test(native): cover the WebAuthn bridge — DER parsing + credential pinning#2394
test(native): cover the WebAuthn bridge — DER parsing + credential pinning#2394innolope-dev wants to merge 1 commit into
Conversation
…nning native-webauthn.ts is the most security-critical native file and had no direct tests. Covers: DER ECDSA signature parsing and low-S malleability normalization, SPKI public-key coordinate extraction and authenticator-id hashing, the zerodev response tuple encoding (responseTypeLocation, RIP-7212 precompile flag), challenge/rpId wiring, message format handling, and the multi-account credential pinning fix (pin used when no allow-list, caller list never overridden, empty list falls back to pin).
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
What
Adds the missing test coverage for
src/utils/native-webauthn.ts— the most security-critical native file (flagged as a known gap in the mobile-release requirements). 13 tests, no production code changes.Stacked on #2393 (the file doesn't exist on main yet); GitHub will retarget this to
mainautomatically when that merges.Covered
authenticatorData,clientDataJSON,responseTypeLocationvialastIndexOf('"type":"webauthn.get"'), RIP-7212usePrecompiledflag per chain).s ≤ N/2.crypto.subtle-generated key, plus keccak hashing of the authenticator id.undefined) preserved.Verification
pnpm test -- src/utils/__tests__/native-webauthn.test.ts✅ 13/13