refactor(crypto): validate max random bytes in Rust (#10857)

Cargo.lock

@@ -644,6 +644,7 @@ name = "deno_crypto"
 version = "0.21.1"
 dependencies = [
  "deno_core",
+ "deno_web",
  "rand 0.8.3",
  "uuid",
 ]
@@ -823,6 +824,7 @@ name = "deno_webstorage"
 version = "0.2.1"
 dependencies = [
  "deno_core",
+ "deno_web",
  "rusqlite",
  "serde",
 ]

extensions/crypto/01_crypto.js

@@ -26,18 +26,12 @@
         "TypeMismatchError",
       );
     }
-    if (arrayBufferView.byteLength > 65536) {
-      throw new DOMException(
-        `The ArrayBufferView's byte length (${arrayBufferView.byteLength}) exceeds the number of bytes of entropy available via this API (65536)`,
-        "QuotaExceededError",
-      );
-    }
     const ui8 = new Uint8Array(
       arrayBufferView.buffer,
       arrayBufferView.byteOffset,
       arrayBufferView.byteLength,
     );
-    core.opSync("op_crypto_get_random_values", null, ui8);
+    core.opSync("op_crypto_get_random_values", ui8);
     return arrayBufferView;
   }
 

extensions/crypto/Cargo.toml

@@ -15,5 +15,6 @@ path = "lib.rs"
 
 [dependencies]
 deno_core = { version = "0.88.1", path = "../../core" }
+deno_web = { version = "0.38.1", path = "../web" }
 rand = "0.8.3"
 uuid = { version = "0.8.2", features = ["v4"] }

extensions/crypto/lib.rs

@@ -1,6 +1,5 @@
 // Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.
 
-use deno_core::error::null_opbuf;
 use deno_core::error::AnyError;
 use deno_core::include_js_files;
 use deno_core::op_sync;
@@ -39,10 +38,16 @@ pub fn init(maybe_seed: Option<u64>) -> Extension {
 
 pub fn op_crypto_get_random_values(
   state: &mut OpState,
-  _args: (),
-  zero_copy: Option<ZeroCopyBuf>,
+  mut zero_copy: ZeroCopyBuf,
+  _: (),
 ) -> Result<(), AnyError> {
-  let mut zero_copy = zero_copy.ok_or_else(null_opbuf)?;
+  if zero_copy.len() > 65536 {
+    return Err(
+      deno_web::DomExceptionQuotaExceededError::new(&format!("The ArrayBufferView's byte length ({}) exceeds the number of bytes of entropy available via this API (65536)", zero_copy.len()))
+        .into(),
+    );
+  }
+
   let maybe_seeded_rng = state.try_borrow_mut::<StdRng>();
   if let Some(seeded_rng) = maybe_seeded_rng {
     seeded_rng.fill(&mut *zero_copy);
@@ -56,8 +61,8 @@ pub fn op_crypto_get_random_values(
 
 pub fn op_crypto_random_uuid(
   state: &mut OpState,
-  _args: (),
-  _zero_copy: (),
+  _: (),
+  _: (),
 ) -> Result<String, AnyError> {
   let maybe_seeded_rng = state.try_borrow_mut::<StdRng>();
   let uuid = if let Some(seeded_rng) = maybe_seeded_rng {

extensions/web/lib.rs

@@ -1,7 +1,9 @@
 // Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.
 
+use deno_core::error::AnyError;
 use deno_core::include_js_files;
 use deno_core::Extension;
+use std::fmt;
 use std::path::PathBuf;
 
 /// Load and execute the javascript code.
@@ -24,3 +26,31 @@ pub fn init() -> Extension {
 pub fn get_declaration() -> PathBuf {
   PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("lib.deno_web.d.ts")
 }
+
+#[derive(Debug)]
+pub struct DomExceptionQuotaExceededError {
+  pub msg: String,
+}
+
+impl DomExceptionQuotaExceededError {
+  pub fn new(msg: &str) -> Self {
+    DomExceptionQuotaExceededError {
+      msg: msg.to_string(),
+    }
+  }
+}
+
+impl fmt::Display for DomExceptionQuotaExceededError {
+  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+    f.pad(&self.msg)
+  }
+}
+
+impl std::error::Error for DomExceptionQuotaExceededError {}
+
+pub fn get_quota_exceeded_error_class_name(
+  e: &AnyError,
+) -> Option<&'static str> {
+  e.downcast_ref::<DomExceptionQuotaExceededError>()
+    .map(|_| "DOMExceptionQuotaExceededError")
+}

extensions/webstorage/Cargo.toml

@@ -15,5 +15,6 @@ path = "lib.rs"
 
 [dependencies]
 deno_core = { version = "0.88.1", path = "../../core" }
+deno_web = { version = "0.38.1", path = "../web" }
 rusqlite = { version = "0.25.3", features = ["unlock_notify", "bundled"] }
 serde = { version = "1.0.125", features = ["derive"] }

extensions/webstorage/lib.rs

@@ -138,8 +138,10 @@ pub fn op_webstorage_set(
 
   if size >= 5000000 {
     return Err(
-      DomExceptionQuotaExceededError::new("Exceeded maximum storage size")
-        .into(),
+      deno_web::DomExceptionQuotaExceededError::new(
+        "Exceeded maximum storage size",
+      )
+      .into(),
     );
   }
 
@@ -212,34 +214,6 @@ pub fn op_webstorage_iterate_keys(
   Ok(keys)
 }
 
-#[derive(Debug)]
-pub struct DomExceptionQuotaExceededError {
-  pub msg: String,
-}
-
-impl DomExceptionQuotaExceededError {
-  pub fn new(msg: &str) -> Self {
-    DomExceptionQuotaExceededError {
-      msg: msg.to_string(),
-    }
-  }
-}
-
-impl fmt::Display for DomExceptionQuotaExceededError {
-  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-    f.pad(&self.msg)
-  }
-}
-
-impl std::error::Error for DomExceptionQuotaExceededError {}
-
-pub fn get_quota_exceeded_error_class_name(
-  e: &AnyError,
-) -> Option<&'static str> {
-  e.downcast_ref::<DomExceptionQuotaExceededError>()
-    .map(|_| "DOMExceptionQuotaExceededError")
-}
-
 #[derive(Debug)]
 pub struct DomExceptionNotSupportedError {
   pub msg: String,

runtime/errors.rs

@@ -157,7 +157,7 @@ fn get_nix_error_class(error: &nix::Error) -> &'static str {
 pub fn get_error_class_name(e: &AnyError) -> Option<&'static str> {
   deno_core::error::get_custom_error_class(e)
     .or_else(|| deno_webgpu::error::get_error_class_name(e))
-    .or_else(|| deno_webstorage::get_quota_exceeded_error_class_name(e))
+    .or_else(|| deno_web::get_quota_exceeded_error_class_name(e))
     .or_else(|| deno_webstorage::get_not_supported_error_class_name(e))
     .or_else(|| {
       e.downcast_ref::<dlopen::Error>()