Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| /** @inheritdoc */ | ||
| validateKey({ key }: BaseKey): void { | ||
| if (!new KeyPair({ prv: key })) { |
Check warning
Code scanning / CodeQL
Useless conditional Warning
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To fix the problem, we must ensure that validateKey meaningfully checks whether the provided key is valid. If the KeyPair constructor throws for an invalid key, then simply instantiating it suffices (no conditional or negation required); any error thrown will propagate or can be caught for custom error messages. If an additional method (like .isValid() or similar) must be called to check validity, we should use that in the conditional.
The best fix (without changing existing interface or behavior and with minimal assumptions) is to remove the useless conditional and instead instantiate KeyPair for its validation side-effects (i.e., for any validation performed in the constructor). If the constructor does not throw but exposes a method for checking validity, use that. Since we're restricted to given code, the first approach will be to remove the conditional and just try to instantiate, catching errors if needed for error context.
Edit only the code shown: remove the conditional and unnecessary negation in validateKey, so that the function only creates KeyPair({prv: key }). Optionally, wrap it with a try-catch to provide a custom error if the constructor throws.
| @@ -435,7 +435,9 @@ | ||
|
|
||
| /** @inheritdoc */ | ||
| validateKey({ key }: BaseKey): void { | ||
| if (!new KeyPair({ prv: key })) { | ||
| try { | ||
| new KeyPair({ prv: key }); | ||
| } catch (e) { | ||
| throw new BuildTransactionError('Invalid key'); | ||
| } | ||
| } |
1 participant
TICKET: WIN-7770