Bug #10093
closed
SecureRandom.uuid is not valid v4 and/or RFC 4122
Description
SecureRandom.uuid sometimes generates some value like this:
e7be09bb-e939-43db-9c20-dfad9c27fd3g
And it's not a valid UUID. This problem occurred randomly for me, I don't know how to reproduce :(
Updated by akr (Akira Tanaka) almost 10 years ago
Why is it not a valid UUID?
Updated by nobu (Nobuyoshi Nakada) almost 10 years ago
'g' at the end?
Updated by kidlab (Man Vuong) almost 10 years ago
Ya, it seems that all wrong UUID are ended with 'g', here is another one:
0e6cf5ef-0afd-4854-8130-ac6144ddd70g
Updated by kidlab (Man Vuong) almost 10 years ago
Valid UUID should match /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i
Updated by akr (Akira Tanaka) almost 10 years ago
- Status changed from Open to Feedback
I see. "g" is not a valid character for UUID.
However I couldn't reproduce the problem.
I run following script but no problem happened in several days.
% ruby -v -rsecurerandom -e '
STDOUT.sync = true
while true
uuid = SecureRandom.uuid
if /\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/ !~ uuid
p uuid
end
end'
ruby 2.2.0dev (2014-06-11 trunk 46400) [x86_64-linux]
Can anyone reproduce the problem?
Anyway, the method uses String#% as follows.
"%08x-%04x-%04x-%04x-%04x%08x" % ary
So "g" should not be produced unless String#% has a problem.
Updated by nobu (Nobuyoshi Nakada) almost 10 years ago
I suspect it might be generated by String#succ.
Updated by kidlab (Man Vuong) almost 10 years ago
hmm, it could be the problem, let me try to figure out.
Updated by kidlab (Man Vuong) almost 10 years ago
I just found out the problem, the root cause is because a bug in one of gems I'm using. It does something like this:
"e7be09bb-e939-43db-9c20-dfad9c27fd3f".next
And in result is the invalid UUID with g.
I confirmed this is not related to SecureRandom.uuid.
My bad, I'm very sorry.
Thank you for your time and concern on my inappropriate ticket :P
Updated by kidlab (Man Vuong) almost 10 years ago
This ticket should be closed.
Updated by nobu (Nobuyoshi Nakada) almost 10 years ago
- Status changed from Feedback to Third Party's Issue
Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago
- Subject changed from SecureRandom.uuid is unstable to SecureRandom.uuid is not valid v4 or RFC 4122
- ruby -v changed from ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0] to ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16]
https://www.ietf.org/rfc/rfc4122.txt (#4.4)
current test is https://github.com/ruby/ruby/blob/ruby_2_4/test/test_securerandom.rb#L174
def test_uuid
uuid = @it.uuid
assert_equal(36, uuid.size)
assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end
thats not valid
Here Golang example of test-case - https://github.com/satori/go.uuid/blob/master/uuid_test.go#L589
must check:
- UUID Version
uuid.bytes[6] >> 4 == 4
- RFC4122
(uuid.bytes[8] & 0xc0) | 0x80 == 0x80
valid test-case is:
def test_uuid
uuid = @it.uuid
assert_equal(36, uuid.size)
# Check UUID Version:
assert_equal(uuid.bytes[6] >> 4, 4)
# Check RFC4122
assert_equal((uuid[8] & 0xc0) | 0x80, 0x80)
assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end
Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago
- Subject changed from SecureRandom.uuid is not valid v4 or RFC 4122 to SecureRandom.uuid is not valid v4 and/or RFC 4122
Updated by usa (Usaku NAKAMURA) almost 7 years ago
Please do not reuse past tickets.
Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago
usa (Usaku NAKAMURA) wrote:
Please do not reuse past tickets.
Open new issue https://bugs.ruby-lang.org/issues/13603