@marcuspuchalla/nachos 0.1.3 → 0.2.0

package/src/parser/__tests__/utils-errors.test.ts

@@ -42,10 +42,10 @@ describe('Utils - Error Handling', () => {
   })
 
   describe('readUint - Valid Lengths', () => {
-    it('should read 1-8 bytes successfully', () => {
+    it('should read 1-7 bytes (within safe-integer range) successfully', () => {
       const buffer = new Uint8Array([0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08])
 
-      // Test all valid lengths (1-8)
+      // Lengths 1-7 stay within Number.MAX_SAFE_INTEGER (2^53 - 1)
       expect(readUint(buffer, 0, 1)).toBe(0x01)
       expect(readUint(buffer, 0, 2)).toBe(0x0102)
       expect(readUint(buffer, 0, 3)).toBe(0x010203)
@@ -53,7 +53,15 @@ describe('Utils - Error Handling', () => {
       expect(readUint(buffer, 0, 5)).toBe(0x0102030405)
       expect(readUint(buffer, 0, 6)).toBe(0x010203040506)
       expect(readUint(buffer, 0, 7)).toBe(0x01020304050607)
-      expect(readUint(buffer, 0, 8)).toBe(0x0102030405060708)
+    })
+
+    it('should throw rather than silently lose precision above MAX_SAFE_INTEGER', () => {
+      // 0x0102030405060708 ≈ 7.26e16 > 2^53, so readUint refuses it and
+      // directs callers to readBigUint (L3 precision-safety fix).
+      const buffer = new Uint8Array([0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08])
+      expect(() => readUint(buffer, 0, 8)).toThrow('exceeds MAX_SAFE_INTEGER')
+      // The exact value is available without loss via readBigUint:
+      expect(readBigUint(buffer, 0, 8)).toBe(0x0102030405060708n)
     })
   })
 

