Improve input validation for wallet secret verification.

author Chris Duncan <chris@zoso.dev>

Sat, 2 Aug 2025 20:04:48 +0000 (13:04 -0700)

committer Chris Duncan <chris@zoso.dev>

Sat, 2 Aug 2025 20:04:48 +0000 (13:04 -0700)
author Chris Duncan <chris@zoso.dev>
Sat, 2 Aug 2025 20:04:48 +0000 (13:04 -0700)
committer Chris Duncan <chris@zoso.dev>
Sat, 2 Aug 2025 20:04:48 +0000 (13:04 -0700)
diff --git a/src/lib/wallet.ts b/src/lib/wallet.ts

index f2e243fe3ad601ca708f108a733b31eeab10ca6f..ec757595b48b037ec2bd35896be1c8275470beaf 100644 (file)
--- a/src/lib/wallet.ts
+++ b/src/lib/wallet.ts
@@ -459,10 +459,12 @@ export class Wallet {
                         const data: NamedData = {\r
                                 action: 'verify'\r
                         }\r
-                       if (/^[A-Fa-f0-9]+$/.test(secret)) {\r
+                       if (/^(?:[A-F0-9]{64}){1,2}$/i.test(secret)) {\r
                                 data.seed = hex.toBuffer(secret)\r
+                       } else if (/^([a-z]{3,8} ?){12,24}$/i.test(secret)) {\r
+                               data.mnemonicPhrase = secret.toLowerCase()\r
                         } else {\r
-                               data.mnemonicPhrase = secret\r
+                               throw new TypeError('Invalid format')\r
                         }\r
                         const result = await this.#safe.request<boolean>(data)\r
                         const { isVerified } = result\r
author	Chris Duncan <chris@zoso.dev>
	Sat, 2 Aug 2025 20:04:48 +0000 (13:04 -0700)
committer	Chris Duncan <chris@zoso.dev>
	Sat, 2 Aug 2025 20:04:48 +0000 (13:04 -0700)