From 158cac66d6c26fc2d39418e3864d7d4ae043a3c2 Mon Sep 17 00:00:00 2001
From: Nico <freezystem@gmail.com>
Date: Mon, 13 Feb 2023 16:43:47 +0100
Subject: [PATCH 1/3] Prevent casting null or undefined field value

In `binaryToString` function (line 67), return the _falsy_ (e.g: `null` or `undefined`) value instead of trying to cast it to string.

Optional modifications:
- in `hex2buffer` function (line 24), check for _falsy_ `hex` before trying to cast it to a `Buffer`.
- in `binary2hex` function (line 37), check for _falsy_ `buf` before trying to generate hexadecimal string from it.

related to https://github.com/Automattic/mongoose/discussions/13025
---
 lib/schema/uuid.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/schema/uuid.js b/lib/schema/uuid.js
index b621fa942d8..ec1461d8f60 100644
--- a/lib/schema/uuid.js
+++ b/lib/schema/uuid.js
@@ -23,7 +23,7 @@ const Binary = MongooseBuffer.Binary;
 
 function hex2buffer(hex) {
   // use buffer built-in function to convert from hex-string to buffer
-  const buff = Buffer.from(hex, 'hex');
+  const buff = hex && Buffer.from(hex, 'hex');
   return buff;
 }
 
@@ -36,7 +36,7 @@ function hex2buffer(hex) {
 
 function binary2hex(buf) {
   // use buffer built-in function to convert from buffer to hex-string
-  const hex = buf.toString('hex');
+  const hex = buf && buf.toString('hex');
   return hex;
 }
 
@@ -66,9 +66,8 @@ function stringToBinary(uuidStr) {
  */
 function binaryToString(uuidBin) {
   // i(hasezoey) dont quite know why, but "uuidBin" may sometimes also be the already processed string
-  let hex;
-  if (typeof uuidBin !== 'string') {
-    hex = binary2hex(uuidBin);
+  if (uuidBin && typeof uuidBin !== 'string') {
+    const hex = binary2hex(uuidBin);
     const uuidStr = hex.substring(0, 8) + '-' + hex.substring(8, 8 + 4) + '-' + hex.substring(12, 12 + 4) + '-' + hex.substring(16, 16 + 4) + '-' + hex.substring(20, 20 + 12);
     return uuidStr;
   }

From 8a16964f77d13c4c373d6a6cf6add2153b590e3f Mon Sep 17 00:00:00 2001
From: Nicolas Polizzo <freezystem@gmail.com>
Date: Mon, 13 Feb 2023 18:30:20 +0100
Subject: [PATCH 2/3] add tests

---
 test/types.uuid.test.js | 57 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 test/types.uuid.test.js

diff --git a/test/types.uuid.test.js b/test/types.uuid.test.js
new file mode 100644
index 00000000000..5e6dd696f03
--- /dev/null
+++ b/test/types.uuid.test.js
@@ -0,0 +1,57 @@
+'use strict';
+
+const { UUID } = require('bson');
+/**
+ * Module dependencies.
+ */
+
+const start = require('./common');
+
+const assert = require('assert');
+const mongoose = require('./common').mongoose;
+
+const Schema = mongoose.Schema;
+
+// Dont put indexed models on the default connection, it
+// breaks index.test.js tests on a "pure" default conn.
+// mongoose.model('UserBuffer', UserBuffer);
+
+/**
+ * Test.
+ */
+
+describe('types.uuid', function() {
+  let UserUUID;
+  let db;
+
+  before(function() {
+    db = start();
+
+    UserUUID = new Schema({
+      name: {
+        type: String,
+        required: true
+      },
+      uuid: Schema.Types.UUID
+    });
+  });
+
+  after(async function() {
+    await db.close();
+  });
+
+  it('UUID type field can be set from UUID', async function() {
+    const User = db.model('Test', UserUUID);
+    const uuid = new UUID();
+    const user = await User.create({ name: 'user', uuid });
+
+    assert.equal(user.uuid, uuid);
+  });
+
+  it('UUID type field can be null', async function() {
+    const User = db.model('Test', UserUUID);
+    const user = await User.create({ name: 'user' });
+
+    assert.equal(user.uuid, null);
+  });
+});

From 2f9c82200d052f76cba103a91174e5470e95da4d Mon Sep 17 00:00:00 2001
From: Valeri Karpov <val@karpov.io>
Date: Wed, 15 Feb 2023 16:35:04 -0500
Subject: [PATCH 3/3] Delete types.uuid.test.js

---
 test/types.uuid.test.js | 57 -----------------------------------------
 1 file changed, 57 deletions(-)
 delete mode 100644 test/types.uuid.test.js

diff --git a/test/types.uuid.test.js b/test/types.uuid.test.js
deleted file mode 100644
index 5e6dd696f03..00000000000
--- a/test/types.uuid.test.js
+++ /dev/null
@@ -1,57 +0,0 @@
-'use strict';
-
-const { UUID } = require('bson');
-/**
- * Module dependencies.
- */
-
-const start = require('./common');
-
-const assert = require('assert');
-const mongoose = require('./common').mongoose;
-
-const Schema = mongoose.Schema;
-
-// Dont put indexed models on the default connection, it
-// breaks index.test.js tests on a "pure" default conn.
-// mongoose.model('UserBuffer', UserBuffer);
-
-/**
- * Test.
- */
-
-describe('types.uuid', function() {
-  let UserUUID;
-  let db;
-
-  before(function() {
-    db = start();
-
-    UserUUID = new Schema({
-      name: {
-        type: String,
-        required: true
-      },
-      uuid: Schema.Types.UUID
-    });
-  });
-
-  after(async function() {
-    await db.close();
-  });
-
-  it('UUID type field can be set from UUID', async function() {
-    const User = db.model('Test', UserUUID);
-    const uuid = new UUID();
-    const user = await User.create({ name: 'user', uuid });
-
-    assert.equal(user.uuid, uuid);
-  });
-
-  it('UUID type field can be null', async function() {
-    const User = db.model('Test', UserUUID);
-    const user = await User.create({ name: 'user' });
-
-    assert.equal(user.uuid, null);
-  });
-});