Merge pull request rails#51846 from simi/base64-standard-error

rafaelfranca · web-flow · commit ad41f711ced5 · 2024-05-24T16:00:43.000-04:00
Catch StandardError during Base64 decoding in message encryptor.
diff --git a/activesupport/lib/active_support/messages/codec.rb b/activesupport/lib/active_support/messages/codec.rb
@@ -28,7 +28,7 @@ def encode(data, url_safe: @url_safe)
 
         def decode(encoded, url_safe: @url_safe)
           url_safe ? ::Base64.urlsafe_decode64(encoded) : ::Base64.strict_decode64(encoded)
-        rescue ArgumentError => error
+        rescue StandardError => error
           throw :invalid_message_format, error
         end
 
diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb
@@ -157,6 +157,10 @@ def test_inspect_does_not_show_secrets
     assert_match(/\A#<ActiveSupport::MessageEncryptor:0x[0-9a-f]+>\z/, encryptor.inspect)
   end
 
+  def test_invalid_base64_argument
+    assert_not_decrypted("jrcc<!--esi-->rkls<!--esx-->tyx9")
+  end
+
   private
     def make_codec(**options)
       ActiveSupport::MessageEncryptor.new(@secret, **options)
