• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

supabase / auth / 29353177623
72%

Build:
DEFAULT BRANCH: master
Ran 14 Jul 2026 05:23PM UTC
Jobs 1
Files 196
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

14 Jul 2026 05:17PM UTC coverage: 71.729% (+0.03%) from 71.703%
29353177623

push

github

web-flow
fix(siwe): return false instead of panicking on malformed signatures (#2625)

## Problem

`SIWEMessage.VerifySignature` (`internal/utilities/siwe/parser.go`)
returns `bool`, but **panics** on two attacker-controlled inputs instead
of returning `false`:

```go
sig, err := hexutil.Decode(signatureHex)
if err != nil || len(sig) != 65 {
    panic("siwe: signature must be a 65-byte hex string")
}
...
pubKey, err := crypto.Ecrecover(hash, signature)
if err != nil {
    panic("siwe: failed to recover public key: " + err.Error())
}
```

Both are reachable from the **public, unauthenticated** endpoint `POST
/token?grant_type=web3` (`web3GrantEthereum`). The caller's pre-check
only gates on length via `strings.TrimPrefix(params.Signature, "0x")` —
which is a no-op when the `0x` prefix is absent and does not validate
hex-ness — so malformed signatures reach `VerifySignature` and trigger a
panic.

The `recoverer` middleware catches it, so the process doesn't crash, but
it converts the panic into an **HTTP 500 with a logged stack trace**
rather than the clean `400 invalid_grant` that a bad signature should
produce. That's an API-contract bug plus a stack-trace log-flooding
vector on an unauthenticated endpoint.

## Fix

Return `false` on both error paths, matching the sibling Solana verifier
`internal/utilities/siws/parser.go` (`SIWSMessage.VerifySignature`),
which never panics. Behavior-only change; no signature/API change.

## Tests

Adds `TestVerifySignatureRejectsMalformedInput` covering empty,
missing-`0x`-prefix, non-hex, wrong-length, and unrecoverable signatures
— asserting `require.NotPanics` + `require.False`. The
`unrecoverable`/`wrong-length`/`missing-prefix` cases exercise both
former panic paths.

Verified with `go test ./internal/utilities/siwe/` — passes on the fix
and **panics/fails on the old code**; `gofmt` and `go vet` clean. The
`siwe` package is pure (no DB needed to test).

Co-authored-by: Sam Agarwal <samagarwal082@gmail.com>
Co-authored-by... (continued)

6 of 6 new or added lines in 1 file covered. (100.0%)

18083 of 25210 relevant lines covered (71.73%)

663.39 hits per line

Jobs
ID Job ID Ran Files Coverage
1 29353177623.1 14 Jul 2026 05:23PM UTC 196
71.73
GitHub Action Run
Source Files on build 29353177623
  • Tree
  • List 196
  • Changed 2
  • Source Changed 0
  • Coverage Changed 2
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • c3005a47 on github
  • Prev Build on master (#29352689280)
  • Next Build on master (#29354833746)
  • Delete
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc