Project

General

Profile

Actions

Bug #10093

closed

SecureRandom.uuid is not valid v4 and/or RFC 4122

Added by kidlab (Man Vuong) over 9 years ago. Updated almost 7 years ago.

Status:
Third Party's Issue
Assignee:
-
Target version:
ruby -v:
ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16]
[ruby-core:64021]

Description

SecureRandom.uuid sometimes generates some value like this:
e7be09bb-e939-43db-9c20-dfad9c27fd3g

And it's not a valid UUID. This problem occurred randomly for me, I don't know how to reproduce :(

Updated by akr (Akira Tanaka) over 9 years ago

Why is it not a valid UUID?

Updated by nobu (Nobuyoshi Nakada) over 9 years ago

'g' at the end?

Updated by kidlab (Man Vuong) over 9 years ago

Ya, it seems that all wrong UUID are ended with 'g', here is another one:
0e6cf5ef-0afd-4854-8130-ac6144ddd70g

Updated by kidlab (Man Vuong) over 9 years ago

Valid UUID should match /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i

Updated by akr (Akira Tanaka) over 9 years ago

  • Status changed from Open to Feedback

I see. "g" is not a valid character for UUID.

However I couldn't reproduce the problem.

I run following script but no problem happened in several days.

% ruby -v -rsecurerandom -e '
STDOUT.sync = true
while true
  uuid = SecureRandom.uuid
  if /\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/ !~ uuid
    p uuid
  end
end'
ruby 2.2.0dev (2014-06-11 trunk 46400) [x86_64-linux]

Can anyone reproduce the problem?

Anyway, the method uses String#% as follows.

"%08x-%04x-%04x-%04x-%04x%08x" % ary

So "g" should not be produced unless String#% has a problem.

Updated by nobu (Nobuyoshi Nakada) over 9 years ago

I suspect it might be generated by String#succ.

Updated by kidlab (Man Vuong) over 9 years ago

hmm, it could be the problem, let me try to figure out.

Updated by kidlab (Man Vuong) over 9 years ago

I just found out the problem, the root cause is because a bug in one of gems I'm using. It does something like this:

"e7be09bb-e939-43db-9c20-dfad9c27fd3f".next

And in result is the invalid UUID with g.

I confirmed this is not related to SecureRandom.uuid.
My bad, I'm very sorry.
Thank you for your time and concern on my inappropriate ticket :P

Updated by kidlab (Man Vuong) over 9 years ago

This ticket should be closed.

Updated by nobu (Nobuyoshi Nakada) over 9 years ago

  • Status changed from Feedback to Third Party's Issue

Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago

  • Subject changed from SecureRandom.uuid is unstable to SecureRandom.uuid is not valid v4 or RFC 4122
  • ruby -v changed from ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0] to ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16]

https://www.ietf.org/rfc/rfc4122.txt (#4.4)

current test is https://github.com/ruby/ruby/blob/ruby_2_4/test/test_securerandom.rb#L174

def test_uuid
  uuid = @it.uuid
  assert_equal(36, uuid.size)
  assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end

thats not valid

Here Golang example of test-case - https://github.com/satori/go.uuid/blob/master/uuid_test.go#L589

must check:

  • UUID Version
uuid.bytes[6] >> 4 == 4
  • RFC4122
(uuid.bytes[8] & 0xc0) | 0x80 == 0x80

valid test-case is:

def test_uuid
  uuid = @it.uuid

  assert_equal(36, uuid.size)

  # Check UUID Version:
  assert_equal(uuid.bytes[6] >> 4, 4)

  # Check RFC4122
  assert_equal((uuid[8] & 0xc0) | 0x80, 0x80)

  assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end
Actions #12

Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago

  • Subject changed from SecureRandom.uuid is not valid v4 or RFC 4122 to SecureRandom.uuid is not valid v4 and/or RFC 4122

Updated by usa (Usaku NAKAMURA) almost 7 years ago

Please do not reuse past tickets.

Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago

usa (Usaku NAKAMURA) wrote:

Please do not reuse past tickets.

Open new issue https://bugs.ruby-lang.org/issues/13603

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0