package/src/parser/composables/useCborCollection.ts

@@ -6,7 +6,7 @@
 
 import type { ParseResult, CborValue, CborMap, ParseOptions } from '../types'
 import { INDEFINITE_SYMBOL, ALL_ENTRIES_SYMBOL } from '../types'
-import { hexToBytes, readByte, readUint, readBigUint, extractCborHeader, compareBytes, bytesToHex } from '../utils'
+import { hexToBytes, readByte, readUint, readBigUint, extractCborHeader, compareMapKeys, serializeValueForComparison } from '../utils'
 import { useCborInteger } from './useCborInteger'
 import { useCborString } from './useCborString'
 import { useCborFloat } from './useCborFloat'
@@ -25,21 +25,13 @@ import { logger } from '../../utils/logger'
  * ```
  */
 export function useCborCollection() {
-  const { parseInteger } = useCborInteger()
+  const { parseIntegerFromBuffer } = useCborInteger()
   const { parseByteString, parseTextString } = useCborString()
-  const { parse: parseFloatOrSimple } = useCborFloat()
-  const { parseTag } = useCborTag()
+  const { parseFromBuffer: parseFloatOrSimpleFromBuffer } = useCborFloat()
+  const { parseTagFromBuffer } = useCborTag()
 
-  /**
-   * Convert a CBOR value to a string key for use in JavaScript objects
-   * Handles Uint8Array keys by converting them to hex strings
-   */
-  const convertKeyToString = (key: CborValue): string => {
-    if (key instanceof Uint8Array) {
-      return bytesToHex(key)
-    }
-    return String(key)
-  }
+  /** Tracks when parsing started for timeout enforcement */
+  let parseStartTime = 0
 
   /**
    * Internal parser dispatcher for CBOR items
@@ -52,6 +44,14 @@ export function useCborCollection() {
    * @returns Parsed value and bytes consumed
    */
   const parseItem = (buffer: Uint8Array, offset: number, options?: ParseOptions, depth: number = 0): ParseResult => {
+    // Check timeout on every recursive call
+    if (parseStartTime > 0 && options?.limits?.maxParseTime) {
+      const elapsed = Date.now() - parseStartTime
+      if (elapsed > options.limits.maxParseTime) {
+        throw new Error(`Parse timeout: exceeded ${options.limits.maxParseTime}ms limit`)
+      }
+    }
+
     if (offset >= buffer.length) {
       throw new Error(`Unexpected end of buffer at offset ${offset}`)
     }
@@ -62,14 +62,7 @@ export function useCborCollection() {
     switch (majorType) {
       case 0: // Unsigned integer
       case 1: // Negative integer
-        {
-          // Create a hex string from the buffer starting at offset
-          const intHex = Array.from(buffer.slice(offset))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('')
-          const result = parseInteger(intHex, options)
-          return { value: result.value, bytesRead: result.bytesRead }
-        }
+        return parseIntegerFromBuffer(buffer, offset, options)
 
       case 2: // Byte string
         return parseByteString(buffer, offset, options)
@@ -84,22 +77,10 @@ export function useCborCollection() {
         return parseMapFromBuffer(buffer, offset, options, depth)
 
       case 6: // Tag
-        {
-          const tagHex = Array.from(buffer.slice(offset))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('')
-          const result = parseTag(tagHex, options)
-          return { value: result.value, bytesRead: result.bytesRead }
-        }
+        return parseTagFromBuffer(buffer, offset, options)
 
       case 7: // Simple/Float
-        {
-          const floatHex = Array.from(buffer.slice(offset))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('')
-          const result = parseFloatOrSimple(floatHex, options)
-          return { value: result.value, bytesRead: result.bytesRead }
-        }
+        return parseFloatOrSimpleFromBuffer(buffer, offset, options)
 
       default:
         throw new Error(`Unknown major type: ${majorType}`)
@@ -356,8 +337,10 @@ export function useCborCollection() {
         const valueResult = parseItem(buffer, currentOffset, options, depth + 1)
         currentOffset += valueResult.bytesRead
 
-        // For duplicate key detection, serialize the key
-        const keyString = convertKeyToString(keyResult.value)
+        // For duplicate key detection, serialize the parsed value semantically
+        // RFC 8949 Section 5.6: comparison must be on semantic values, not raw bytes
+        // (raw bytes differ when same value uses different byte widths)
+        const keyString = serializeValueForComparison(keyResult.value)
 
         // Check for duplicate keys based on dupMapKeyMode
         // RFC 8949: Deterministic encoding SHOULD reject duplicate keys
@@ -420,8 +403,10 @@ export function useCborCollection() {
         const valueResult = parseItem(buffer, currentOffset, options, depth + 1)
         currentOffset += valueResult.bytesRead
 
-        // For duplicate key detection, serialize the key
-        const keyString = convertKeyToString(keyResult.value)
+        // For duplicate key detection, serialize the parsed value semantically
+        // RFC 8949 Section 5.6: comparison must be on semantic values, not raw bytes
+        // (raw bytes differ when same value uses different byte widths)
+        const keyString = serializeValueForComparison(keyResult.value)
 
         // Check for duplicate keys based on dupMapKeyMode
         // RFC 8949: Deterministic encoding SHOULD reject duplicate keys
@@ -449,16 +434,19 @@ export function useCborCollection() {
     // Attach allEntries to map for byte-perfect round-trips with duplicates
     ;(map as any)[ALL_ENTRIES_SYMBOL] = allEntries
 
-    // Validate canonical key ordering (keys must be sorted by byte representation)
+    // Validate canonical key ordering (keys must be sorted by byte representation).
+    // Ordering follows options.mapKeyOrder: 'length-first' (CIP-21 / RFC 7049 §3.9,
+    // default) or 'bytewise' (RFC 8949 §4.2.1 core deterministic).
     if (options?.validateCanonical && keyBytes.length > 1) {
+      const keyOrder = options?.mapKeyOrder ?? 'length-first'
       for (let i = 1; i < keyBytes.length; i++) {
         const prevKey = keyBytes[i - 1]
         const currKey = keyBytes[i]
         if (prevKey && currKey) {
-          const cmp = compareBytes(prevKey, currKey)
+          const cmp = compareMapKeys(prevKey, currKey, keyOrder)
           if (cmp > 0) {
             throw new Error(
-              `Map keys are not in canonical order: key at index ${i} should come before key at index ${i - 1}`
+              `Map keys are not in canonical order (${keyOrder}): key at index ${i} should come before key at index ${i - 1}`
             )
           }
           if (cmp === 0) {
@@ -485,7 +473,16 @@ export function useCborCollection() {
     // Remove spaces from hex string
     const cleanHex = hexString.replace(/\s+/g, '')
     const buffer = hexToBytes(cleanHex)
-    return parseArrayFromBuffer(buffer, 0, options, 0)
+
+    // Set parse start time for timeout enforcement
+    if (options?.limits?.maxParseTime) {
+      parseStartTime = Date.now()
+    }
+    try {
+      return parseArrayFromBuffer(buffer, 0, options, 0)
+    } finally {
+      parseStartTime = 0
+    }
   }
 
   /**
@@ -499,7 +496,16 @@ export function useCborCollection() {
     // Remove spaces from hex string
     const cleanHex = hexString.replace(/\s+/g, '')
     const buffer = hexToBytes(cleanHex)
-    return parseMapFromBuffer(buffer, 0, options, 0)
+
+    // Set parse start time for timeout enforcement
+    if (options?.limits?.maxParseTime) {
+      parseStartTime = Date.now()
+    }
+    try {
+      return parseMapFromBuffer(buffer, 0, options, 0)
+    } finally {
+      parseStartTime = 0
+    }
   }
 
   return {

package/src/parser/composables/useCborDiagnostic.ts

@@ -15,6 +15,13 @@
  * ```
  */
 
+import { INDEFINITE_SYMBOL } from '../types'
+
+/** Detect the indefinite-length marker attached by the parser to a value. */
+function isIndefiniteValue(value: unknown): boolean {
+  return typeof value === 'object' && value !== null && (value as any)[INDEFINITE_SYMBOL] === true
+}
+
 /**
  * Options for diagnostic notation output
  */
@@ -186,6 +193,25 @@ export function useCborDiagnostic() {
       return `h'${bytesToHex(value)}'`
     }
 
