From 4c7665f2f930bba855646143684070544044de10 Mon Sep 17 00:00:00 2001 From: Grzegorz Bizon Date: Wed, 28 Nov 2018 12:00:17 +0100 Subject: Pad encryption keys with UTF-8 0 instead of \0 char --- lib/gitlab/utils.rb | 2 +- spec/config/settings_spec.rb | 8 ++++---- spec/lib/gitlab/utils_spec.rb | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/gitlab/utils.rb b/lib/gitlab/utils.rb index 96d2ed88b83..e0e8f598ba4 100644 --- a/lib/gitlab/utils.rb +++ b/lib/gitlab/utils.rb @@ -28,7 +28,7 @@ module Gitlab end end - truncated + ("\0" * (bytes - truncated.bytesize)) + truncated + ('0' * (bytes - truncated.bytesize)) end # Append path to host, making sure there's one single / in between diff --git a/spec/config/settings_spec.rb b/spec/config/settings_spec.rb index f579ecacd3a..c89b5f48dc0 100644 --- a/spec/config/settings_spec.rb +++ b/spec/config/settings_spec.rb @@ -24,7 +24,7 @@ describe Settings do it 'expands db key base secret to 12 bytes' do expect(described_class.attr_encrypted_db_key_base_12) - .to eq(('a' * 10) + ("\0" * 2)) + .to eq(('a' * 10) + ('0' * 2)) end end @@ -53,7 +53,7 @@ describe Settings do end it 'expands db key base secret to 32 bytes' do - expanded_key_base = ('a' * 10) + ("\0" * 22) + expanded_key_base = ('a' * 10) + ('0' * 22) expect(expanded_key_base.bytesize).to eq 32 expect(described_class.attr_encrypted_db_key_base_32) @@ -84,7 +84,7 @@ describe Settings do it 'does not use more than 32 bytes' do db_key_base = described_class.attr_encrypted_db_key_base_32 - expect(db_key_base).to eq '❤❤❤❤❤❤' + ("\0" * 14) + expect(db_key_base).to eq '❤❤❤❤❤❤' + ('0' * 14) expect(db_key_base.bytesize).to eq 32 end end @@ -99,7 +99,7 @@ describe Settings do it 'does not use more than 32 bytes' do db_key_base = described_class.attr_encrypted_db_key_base_32 - expect(db_key_base).to eq(('❤' * 10) + ("\0" * 2)) + expect(db_key_base).to eq(('❤' * 10) + ('0' * 2)) expect(db_key_base.bytesize).to eq 32 end end diff --git a/spec/lib/gitlab/utils_spec.rb b/spec/lib/gitlab/utils_spec.rb index 7bf724bed6b..3579ed9a759 100644 --- a/spec/lib/gitlab/utils_spec.rb +++ b/spec/lib/gitlab/utils_spec.rb @@ -134,7 +134,7 @@ describe Gitlab::Utils do transformed = described_class.ensure_utf8_size('a' * 10, bytes: 32) expect(transformed.bytesize).to eq 32 - expect(transformed).to eq(('a' * 10) + ("\0" * 22)) + expect(transformed).to eq(('a' * 10) + ('0' * 22)) end end @@ -151,7 +151,7 @@ describe Gitlab::Utils do it 'backfills string with null characters' do transformed = described_class.ensure_utf8_size('❤' * 6, bytes: 32) - expect(transformed).to eq '❤❤❤❤❤❤' + ("\0" * 14) + expect(transformed).to eq '❤❤❤❤❤❤' + ('0' * 14) expect(transformed.bytesize).to eq 32 end end @@ -160,7 +160,7 @@ describe Gitlab::Utils do it 'truncates string to 32 characters and backfills it if needed' do transformed = described_class.ensure_utf8_size('❤' * 18, bytes: 32) - expect(transformed).to eq(('❤' * 10) + ("\0" * 2)) + expect(transformed).to eq(('❤' * 10) + ('0' * 2)) expect(transformed.bytesize).to eq 32 end end -- cgit v1.2.1