Update invalid json test value, fix issue in Base64Url validation

Author: buyaa-n

src/libraries/System.Memory/tests/Base64/Base64DecoderUnitTests.cs

@@ -285,7 +285,8 @@ public void BasicDecodingWithNonZeroUnusedBits(string inputString)
             Span<byte> decodedBytes = new byte[Base64.GetMaxDecodedFromUtf8Length(source.Length)];
 
             Assert.False(Base64.IsValid(inputString));
-            Assert.Equal(OperationStatus.InvalidData, Base64.DecodeFromUtf8(source, decodedBytes, out int consumed, out int _));
+            Assert.Equal(OperationStatus.InvalidData, Base64.DecodeFromUtf8(source, decodedBytes, out int _, out int _));
+            Assert.Equal(OperationStatus.InvalidData, Base64.DecodeFromUtf8InPlace(source, out int _));
         }
 
         [Theory]

src/libraries/System.Memory/tests/Base64Url/Base64UrlDecoderUnitTests.cs

@@ -300,11 +300,12 @@ public void BasicDecodingWithFinalBlockTrueKnownInputDone(string inputString, in
         [InlineData("AQIDBAUHCAkKCwwNDxD")]
         public void BasicDecodingWithNonZeroUnusedBits(string inputString)
         {
-            Span<byte> source = Encoding.ASCII.GetBytes(inputString);
-            Span<byte> decodedBytes = new byte[Base64.GetMaxDecodedFromUtf8Length(source.Length)];
+            byte[] source = Encoding.ASCII.GetBytes(inputString);
+            Span<byte> decodedBytes = new byte[Base64Url.GetMaxDecodedLength(source.Length)];
 
-            Assert.False(Base64.IsValid(inputString));
-            Assert.Equal(OperationStatus.InvalidData, Base64.DecodeFromUtf8(source, decodedBytes, out int consumed, out int _));
+            Assert.False(Base64Url.IsValid(inputString));
+            Assert.Equal(OperationStatus.InvalidData, Base64Url.DecodeFromUtf8(source, decodedBytes, out int _, out int _));
+            Assert.Throws<FormatException>(() => Base64Url.DecodeFromUtf8InPlace(source));
         }
 
         [Theory]

src/libraries/System.Memory/tests/Base64Url/Base64UrlValidationUnitTests.cs

@@ -39,6 +39,7 @@ public void BasicValidationBytes()
 
                 Span<byte> source = new byte[numBytes];
                 Base64TestHelper.InitializeUrlDecodableBytes(source, numBytes);
+                source[numBytes - 1] = 65; // make sure unused bits set 0
 
                 Assert.True(Base64Url.IsValid(source));
                 Assert.True(Base64Url.IsValid(source, out int decodedLength));
@@ -60,6 +61,7 @@ public void BasicValidationChars()
 
                 Span<byte> source = new byte[numBytes];
                 Base64TestHelper.InitializeUrlDecodableBytes(source, numBytes);
+                source[numBytes - 1] = 65; // make sure unused bits set 0
                 Span<char> chars = source
                     .ToArray()
                     .Select(Convert.ToChar)
@@ -259,8 +261,8 @@ public void ValidateWithPaddingReturnsCorrectCountChars(string utf8WithByteToBeI
         }
 
         [Theory]
-        [InlineData("YWJ", true, 2)]
-        [InlineData("YW", true, 1)]
+        [InlineData("YWI", true, 2)]
+        [InlineData("YQ", true, 1)]
         [InlineData("Y", false, 0)]
         public void SmallSizeBytes(string utf8Text, bool isValid, int expectedDecodedLength)
         {
@@ -272,8 +274,8 @@ public void SmallSizeBytes(string utf8Text, bool isValid, int expectedDecodedLen
         }
 
         [Theory]
-        [InlineData("YWJ", true, 2)]
-        [InlineData("YW", true, 1)]
+        [InlineData("YWI", true, 2)]
+        [InlineData("YQ", true, 1)]
         [InlineData("Y", false, 0)]
         public void SmallSizeChars(string utf8Text, bool isValid, int expectedDecodedLength)
         {

src/libraries/System.Private.CoreLib/src/System/Buffers/Text/Base64Helper/Base64ValidatorHelper.cs

@@ -108,20 +108,11 @@ internal static bool IsValid<T, TBase64Validatable>(TBase64Validatable validatab
                         }
                     }
 
