taskcluster | CI for Engineers | Continous Integration library
kandi X-RAY | taskcluster Summary
kandi X-RAY | taskcluster Summary
CI for Engineers
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of taskcluster
taskcluster Key Features
taskcluster Examples and Code Snippets
Community Discussions
Trending Discussions on taskcluster
QUESTION
I am using slugId which is a node.js module for converting from UUID to base64 URL friendly text and vice-versa. (see: https://github.com/taskcluster/slugid) As one of our QAs was executing tests he found the following which I am unable to explain:
The slugs: aOSL2RT_Rhy-xNuoe3j7ag
and aOSL2RT_Rhy-xNuoe3j7ah
generate the same UUID: d2369f6c-1eea-4518-a641-33d6c2dc0493
.
This is also applicable to more slugs. Example:
0jafbB7qRRimQTPWwtwEkw
, 0jafbB7qRRimQTPWwtwEkx
. (Both of them translate to UUID: d2369f6c-1eea-4518-a641-33d6c2dc0493
)
The decode and decode functions of slugId look sound but I am unable to explain the above behaviour.
...ANSWER
Answered 2019-Feb-11 at 22:38A "slugId" is 22 characters. Each character is base64, i.e. representing 6 bits, which means they have a total of 22×6=132 bits. However, UUIDs have only 128 bits; the last 4 bits of the slugId are discarded in the conversion, so there are 16 slugId values that map to each UUID value.
This means you need to sanitize all slugId values on input, e.g. by rejecting any value with one (or more) of those last 4 bits set. Presumably you are already validating them in other ways (e.g. too long, too short, invalid chars, etc.) so this is just one more minor test to be added to the list.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install taskcluster
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page