From 53761feb06cf70a90aae5f8fb93d37343014fa56 Mon Sep 17 00:00:00 2001 From: Daniel James Smith Date: Thu, 15 Jan 2026 14:23:35 +0100 Subject: [PATCH] Add check and test for empty inputs into isValidRpId --- .../src/platform/services/fido2/domain-utils.spec.ts | 12 ++++++++++++ .../src/platform/services/fido2/domain-utils.ts | 3 +++ 2 files changed, 15 insertions(+) diff --git a/libs/common/src/platform/services/fido2/domain-utils.spec.ts b/libs/common/src/platform/services/fido2/domain-utils.spec.ts index 4b99c06cdec..995f9118afd 100644 --- a/libs/common/src/platform/services/fido2/domain-utils.spec.ts +++ b/libs/common/src/platform/services/fido2/domain-utils.spec.ts @@ -2,6 +2,18 @@ import { isValidRpId } from "./domain-utils"; // Spec: If options.rp.id is not a registrable domain suffix of and is not equal to effectiveDomain, return a DOMException whose name is "SecurityError", and terminate this algorithm. describe("validateRpId", () => { + it("should not be valid when rpId is null", () => { + const origin = "example.com"; + + expect(isValidRpId(null, origin)).toBe(false); + }); + + it("should not be valid when origin is null", () => { + const rpId = "example.com"; + + expect(isValidRpId(rpId, null)).toBe(false); + }); + it("should not be valid when rpId is more specific than origin", () => { const rpId = "sub.login.bitwarden.com"; const origin = "https://login.bitwarden.com:1337"; diff --git a/libs/common/src/platform/services/fido2/domain-utils.ts b/libs/common/src/platform/services/fido2/domain-utils.ts index 67874355908..a3030f78a31 100644 --- a/libs/common/src/platform/services/fido2/domain-utils.ts +++ b/libs/common/src/platform/services/fido2/domain-utils.ts @@ -3,6 +3,9 @@ import { parse } from "tldts"; export function isValidRpId(rpId: string, origin: string) { + if (!rpId || !origin) { + return false; + } const parsedOrigin = parse(origin, { allowPrivateDomains: true }); const parsedRpId = parse(rpId, { allowPrivateDomains: true });