Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in >=4.3.0 when setPermitEmpty option is used. #93

Closed
stevenmaguire opened this issue Aug 9, 2023 · 5 comments
Closed

Error in >=4.3.0 when setPermitEmpty option is used. #93

stevenmaguire opened this issue Aug 9, 2023 · 5 comments

Comments

@stevenmaguire
Copy link

Version 4.3.0 introduced some new logic using the is_scalar method. It appears the new logic is meant to enforce some constraints on the value. Unfortunately, when the setPermitEmpty functionality it is possible for the value of $row[$field] to be null. Because is_scalar(null) evaluates to false, this new logic is being engaged when perhaps it shouldn't be.

ciphersweet/src/EncryptedRow.php

Lines 532 to 534 in ccb2e1d

if (!is_scalar($row[$field])) {
throw new TypeError('Invalid type for ' . $field);
}

CleanShot 2023-08-09 at 12 45 32@2x

Perhaps this was an oversight?
@paragonie-security
Copy link
Contributor

Check v4.5.0 which fixed this error.

@stevenmaguire
Copy link
Author

I had read that version 4.5.0 addressed this issue, however it was still present when targeting that specific version. When digging deeper, it appears that the issue was ultimately coming from a framework specific behavior that changed the incoming fields in the encrypted row, which was then triggering this error. Thanks for following up.

@yormy
Copy link

yormy commented Oct 26, 2023

I too can confirm that this is still an issue in 4.5.0

According to php docs:
is_scalar() does not consider NULL to be scalar.

@yormy yormy mentioned this issue Oct 26, 2023
Closed
@paragonie-security
Copy link
Contributor

paragonie-security commented Oct 28, 2023
edited
Loading

According to php docs: is_scalar() does not consider NULL to be scalar.

This is a red herring.

ciphersweet/src/EncryptedRow.php

Lines 613 to 631 in 575dda1

// Support nullable types
if (in_array($type, Constants::TYPES_OPTIONAL, true)) {
if (is_null($row[$field])) {
continue;
}
}
// Boolean always supported NULL as a value to encrypt
if (in_array($type, Constants::TYPES_BOOLEAN, true) && is_null($row[$field])) {
$plaintext = $this->convertToString($row[$field], Constants::TYPE_BOOLEAN);
$return[$field] = $backend->encrypt($plaintext, $key, $aad);
continue;
}
// All others must be scalar
if (!is_scalar($row[$field])) {
// NULL is not permitted.
throw new TypeError('Invalid type for ' . $field);
}

Look again:

ciphersweet/src/EncryptedRow.php

Lines 613 to 618 in 575dda1

// Support nullable types
if (in_array($type, Constants::TYPES_OPTIONAL, true)) {
if (is_null($row[$field])) {
continue;
}
}

You need to declare your types optional. This is a new feature. See #92

@paragonie-security
Copy link
Contributor

I've released v4.5.1 which adds a more helpful exception message when NULL is encountered but the support for NULL is not declared in configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stevenmaguire @paragonie-security @yormy