Improve wallet secret import validation.

author Chris Duncan <chris@zoso.dev>

Sat, 2 Aug 2025 20:00:09 +0000 (13:00 -0700)

committer Chris Duncan <chris@zoso.dev>

Sat, 2 Aug 2025 20:00:09 +0000 (13:00 -0700)
author Chris Duncan <chris@zoso.dev>
Sat, 2 Aug 2025 20:00:09 +0000 (13:00 -0700)
committer Chris Duncan <chris@zoso.dev>
Sat, 2 Aug 2025 20:00:09 +0000 (13:00 -0700)
diff --git a/src/lib/wallet.ts b/src/lib/wallet.ts

index 9b971a2889baf5e7f391aab7178d89ce0d05a891..f2e243fe3ad601ca708f108a733b31eeab10ca6f 100644 (file)
--- a/src/lib/wallet.ts
+++ b/src/lib/wallet.ts
@@ -109,11 +109,13 @@ export class Wallet {
                                 type,\r
                                 password: utf8.toBuffer(password)\r
                         }\r
-                       if (/^[A-Fa-f0-9]+$/.test(secret)) {\r
+                       if (/^(?:[A-F0-9]{64}){1,2}$/i.test(secret)) {\r
                                 data.seed = hex.toBuffer(secret)\r
-                       } else {\r
-                               data.mnemonicPhrase = secret\r
+                       } else if (/^([a-z]{3,8} ?){12,24}$/i.test(secret)) {\r
+                               data.mnemonicPhrase = secret.toLowerCase()\r
                                 if (mnemonicSalt != null) data.mnemonicSalt = mnemonicSalt\r
+                       } else {\r
+                               throw new TypeError('Invalid wallet data')\r
                         }\r
                         const result = self.#safe.request<ArrayBuffer>(data)\r
                         const { iv, salt, encrypted } = await result\r
author	Chris Duncan <chris@zoso.dev>
	Sat, 2 Aug 2025 20:00:09 +0000 (13:00 -0700)
committer	Chris Duncan <chris@zoso.dev>
	Sat, 2 Aug 2025 20:00:09 +0000 (13:00 -0700)