we'll keep the chunk for later
                 this.chunkSizeBuffer = Buffer.concat([this.chunkSizeBuffer, chunk]);
                 return callback();
@@ -68,17 +71,11 @@ class TrailingChecksumTransform extends Transform {
             chunk = chunk.subarray(lineBreakIndex);
 
             // chunk-size is sent in hex
-            if (!/^[0-9a-fA-F]+$/.test(this.chunkSizeBuffer.toString())) {
-                this.log.error('chunk size is not a valid hex number', {
-                    chunkSizeBuffer: this.chunkSizeBuffer.toString(),
-                });
-                return callback(errors.InvalidArgument);
-            }
-            const dataSize = Number.parseInt(this.chunkSizeBuffer.toString(), 16);
-            if (Number.isNaN(dataSize)) {
-                this.log.error('unable to parse chunk size', {
-                    chunkSizeBuffer: this.chunkSizeBuffer.toString(),
-                });
+            const chunkSizeStr = this.chunkSizeBuffer.toString();
+            const dataSize = parseInt(chunkSizeStr, 16);
+            // we check that the parsing is correct (parseInt returns a partial parse when it fails)
+            if (isNaN(dataSize) || dataSize.toString(16) !== chunkSizeStr.toLowerCase()) {
+                this.log.error('invalid chunk size', { chunkSizeBuffer: chunkSizeStr });
                 return callback(errors.InvalidArgument);
             }
             this.chunkSizeBuffer = Buffer.alloc(0);
diff --git a/tests/unit/auth/TrailingChecksumTransform.js b/tests/unit/auth/TrailingChecksumTransform.js
@@ -1,3 +1,4 @@
+const { errors } = require('arsenal');
 const assert = require('assert');
 const async = require('async');
 const { Readable } = require('stream');
@@ -8,12 +9,12 @@ const { DummyRequestLogger } = require('../helpers');
 const log = new DummyRequestLogger();
 
 // note this is not the correct checksum in objDataWithTrailingChecksum
-const objDataWithTrailingChecksum = '10\r\n0123456789abcdef\r\n' +
+const objDataWithTrailingChecksum = '10\r\n01234\r6789abcd\r\n\r\n' +
                                     '2\r\n01\r\n' +
                                     '1\r\n2\r\n' +
                                     'd\r\n3456789abcdef\r\n' +
                                     '0\r\nchecksum:xyz=\r\n';
-const objDataWithoutTrailingChecksum = '0123456789abcdef0123456789abcdef';
+const objDataWithoutTrailingChecksum = '01234\r6789abcd\r\n0123456789abcdef';
 
 class ChunkedReader extends Readable {
     constructor(chunks) {
@@ -30,11 +31,16 @@ class ChunkedReader extends Readable {
         this.push(this._parts[this._index]);
         this._index++;
     }
+
+    getIndex() {
+        return this._index;
+    }
 }
 
 describe('TrailingChecksumTransform class', () => {
     it('should correctly remove checksums', done => {
-        const trailingChecksumTransform = new TrailingChecksumTransform(log, err => {
+        const trailingChecksumTransform = new TrailingChecksumTransform(log);
+        trailingChecksumTransform.on('error', err => {
             assert.strictEqual(err, null);
         });
         const chunks = [
@@ -43,7 +49,7 @@ describe('TrailingChecksumTransform class', () => {
         const chunkedReader = new ChunkedReader(chunks);
         chunkedReader.pipe(trailingChecksumTransform);
         const outputChunks = [];
-        trailingChecksumTransform.on('data', (chunk) => outputChunks.push(Buffer.from(chunk)));
+        trailingChecksumTransform.on('data', chunk => outputChunks.push(Buffer.from(chunk)));
         trailingChecksumTransform.on('finish', () => {
             const data = Buffer.concat(outputChunks).toString();
             assert.strictEqual(data, objDataWithoutTrailingChecksum);
@@ -55,9 +61,10 @@ describe('TrailingChecksumTransform class', () => {
     });
 
     // test all bisection of the input string
-    async.forEach([...Array(objDataWithTrailingChecksum.length).keys()], (i) => {
+    async.forEach([...Array(objDataWithTrailingChecksum.length).keys()], i => {
         it(`should correctly remove checksums, cut at ${i}`, done => {
-            const trailingChecksumTransform = new TrailingChecksumTransform(log, err => {
+            const trailingChecksumTransform = new TrailingChecksumTransform(log);
+            trailingChecksumTransform.on('error', err => {
                 assert.strictEqual(err, null);
             });
             const chunks = [
@@ -67,7 +74,7 @@ describe('TrailingChecksumTransform class', () => {
             const chunkedReader = new ChunkedReader(chunks);
             chunkedReader.pipe(trailingChecksumTransform);
             const outputChunks = [];
-            trailingChecksumTransform.on('data', (chunk) => outputChunks.push(Buffer.from(chunk)));
+            trailingChecksumTransform.on('data', chunk => outputChunks.push(Buffer.from(chunk)));
             trailingChecksumTransform.on('finish', () => {
                 const data = Buffer.concat(outputChunks).toString();
                 assert.strictEqual(data, objDataWithoutTrailingChecksum);
@@ -80,10 +87,11 @@ describe('TrailingChecksumTransform class', () => {
     });
 
