dick
06/23/2022, 4:20 PMfoundeo
foundeo
dick
06/23/2022, 4:25 PMlucee.runtime.exp.NativeException: invalid hexadecimal String
at lucee.runtime.coder.HexCoder.decode(HexCoder.java:62)
at lucee.runtime.coder.Coder.decode(Coder.java:61)
at lucee.runtime.coder.Coder.decode(Coder.java:47)
at lucee.runtime.crypt.Cryptor.decrypt(Cryptor.java:194)
at lucee.runtime.functions.other.Decrypt.invoke(Decrypt.java:66)
at lucee.runtime.functions.other.Decrypt.call(Decrypt.java:45)
at cfc.utils.security_cfc$cf$w.udfCall(/cfc/utils/security.cfc:25)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:106)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:344)
at lucee.runtime.type.UDFImpl.call(UDFImpl.java:217)
foundeo
foundeo
cfc.utils.security_cfc$cf$w.udfCall(/cfc/utils/security.cfc:25)
foundeo
foundeo
dick
06/23/2022, 4:28 PMdecrypt(trim(ucase(_arguments_.inputString)), eKey, "AES","hex")
So I guess somewhere else in the stacktrace it'll explain more?foundeo
foundeo
ExceptionType: message
foundeo
invalid hexadecimal String
foundeo
foundeo
foundeo
foundeo
dick
06/23/2022, 4:31 PMfoundeo
dick
06/23/2022, 4:32 PMfoundeo
lucee.runtime.coder.HexCoder.decode(HexCoder.java:62)
foundeo
foundeo
dick
06/23/2022, 4:33 PMfoundeo
foundeo
dick
06/23/2022, 4:34 PMfoundeo
foundeo
foundeo
foundeo
foundeo
dick
06/23/2022, 4:37 PMfoundeo
foundeo
if ((hexa.length() % 2) != 0) {
throw new CoderException("invalid hexadecimal String");
}
dick
06/23/2022, 4:38 PMfoundeo
dick
06/23/2022, 4:39 PMfoundeo
foundeo
dick
06/23/2022, 4:40 PMfoundeo
dick
06/23/2022, 4:40 PMdick
06/23/2022, 4:43 PMinvalid hexadecimal String
happy to share the whole ST to seed your blog article if that helps?foundeo
dick
06/23/2022, 4:44 PMdick
06/23/2022, 4:45 PMdick
06/23/2022, 4:47 PMgavinbaumanis
06/24/2022, 2:12 AMinvalid hexadecimal String
It also shows that the error message "could be a little better, too".
Because it is (in this case) specifically checking for a even length input - the error message could include why it is invalid. "_*Invalid hexadecimal string, arguments.inputstring must be an even number of characters*_"
But even without the more verbose error message - it tells "me" everything I need to know. "The hex string is invalid"
So "I" would be checking the string that I am providing to the function.
And I normally do this by inserting a "log" statement, (just above the offending code) to check what I am passing into the decrypt() function.
writeLog(type="Information", file="securityError", text="Arguments to decrypt are: #serializeJSON(arguments)#");
Just in case you don't know, the above line will insert some information into a file called securityError.log, (the .log extension is auto-magically added for you) you will find it in the same directory as all the other Lucee log files. (the location of the log files directory is dependent on your specific installation type and configuration of Lucee.
Anyway...
It will insert a line(s) with;
• The timestamp of when you ran the writelog command
• A log "type" or "importance marker" of Information
◦ You can use Information, Warning, Error or Fatal
• And finally the text you provided to the text argument.
The writeLog() function only does simple text - so unlike dump() / writeDump() you cannot give it a complex type. So "I" convert everything that can't be displayed as a simple string into a JSON object via serializeJSON(). It will maintain the structure / nesting of what you give it - by converting it to JSON - which is a plain text string that writeLog() can deal with.
And finally with viewing the contents of my securityError.log I would be able to see all the arguments that I have passed into the decrypt() function.
However, this does mean that you need to know what makes a string valid / invalid hex, too... and if you don't Mr.Google can help - or your friendly neighbourhood CFML slack forum!
There are lots of places in Adobe CF and Lucee - where the error message could be a little better. Especially for people that are new to the language (CFML) or programming in general. Both organisations will happily (eagerly, even) accept suggestions that help their users.
And for Lucee, at least, being open-source - will with open arms accept a git pull request for a change.
(I am not a Lucee committer at all - so I have no idea if I what I propose will be accepted, verbatim, or not... but I have had a stab at creating a PR for this specific error message enhancement.)
Best of luck - and keep asking questions!
Gavin.dick
06/27/2022, 8:58 PMdecrypt()
rather than in the BIF itself. Thanks for the lesson.