fix: throw an error on non-valid base64 strings

viccie30 · web-flow · commit 2b95926d21bf · 2024-12-03T15:50:34.000+09:00
diff --git a/src/joserfc/util.py b/src/joserfc/util.py
@@ -2,6 +2,7 @@
 from typing import Any
 import base64
 import struct
+import binascii
 import json
 
 
@@ -26,8 +27,10 @@ def json_dumps(data: Any, ensure_ascii: bool = False) -> str:
 
 
 def urlsafe_b64decode(s: bytes) -> bytes:
+    if b"+" in s or b"/" in s:
+        raise binascii.Error
     s += b"=" * (-len(s) % 4)
-    return base64.urlsafe_b64decode(s)
+    return base64.b64decode(s, b"-_", validate=True)
 
 
 def urlsafe_b64encode(s: bytes) -> bytes:
diff --git a/tests/test_util.py b/tests/test_util.py
@@ -1,6 +1,6 @@
 from unittest import TestCase
 from joserfc import util
-
+import binascii
 
 class TestUtil(TestCase):
     def test_to_bytes(self):
@@ -22,3 +22,11 @@ def test_int_to_base64(self):
 
     def test_json_b64encode(self):
         self.assertEqual(util.json_b64encode("{}"), b"e30")
+
+    def test_urlsafe_b64decode(self):
+        self.assertEqual(util.urlsafe_b64decode(b'_foo123-'), b'\xfd\xfa(\xd7m\xfe')
+        self.assertRaises(
+            binascii.Error,
+            util.urlsafe_b64decode,
+            b'+foo123/'
+        )
