Fail random_id on repeated entropy rejection

mgomes · mgomes · commit ac6ae93d66e4 · 2026-02-19T21:26:34.000-05:00
diff --git a/vibes/builtins.go b/vibes/builtins.go
@@ -17,6 +17,7 @@ import (
 const (
 	randomIDAlphabet       = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 	randomIDUnbiasedCutoff = byte((256 / len(randomIDAlphabet)) * len(randomIDAlphabet))
+	maxRandomIDStallReads  = 8
 	maxJSONPayloadBytes    = 1 << 20
 	maxRegexInputBytes     = 1 << 20
 	maxRegexPatternSize    = 16 << 10
@@ -130,21 +131,32 @@ func builtinRandomID(exec *Execution, receiver Value, args []Value, kwargs map[s
 	}
 
 	chars := make([]byte, 0, length)
+	stalledReads := 0
 	for int64(len(chars)) < length {
 		needed := int(length) - len(chars)
 		raw, err := exec.engine.randomBytes(needed)
 		if err != nil {
 			return NewNil(), err
 		}
+		acceptedThisRead := 0
 		for _, b := range raw {
 			if b >= randomIDUnbiasedCutoff {
 				continue
 			}
 			chars = append(chars, randomIDAlphabet[int(b)%len(randomIDAlphabet)])
+			acceptedThisRead++
 			if int64(len(chars)) == length {
 				break
 			}
 		}
+		if acceptedThisRead == 0 {
+			stalledReads++
+			if stalledReads > maxRandomIDStallReads {
+				return NewNil(), fmt.Errorf("random_id entropy source rejected too many bytes")
+			}
+			continue
+		}
+		stalledReads = 0
 	}
 	return NewString(string(chars)), nil
 }
diff --git a/vibes/runtime_test.go b/vibes/runtime_test.go
@@ -2254,6 +2254,23 @@ func TestRandomIdentifierBuiltinsUsesUnbiasedSampling(t *testing.T) {
 	}
 }
 
+func TestRandomIdentifierBuiltinsRejectsStalledEntropy(t *testing.T) {
+	engine := MustNewEngine(Config{RandomReader: bytes.NewReader(bytes.Repeat([]byte{0xFF}, 1024))})
+	script, err := engine.Compile(`
+    def run()
+      random_id(4)
+    end
+    `)
+	if err != nil {
+		t.Fatalf("compile error: %v", err)
+	}
+
+	_, err = script.Call(context.Background(), "run", nil, CallOptions{})
+	if err == nil || !strings.Contains(err.Error(), "random_id entropy source rejected too many bytes") {
+		t.Fatalf("expected stalled entropy error, got %v", err)
+	}
+}
+
 func TestNumericHelpers(t *testing.T) {
 	script := compileScript(t, `
     def int_helpers()

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ import (`
`17`	`17`	`const (`
`18`	`18`	`randomIDAlphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"`
`19`	`19`	`randomIDUnbiasedCutoff = byte((256 / len(randomIDAlphabet)) * len(randomIDAlphabet))`
	`20`	`+ maxRandomIDStallReads = 8`
`20`	`21`	`maxJSONPayloadBytes = 1 << 20`
`21`	`22`	`maxRegexInputBytes = 1 << 20`
`22`	`23`	`maxRegexPatternSize = 16 << 10`
`@@ -130,21 +131,32 @@ func builtinRandomID(exec *Execution, receiver Value, args []Value, kwargs map[s`
`130`	`131`	`}`
`131`	`132`
`132`	`133`	`chars := make([]byte, 0, length)`
	`134`	`+ stalledReads := 0`
`133`	`135`	`for int64(len(chars)) < length {`
`134`	`136`	`needed := int(length) - len(chars)`
`135`	`137`	`raw, err := exec.engine.randomBytes(needed)`
`136`	`138`	`if err != nil {`
`137`	`139`	`return NewNil(), err`
`138`	`140`	`}`
	`141`	`+ acceptedThisRead := 0`
`139`	`142`	`for _, b := range raw {`
`140`	`143`	`if b >= randomIDUnbiasedCutoff {`
`141`	`144`	`continue`
`142`	`145`	`}`
`143`	`146`	`chars = append(chars, randomIDAlphabet[int(b)%len(randomIDAlphabet)])`
	`147`	`+ acceptedThisRead++`
`144`	`148`	`if int64(len(chars)) == length {`
`145`	`149`	`break`
`146`	`150`	`}`
`147`	`151`	`}`
	`152`	`+ if acceptedThisRead == 0 {`
	`153`	`+ stalledReads++`
	`154`	`+ if stalledReads > maxRandomIDStallReads {`
	`155`	`+ return NewNil(), fmt.Errorf("random_id entropy source rejected too many bytes")`
	`156`	`+ }`
	`157`	`+ continue`
	`158`	`+ }`
	`159`	`+ stalledReads = 0`
`148`	`160`	`}`
`149`	`161`	`return NewString(string(chars)), nil`
`150`	`162`	`}`