Bug #10093
closed
SecureRandom.uuid is not valid v4 and/or RFC 4122
Added by kidlab (Man Vuong) over 9 years ago. Updated almost 7 years ago.
Description
SecureRandom.uuid sometimes generates some value like this:
e7be09bb-e939-43db-9c20-dfad9c27fd3g
And it's not a valid UUID. This problem occurred randomly for me, I don't know how to reproduce :(
Updated by akr (Akira Tanaka) over 9 years ago
Why is it not a valid UUID?
Updated by nobu (Nobuyoshi Nakada) over 9 years ago
'g' at the end?
Updated by kidlab (Man Vuong) over 9 years ago
Ya, it seems that all wrong UUID are ended with 'g', here is another one:
0e6cf5ef-0afd-4854-8130-ac6144ddd70g
Updated by kidlab (Man Vuong) over 9 years ago
Valid UUID should match /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i
Updated by akr (Akira Tanaka) over 9 years ago
- Status changed from Open to Feedback
I see. "g" is not a valid character for UUID.
However I couldn't reproduce the problem.
I run following script but no problem happened in several days.
% ruby -v -rsecurerandom -e '
STDOUT.sync = true
while true
uuid = SecureRandom.uuid
if /\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/ !~ uuid
p uuid
end
end'
ruby 2.2.0dev (2014-06-11 trunk 46400) [x86_64-linux]
Can anyone reproduce the problem?
Anyway, the method uses String#% as follows.
"%08x-%04x-%04x-%04x-%04x%08x" % ary
So "g" should not be produced unless String#% has a problem.
Updated by nobu (Nobuyoshi Nakada) over 9 years ago
I suspect it might be generated by String#succ.
Updated by kidlab (Man Vuong) over 9 years ago
hmm, it could be the problem, let me try to figure out.
Updated by kidlab (Man Vuong) over 9 years ago
I just found out the problem, the root cause is because a bug in one of gems I'm using. It does something like this:
"e7be09bb-e939-43db-9c20-dfad9c27fd3f".next
And in result is the invalid UUID with g.
I confirmed this is not related to SecureRandom.uuid.
My bad, I'm very sorry.
Thank you for your time and concern on my inappropriate ticket :P
Updated by kidlab (Man Vuong) over 9 years ago
This ticket should be closed.
Updated by nobu (Nobuyoshi Nakada) over 9 years ago
- Status changed from Feedback to Third Party's Issue
Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago
- Subject changed from SecureRandom.uuid is unstable to SecureRandom.uuid is not valid v4 or RFC 4122
- ruby -v changed from ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0] to ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16]
https://www.ietf.org/rfc/rfc4122.txt (#4.4)
current test is https://github.com/ruby/ruby/blob/ruby_2_4/test/test_securerandom.rb#L174
def test_uuid
uuid = @it.uuid
assert_equal(36, uuid.size)
assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end
thats not valid
Here Golang example of test-case - https://github.com/satori/go.uuid/blob/master/uuid_test.go#L589
must check:
- UUID Version
uuid.bytes[6] >> 4 == 4
- RFC4122
(uuid.bytes[8] & 0xc0) | 0x80 == 0x80
valid test-case is:
def test_uuid
uuid = @it.uuid
assert_equal(36, uuid.size)
# Check UUID Version:
assert_equal(uuid.bytes[6] >> 4, 4)
# Check RFC4122
assert_equal((uuid[8] & 0xc0) | 0x80, 0x80)
assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end
Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago
- Subject changed from SecureRandom.uuid is not valid v4 or RFC 4122 to SecureRandom.uuid is not valid v4 and/or RFC 4122
Updated by usa (Usaku NAKAMURA) almost 7 years ago
Please do not reuse past tickets.
Updated by kulikov-im (Evgeniy Kulikov) almost 7 years ago
usa (Usaku NAKAMURA) wrote:
Please do not reuse past tickets.
Open new issue https://bugs.ruby-lang.org/issues/13603