Project

General

Profile

Actions
Copy link

Bug #13603

closed

SecureRandom.uuid is not valid v4 and/or RFC 4122

Added by kulikov-im (Evgeniy Kulikov) over 7 years ago. Updated over 5 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16]
Backport:
2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN
[ruby-core:81401]

Description

https://www.ietf.org/rfc/rfc4122.txt (#4.4)

(reopen from https://bugs.ruby-lang.org/issues/10093#change-65105)

current test is https://github.com/ruby/ruby/blob/ruby_2_4/test/test_securerandom.rb#L174

def test_uuid
  uuid = @it.uuid
  assert_equal(36, uuid.size)
  assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end

thats not valid

Here Golang example of test-case - https://github.com/satori/go.uuid/blob/master/uuid_test.go#L589

must check:

  • UUID Version
uuid.bytes[6] >> 4 == 4
  • RFC4122
(uuid.bytes[8] & 0xc0) | 0x80 == 0x80

valid test-case is:

def test_uuid
  uuid = @it.uuid

  assert_equal(36, uuid.size)

  # Check UUID Version:
  assert_equal(uuid.bytes[6] >> 4, 4)

  # Check RFC4122
  assert_equal((uuid[8] & 0xc0) | 0x80, 0x80)

  assert_match(/\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/, uuid)
end

This problem has to be from ruby version 1.9.3 to 2.4.1 (current)

Actions
Copy link
 #1 [ruby-core:81405]

Updated by shyouhei (Shyouhei Urabe) over 7 years ago

Is this a matter of our test code, or the actual output of SecureRandom.uuid does not conform the RFC?

Actions
Copy link
 #2 [ruby-core:81419]

Updated by kulikov-im (Evgeniy Kulikov) over 7 years ago

shyouhei (Shyouhei Urabe) wrote:

Is this a matter of our test code, or the actual output of SecureRandom.uuid does not conform the RFC?

test-case from repo (https://github.com/ruby/ruby/blob/ruby_2_4/test/test_securerandom.rb#L174) doesn't check version and specification

i have mistake in my issue (code above), whats need:

Later, I can write example

Now i have some problems with hex-decode in ruby

Actions
Copy link
 #3

Updated by jeremyevans (Jeremy Evans) over 5 years ago

  • Status changed from Open to Closed

Applied in changeset git|5fef46ae0dedaab359f55bc3680f4278eb7da98d.

Test SecureRandom.uuid format

SecureRandom uses v4 UUIDs, which are completely random except for
6 bits, 4 in the version field and 2 in the clk_seq_hi_res field.
Add a test that those bit patterns are set correctly for v4 UUIDs,
per RFC 4122 section 4.4.

Fixes [Bug #13603]

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0