search

brendanashworth / generate-password

NodeJS library for generating cryptographically-secure passwords.
MIT License
354 stars 67 forks source link

[Bug] infinite loop when excluding all symbols and strictly requiring symbols #48

Open dillonstreator opened 4 years ago

dillonstreator commented 4 years ago

generate-password v1.5.1 currently has a bug which results in a max callstack size exceeded

The bug occurs when strictly requiring and then excluding those characters.

i.e.

import generator from 'generate-password';

generator.generate({
  strict: true,
  numbers: true,
  exclude: "1234567890",
});

Could we instead throw an error if the configuration is not possible?

nemethyd commented 3 years ago

The same error happens with the following options: { length: 6, numbers: true, strict: true, symbols: true, exclude: '' }

khause commented 2 years ago

I also got Maximum call stack size exceeded with the following configuration: 

const symbols = '$*.[]{}()?\\-"!@#%&/\\,><^\':;|_~`+=';

{
  length: 32,
  lowercase: true,
  numbers: true,
  strict: true,
  symbols,
  uppercase: true,
}

I fixed it by escaping ] to be \\] so the full string of symbols will be:

$*.[\\]{}()?\\-"!@#%&/\\,><^\':;|_~\`+=

It seems like any misconfiguration throws this error.

nemethyd commented 2 years ago

Thanks:

From: Kingsley Hause @.> Sent: Wednesday, March 2, 2022 7:54 PM To: brendanashworth/generate-password @.> Cc: Dániel Némethy @.>; Comment @.> Subject: Re: [brendanashworth/generate-password] [Bug] infinite loop when excluding all symbols and strictly requiring symbols (#48)

I also got Maximum call stack size exceeded with the following configuration:

const symbols = '$*.[]{}()?\-"!@#%&/\,><^\':;|_~`+=';

{

length: 32,

lowercase: true,

numbers: true,

strict: true,

symbols,

uppercase: true,

}

I fixed it by escaping ] to be \] so the full string of symbols will be:

$*.[\]{}()?\-"!@#%&/\,><^\':;|_~`+=

It seems like any misconfiguration throws this error.

— Reply to this email directly, view it on GitHubhttps://github.com/brendanashworth/generate-password/issues/48#issuecomment-1057269720, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADDDYKCVLNLNCQQQQMOHBEDU562LNANCNFSM4OR4AOGQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you commented.Message ID: @.**@.>>