[jira] [Updated] (CODEC-328) Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String)

Sun, 18 May 2025 08:54:27 -0700 


     [ 
https://issues.apache.org/jira/browse/CODEC-328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gary D. Gregory updated CODEC-328:
----------------------------------
    Affects Version/s: 1.7

> Clarify Javadoc for 
> org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String)
> ----------------------------------------------------------------------------------
>
>                 Key: CODEC-328
>                 URL: https://issues.apache.org/jira/browse/CODEC-328
>             Project: Commons Codec
>          Issue Type: Bug
>    Affects Versions: 1.7
>         Environment: JDK 8, MacOS
>            Reporter: Dianshu Liao
>            Priority: Major
>             Fix For: 1.19.0
>
>         Attachments: image-2025-05-19-00-29-39-753.png
>
>
> h1. Problem
> In the method "public static String crypt(final byte[] original, String 
> salt)", the "salt" parameter is documented as: "a two character string drawn 
> from [a-zA-Z0-9./]."
> However, when a longer string (e.g., "invalidSalt") is passed as the salt 
> argument, no IllegalArgumentException is thrown, despite it violating the 
> documented constraint.
> This behavior suggests that the internal pattern used to validate the 
> salt—presumably CRYPT_SALT_PATTERN—does not correctly enforce the length 
> restriction.
>  
>  
> h1. Test Case
>  
> package org.apache.commons.codec.digest;
> import org.apache.commons.codec.digest.UnixCrypt;
> import org.junit.Test;
> import static org.junit.Assert.*;
> public class digest_UnixCrypt_crypt_byte_____String_cfg_path_2_Test {
>     @Test(timeout = 4000)
>     public void testCryptWithInvalidSalt() {
>         byte[] original = new byte[] \{ 65, 66, 67, 68 }; // Example original 
> byte array
>         String invalidSalt = "invalidSalt"; // Invalid salt
>         try {
>             UnixCrypt.crypt(original, invalidSalt);
>             fail("Expected IllegalArgumentException for invalid salt.");
>         } catch (IllegalArgumentException e) {
>             assertEquals("Invalid salt value: " + invalidSalt, 
> e.getMessage());
>         }
>     }
> }
>  
> h2. Expected Result:
> The method should throw an IllegalArgumentException.
>  
> h2. Actual Result:
> java.lang.AssertionError: Expected IllegalArgumentException for invalid salt.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to