     // test all trisection of the input string
-    async.forEach([...Array(objDataWithTrailingChecksum.length - 2).keys()], (i) => {
-        async.forEach([...Array(objDataWithTrailingChecksum.length - i - 2).keys()], (j) => {
+    async.forEach([...Array(objDataWithTrailingChecksum.length - 2).keys()], i => {
+        async.forEach([...Array(objDataWithTrailingChecksum.length - i - 2).keys()], j => {
             it(`should correctly remove checksums, cut at ${i} and ${i + j + 1}`, done => {
-                const trailingChecksumTransform = new TrailingChecksumTransform(log, err => {
+                const trailingChecksumTransform = new TrailingChecksumTransform(log);
+                trailingChecksumTransform.on('error', err => {
                     assert.strictEqual(err, null);
                 });
                 const chunks = [
@@ -94,7 +102,7 @@ describe('TrailingChecksumTransform class', () => {
                 const chunkedReader = new ChunkedReader(chunks);
                 chunkedReader.pipe(trailingChecksumTransform);
                 const outputChunks = [];
-                trailingChecksumTransform.on('data', (chunk) => outputChunks.push(Buffer.from(chunk)));
+                trailingChecksumTransform.on('data', chunk => outputChunks.push(Buffer.from(chunk)));
                 trailingChecksumTransform.on('finish', () => {
                     const data = Buffer.concat(outputChunks).toString();
                     assert.strictEqual(data, objDataWithoutTrailingChecksum);
@@ -108,7 +116,8 @@ describe('TrailingChecksumTransform class', () => {
     });
 
     it('should correctly remove checksums, cut at each individual byte', done => {
-        const trailingChecksumTransform = new TrailingChecksumTransform(log, err => {
+        const trailingChecksumTransform = new TrailingChecksumTransform(log);
+        trailingChecksumTransform.on('error', err => {
             assert.strictEqual(err, null);
         });
         const chunks = [];
@@ -118,7 +127,7 @@ describe('TrailingChecksumTransform class', () => {
         const chunkedReader = new ChunkedReader(chunks);
         chunkedReader.pipe(trailingChecksumTransform);
         const outputChunks = [];
-        trailingChecksumTransform.on('data', (chunk) => outputChunks.push(Buffer.from(chunk)));
+        trailingChecksumTransform.on('data', chunk => outputChunks.push(Buffer.from(chunk)));
         trailingChecksumTransform.on('finish', () => {
             const data = Buffer.concat(outputChunks).toString();
             assert.strictEqual(data, objDataWithoutTrailingChecksum);
@@ -128,4 +137,70 @@ describe('TrailingChecksumTransform class', () => {
             assert.ifError(err);
         });
     });
+
+    it('should return an error if the format does not follow trailing checksum specification', done => {
+        const trailingChecksumTransform = new TrailingChecksumTransform(log);
+        const chunks = [
+            Buffer.from('11\r\n'),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+        ];
+        const chunkedReader = new ChunkedReader(chunks);
+        trailingChecksumTransform.on('error', err => {
+            assert.deepStrictEqual(err, errors.InvalidArgument);
+            trailingChecksumTransform.end();
+        });
+        let bytesWritten = 0;
+        trailingChecksumTransform.on('data', (chunk) => {
+            bytesWritten += chunk.length;
+        });
+        trailingChecksumTransform.on('close', () => {
+            assert.equal(bytesWritten, 17);
+            // 2 is the minimum but it looks like buffering will fetch additional chunks before the error is emitted
+            // as long as we do not read the full input stream, this is fine
+            assert.ok(chunkedReader.getIndex() <= 4);
+            done();
+        });
+        chunkedReader.pipe(trailingChecksumTransform);
+    });
+
+    it('should return early if supplied with an out of specification chunk size', done => {
+        const trailingChecksumTransform = new TrailingChecksumTransform(log);
+        const chunks = [
+            Buffer.from('500000'),
+            Buffer.from('000000\r\n'),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+            Buffer.alloc(1000000),
+        ];
+        const chunkedReader = new ChunkedReader(chunks);
+        trailingChecksumTransform.on('error', err => {
+            assert.deepStrictEqual(err, errors.InvalidArgument);
+            trailingChecksumTransform.end();
+        });
+        let bytesWritten = 0;
+        trailingChecksumTransform.on('data', (chunk) => {
+            bytesWritten += chunk.length;
+        });
+        trailingChecksumTransform.on('close', () => {
+            assert.equal(bytesWritten, 0);
+            // 2 is the minimum but it looks like buffering will fetch additional chunks before the error is emitted
+            // as long as we do not read the full input stream, this is fine
+            assert.ok(chunkedReader.getIndex() <= 4);
+            done();
+        });
+        chunkedReader.pipe(trailingChecksumTransform);
+    });
 });
