From: Chris Duncan <chris@zoso.dev>
Date: Sat, 2 Aug 2025 20:04:48 +0000 (-0700)
Subject: Improve input validation for wallet secret verification.
X-Git-Tag: v0.10.5~47^2~4
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=f6c95a7a83d7148217cda42f515b1544c2e5389a;p=libnemo.git

Improve input validation for wallet secret verification.
---

diff --git a/src/lib/wallet.ts b/src/lib/wallet.ts
index f2e243f..ec75759 100644
--- a/src/lib/wallet.ts
+++ b/src/lib/wallet.ts
@@ -459,10 +459,12 @@ export class Wallet {
 			const data: NamedData = {
 				action: 'verify'
 			}
-			if (/^[A-Fa-f0-9]+$/.test(secret)) {
+			if (/^(?:[A-F0-9]{64}){1,2}$/i.test(secret)) {
 				data.seed = hex.toBuffer(secret)
+			} else if (/^([a-z]{3,8} ?){12,24}$/i.test(secret)) {
+				data.mnemonicPhrase = secret.toLowerCase()
 			} else {
-				data.mnemonicPhrase = secret
+				throw new TypeError('Invalid format')
 			}
 			const result = await this.#safe.request<boolean>(data)
 			const { isVerified } = result