+    // Handle parser wrapper types for indefinite-length strings
+    if (typeof value === 'object' && value !== null && 'type' in value) {
+      const t = (value as { type?: string }).type
+      if (t === 'cbor-byte-string') {
+        const bs = value as unknown as { bytes: Uint8Array }
+        return isIndefiniteValue(value) ? `(_ h'${bytesToHex(bs.bytes)}')` : `h'${bytesToHex(bs.bytes)}'`
+      }
+      if (t === 'cbor-text-string') {
+        const ts = value as unknown as { text: string }
+        return isIndefiniteValue(value) ? `(_ "${escapeString(ts.text)}")` : `"${escapeString(ts.text)}"`
+      }
+    }
+
+    // Handle unassigned simple values (Major Type 7): simple(N)
+    if (typeof value === 'object' && value !== null && 'simpleValue' in value &&
+        typeof (value as { simpleValue?: unknown }).simpleValue === 'number') {
+      return `simple(${(value as { simpleValue: number }).simpleValue})`
+    }
+
     // Handle tagged values
     if (isTaggedValue(value)) {
       const taggedContent = formatValue(
@@ -201,6 +227,7 @@ export function useCborDiagnostic() {
 
     // Handle arrays
     if (Array.isArray(value)) {
+      indefinite = indefinite || isIndefiniteValue(value)
       if (value.length === 0) {
         return indefinite ? '[_ ]' : '[]'
       }
@@ -222,6 +249,7 @@ export function useCborDiagnostic() {
 
     // Handle Maps
     if (value instanceof Map) {
+      indefinite = indefinite || isIndefiniteValue(value)
       if (value.size === 0) {
         return indefinite ? '{_ }' : '{}'
       }

package/src/parser/composables/useCborFloat.ts

@@ -336,6 +336,7 @@ export function useCborFloat() {
   return {
     parse,
     parseFloat,
-    parseSimple
+    parseSimple,
+    parseFromBuffer
   }
 }

package/src/parser/composables/useCborInteger.ts

@@ -20,15 +20,15 @@ import { hexToBytes, readByte, readUint, readBigUint, extractCborHeader, validat
  */
 export function useCborInteger() {
   /**
-   * Parses CBOR integer (Major Type 0 or 1)
+   * Parses CBOR integer (Major Type 0 or 1) from a buffer at a given offset
    *
-   * @param hexString - CBOR hex string
+   * @param buffer - Data buffer
+   * @param offset - Current offset into the buffer
    * @param options - Parser options (optional)
    * @returns Parsed integer value and bytes read
    */
-  const parseInteger = (hexString: string, options?: ParseOptions): ParseResult => {
-    const buffer = hexToBytes(hexString)
-    const initialByte = readByte(buffer, 0)
+  const parseIntegerFromBuffer = (buffer: Uint8Array, offset: number, options?: ParseOptions): ParseResult => {
+    const initialByte = readByte(buffer, offset)
 
     const { majorType, additionalInfo } = extractCborHeader(initialByte)
 
@@ -42,19 +42,19 @@ export function useCborInteger() {
       bytesRead = 1
     } else if (additionalInfo === 24) {
       // 1 byte follows
-      rawValue = readByte(buffer, 1)
+      rawValue = readByte(buffer, offset + 1)
       bytesRead = 2
     } else if (additionalInfo === 25) {
       // 2 bytes follow
-      rawValue = readUint(buffer, 1, 2)
+      rawValue = readUint(buffer, offset + 1, 2)
       bytesRead = 3
     } else if (additionalInfo === 26) {
       // 4 bytes follow
-      rawValue = readUint(buffer, 1, 4)
+      rawValue = readUint(buffer, offset + 1, 4)
       bytesRead = 5
     } else if (additionalInfo === 27) {
       // 8 bytes follow - use BigInt for large values
-      const bigValue = readBigUint(buffer, 1, 8)
+      const bigValue = readBigUint(buffer, offset + 1, 8)
 
       // Check if value fits in Number.MAX_SAFE_INTEGER
       if (bigValue <= BigInt(Number.MAX_SAFE_INTEGER)) {
@@ -108,7 +108,21 @@ export function useCborInteger() {
     }
   }
 
+  /**
+   * Parses CBOR integer (Major Type 0 or 1) from hex string
+   * Thin wrapper around parseIntegerFromBuffer
+   *
+   * @param hexString - CBOR hex string
+   * @param options - Parser options (optional)
+   * @returns Parsed integer value and bytes read
+   */
+  const parseInteger = (hexString: string, options?: ParseOptions): ParseResult => {
+    const buffer = hexToBytes(hexString)
+    return parseIntegerFromBuffer(buffer, 0, options)
+  }
+
   return {
-    parseInteger
+    parseInteger,
+    parseIntegerFromBuffer
   }
 }