-                    int decoded = validatable.DecodeValue(lastChar);
-                    if (paddingCount == 1 && (decoded & 0x03) != 0 ||
-                        paddingCount == 2 && (decoded & 0x0F) != 0)
-                    {
-                        // unused lower bits are not 0, reject input
-                        decodedLength = 0;
-                        return false;
-                    }
-
                     length += paddingCount;
                     break;
                 }
 
-                if (!validatable.ValidateAndDecodeLength(length, paddingCount, out decodedLength))
+                if (!validatable.ValidateAndDecodeLength(lastChar, length, paddingCount, out decodedLength))
                 {
                     goto Fail;
                 }
@@ -141,19 +132,21 @@ internal interface IBase64Validatable<T>
         {
 #if NET
             int IndexOfAnyExcept(ReadOnlySpan<T> span);
-#endif
+#else
             int DecodeValue(T value);
+#endif
             bool IsWhiteSpace(T value);
             bool IsEncodingPad(T value);
-            bool ValidateAndDecodeLength(int length, int paddingCount, out int decodedLength);
+            bool ValidateAndDecodeLength(T lastChar, int length, int paddingCount, out int decodedLength);
         }
 
         internal readonly struct Base64CharValidatable : IBase64Validatable<char>
         {
 #if NET
             private static readonly SearchValues<char> s_validBase64Chars = SearchValues.Create("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/");
+
             public int IndexOfAnyExcept(ReadOnlySpan<char> span) => span.IndexOfAnyExcept(s_validBase64Chars);
-#endif
+#else
             [MethodImpl(MethodImplOptions.AggressiveInlining)]
             public int DecodeValue(char value)
             {
@@ -165,26 +158,38 @@ public int DecodeValue(char value)
 
                 return default(Base64DecoderByte).DecodingMap[value];
             }
+#endif
             public bool IsWhiteSpace(char value) => Base64Helper.IsWhiteSpace(value);
             public bool IsEncodingPad(char value) => value == EncodingPad;
-            public bool ValidateAndDecodeLength(int length, int paddingCount, out int decodedLength) =>
-                default(Base64ByteValidatable).ValidateAndDecodeLength(length, paddingCount, out decodedLength);
+            public bool ValidateAndDecodeLength(char lastChar, int length, int paddingCount, out int decodedLength) =>
+                default(Base64ByteValidatable).ValidateAndDecodeLength((byte)lastChar, length, paddingCount, out decodedLength);
         }
 
         internal readonly struct Base64ByteValidatable : IBase64Validatable<byte>
         {
 #if NET
             private static readonly SearchValues<byte> s_validBase64Chars = SearchValues.Create(default(Base64EncoderByte).EncodingMap);
+
             public int IndexOfAnyExcept(ReadOnlySpan<byte> span) => span.IndexOfAnyExcept(s_validBase64Chars);
-#endif
+#else
             public int DecodeValue(byte value) => default(Base64DecoderByte).DecodingMap[value];
+#endif
             public bool IsWhiteSpace(byte value) => Base64Helper.IsWhiteSpace(value);
             public bool IsEncodingPad(byte value) => value == EncodingPad;
             [MethodImpl(MethodImplOptions.AggressiveInlining)]
-            public bool ValidateAndDecodeLength(int length, int paddingCount, out int decodedLength)
+            public bool ValidateAndDecodeLength(byte lastChar, int length, int paddingCount, out int decodedLength)
             {
                 if (length % 4 == 0)
                 {
+                    int decoded = default(Base64DecoderByte).DecodingMap[lastChar];
+                    if (paddingCount == 1 && (decoded & 0x03) != 0 ||
+                        paddingCount == 2 && (decoded & 0x0F) != 0)
+                    {
+                        // unused lower bits are not 0, reject input
+                        decodedLength = 0;
+                        return false;
+                    }
+
                     // Remove padding to get exact length.
                     decodedLength = (int)((uint)length / 4 * 3) - paddingCount;
                     return true;

src/libraries/System.Private.CoreLib/src/System/Buffers/Text/Base64Url/Base64UrlValidator.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Runtime.CompilerServices;
+using static System.Buffers.Text.Base64Helper;
 
