Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Input string was not in a correct format exception in method IsChromiumVersionAtLeast #1811

Closed
SlavaDnepr opened this issue Jul 18, 2022 · 0 comments · Fixed by #2207
Closed

Input string was not in a correct format exception in method IsChromiumVersionAtLeast #1811

SlavaDnepr opened this issue Jul 18, 2022 · 0 comments · Fixed by #2207
Assignees
@westin-m
Labels
bug Something isn't working

Comments

@SlavaDnepr
Copy link

SlavaDnepr commented Jul 18, 2022
edited
Loading

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

1.25.1

Web app

Sign-in users

Web API

Protected web APIs (validating tokens)

Token cache serialization

Not Applicable

Description

Incorrect Regexp in IsChromiumVersionAtLeast
"Chrom[^ \/]+/(\d+)[.\d]* "
Corrected regexp
"Chrom[^ \/]+/(\d+)[.\d]*"
It means Chrome can be only last in row
For some user agent string it is not true
For example "Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100"

Reproduction steps

in Startup.cs added next code
services.Configure(options =>
{
options.HandleSameSiteCookieCompatibility();
});
Try to open web application with userAgent: "Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100"

Error message

Input string was not in a correct format.

System.Number.ThrowOverflowOrFormatException(ParsingStatus status, TypeCode type)
at System.Convert.ToInt32(String value, IFormatProvider provider)
at Microsoft.Identity.Web.CookiePolicyOptionsExtensions.g__IsChromiumVersionAtLeast|3_7(Int32 major, <>c__DisplayClass3_0& )
at Microsoft.Identity.Web.CookiePolicyOptionsExtensions.g__DropsUnrecognizedSameSiteCookies|3_1(<>c__DisplayClass3_0& )
at Microsoft.Identity.Web.CookiePolicyOptionsExtensions.DisallowsSameSiteNone(String userAgent)

Id Web logs

No response

Relevant code snippets

public static bool IsChromiumVersionAtLeastOriginal(string userAgent, int major)
        {
            string regex = @"Chrom[^ \/]+\/(\d+)[\.\d]* ";

            // Extract digits from first capturing group.
            Match match = Regex.Match(userAgent, regex);
            int version = Convert.ToInt32(match.Groups[1].Value, CultureInfo.CurrentCulture);
            return version >= major;
        }

        [TestCase("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36")]
        [TestCase("Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100")]
        public void ChromiumVersionIssueOriginalTest(string userAgent)
        {
            Assert.DoesNotThrow(() => CookiePolicyOptionsExtensions.IsChromiumVersionAtLeastOriginal(userAgent, 51));
        }

Regression

No response

Expected behavior

No exception thrown
ChromiumVersionIssue.zip
@SlavaDnepr SlavaDnepr added the question Further information is requested label Jul 18, 2022
@jmprieur jmprieur added bug Something isn't working and removed question Further information is requested labels Jul 19, 2022
@westin-m westin-m self-assigned this Apr 18, 2023
@westin-m westin-m linked a pull request Apr 19, 2023 that will close this issue
Fix regex bug #2207
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@westin-m westin-m

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix regex bug AzureAD/microsoft-identity-web
3 participants
@SlavaDnepr @jmprieur @westin-m