Skip to content

fix(rand): return errors for invalid random string inputs#360

Open
hazelmayank wants to merge 1 commit into
microcks:masterfrom
hazelmayank:fix/rand-invalid-input-errors
Open

fix(rand): return errors for invalid random string inputs#360
hazelmayank wants to merge 1 commit into
microcks:masterfrom
hazelmayank:fix/rand-invalid-input-errors

Conversation

@hazelmayank
Copy link
Copy Markdown
Contributor

@hazelmayank hazelmayank commented May 10, 2026
edited
Loading

Summary

This PR fixes two panic cases in pkg/util/rand. The helpers String and StringFromCharset both declare (string, error) returns, but two invalid inputs caused the process to panic instead of returning an error:

  • StringFromCharset(1, "") panicked because crypto/rand.Int was called with max = 0.
  • String(-1) panicked because make([]byte, -1) rejected the negative length.

This PR adds input validation before allocation and random-index generation, so invalid inputs now return descriptive errors instead of crashing the host process.

Why

  • Both functions already declare an error return; the panic paths were unreachable for callers who expected to handle them as errors.
  • The SSO PKCE flow in cmd/login.go is the only current caller and is unaffected, because it always passes positive n and a non-empty charset.
  • Adds the first unit tests to a package that previously had no test coverage.

What changed

  • Added two guard clauses at the top of StringFromCharset:
    • n < 0 returns "rand: requested length %d is negative".
    • n > 0 with len(charset) == 0 returns "rand: cannot generate %d-character string from empty charset".
  • n == 0 continues to return ("", nil) regardless of charset, preserving the existing no-op behavior.
  • Updated the doc comment on StringFromCharset to spell out the new error contract.
  • Added pkg/util/rand/rand_test.go with table-driven cases for both valid and invalid inputs. No statistical or distribution assertions — only deterministic length and charset-membership checks.

Behavior preserved for valid inputs

String(0)                     ->  "", nil
String(n)                     ->  string of length n, nil
StringFromCharset(0, "")      ->  "", nil
StringFromCharset(0, "abc")   ->  "", nil
StringFromCharset(10, "abc")  ->  10-character string using only a/b/c, nil

Public signatures are unchanged.

Test plan

  • gofmt -l pkg/util/rand/rand.go pkg/util/rand/rand_test.go — no output
  • git diff --check -- pkg/util/rand/rand.go pkg/util/rand/rand_test.go — clean
  • go test -v ./pkg/util/rand/... — all cases pass
  • go vet ./... — clean
  • go test ./... — full sweep passes
  • make build-local — builds successfully

Files changed

  • pkg/util/rand/rand.go — two guard clauses + expanded doc comment.
  • pkg/util/rand/rand_test.go — new file; first tests in this package.

Notes

  • I did not include go test -cover because my local Go toolchain reports go: no such tool "covdata". The PR is scoped only to pkg/util/rand and its tests, so the missing coverage report does not affect the change itself; CI will produce a coverage report on its own toolchain if the project requires one.
  • No production-code callers needed to change.
  • No new dependencies.

Fixes #359

@hazelmayank
fix(rand): return errors for invalid random string inputs
5fc3e13 
Signed-off-by: hazelmayank <mayankjeefinal@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lbroudoux lbroudoux Awaiting requested review from lbroudoux lbroudoux is a code owner

@yada yada Awaiting requested review from yada yada is a code owner

@Harsh4902 Harsh4902 Awaiting requested review from Harsh4902 Harsh4902 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

pkg/util/rand helpers panic on invalid input instead of returning errors

1 participant

@hazelmayank