 namespace System.Buffers.Text
 {
@@ -57,8 +58,9 @@ public static bool IsValid(ReadOnlySpan<byte> utf8Base64UrlText, out int decoded
         {
 #if NET
             private static readonly SearchValues<char> s_validBase64UrlChars = SearchValues.Create("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_");
+
             public int IndexOfAnyExcept(ReadOnlySpan<char> span) => span.IndexOfAnyExcept(s_validBase64UrlChars);
-#endif
+#else
             [MethodImpl(MethodImplOptions.AggressiveInlining)]
             public int DecodeValue(char value)
             {
@@ -70,24 +72,27 @@ public int DecodeValue(char value)
 
                 return default(Base64UrlDecoderByte).DecodingMap[value];
             }
+#endif
             public bool IsWhiteSpace(char value) => Base64Helper.IsWhiteSpace(value);
             public bool IsEncodingPad(char value) => value == Base64Helper.EncodingPad || value == UrlEncodingPad;
             [MethodImpl(MethodImplOptions.AggressiveInlining)]
-            public bool ValidateAndDecodeLength(int length, int paddingCount, out int decodedLength) =>
-                default(Base64UrlByteValidatable).ValidateAndDecodeLength(length, paddingCount, out decodedLength);
+            public bool ValidateAndDecodeLength(char lastChar, int length, int paddingCount, out int decodedLength) =>
+                default(Base64UrlByteValidatable).ValidateAndDecodeLength((byte)lastChar, length, paddingCount, out decodedLength);
         }
 
         private readonly struct Base64UrlByteValidatable : Base64Helper.IBase64Validatable<byte>
         {
 #if NET
             private static readonly SearchValues<byte> s_validBase64UrlChars = SearchValues.Create(default(Base64UrlEncoderByte).EncodingMap);
+
             public int IndexOfAnyExcept(ReadOnlySpan<byte> span) => span.IndexOfAnyExcept(s_validBase64UrlChars);
-#endif
+#else
             public int DecodeValue(byte value) => default(Base64UrlDecoderByte).DecodingMap[value];
+#endif
             public bool IsWhiteSpace(byte value) => Base64Helper.IsWhiteSpace(value);
             public bool IsEncodingPad(byte value) => value == Base64Helper.EncodingPad || value == UrlEncodingPad;
             [MethodImpl(MethodImplOptions.AggressiveInlining)]
-            public bool ValidateAndDecodeLength(int length, int paddingCount, out int decodedLength)
+            public bool ValidateAndDecodeLength(byte lastChar, int length, int paddingCount, out int decodedLength)
             {
                 // Padding is optional for Base64Url, so need to account remainder. If remainder is 1, then it's invalid.
 #if NET
@@ -109,6 +114,15 @@ public bool ValidateAndDecodeLength(int length, int paddingCount, out int decode
 
                 decodedLength = (length >> 2) * 3 + (remainder > 0 ? remainder - 1 : 0) - paddingCount;
 #endif
+                int decoded = default(Base64DecoderByte).DecodingMap[lastChar];
+                if ((remainder == 3 || paddingCount == 1) && (decoded & 0x03) != 0 ||
+                    (remainder == 2 || paddingCount == 2) && (decoded & 0x0F) != 0)
+                {
+                    // unused lower bits are not 0, reject input
+                    decodedLength = 0;
+                    return false;
+                }
+
                 return true;
             }
         }

src/libraries/System.Text.Json/tests/System.Text.Json.Tests/JsonBase64TestData.cs

@@ -9,7 +9,7 @@ internal class JsonBase64TestData
     {
         public static IEnumerable<object[]> ValidBase64Tests()
         {
-            yield return new object[] { "\"ABC=\"" };
+            yield return new object[] { "\"ABA=\"" };
             yield return new object[] { "\"AB+D\"" };
             yield return new object[] { "\"ABCD\"" };
             yield return new object[] { "\"ABC/\"" };
@@ -19,9 +19,9 @@ public static IEnumerable<object[]> ValidBase64Tests()
 
         public static IEnumerable<object[]> InvalidBase64Tests()
         {
-            yield return new object[] { "\"ABC===\"" };
-            yield return new object[] { "\"ABC\"" };
-            yield return new object[] { "\"ABC!\"" };
+            yield return new object[] { "\"ABA===\"" };
+            yield return new object[] { "\"ABA\"" };
+            yield return new object[] { "\"ABA!\"" };
             yield return new object[] { GenerateRandomInvalidLargeString(includeEscapedCharacter: true) };
             yield return new object[] { GenerateRandomInvalidLargeString(includeEscapedCharacter: false) };
         }