From 4b630c678b83c3611d23f5f1130c11a07a8734e7 Mon Sep 17 00:00:00 2001
From: Wilson Silva <wilson.dsigns@gmail.com>
Date: Sat, 18 Nov 2023 16:38:03 +0700
Subject: [PATCH] Ensure that Nostr::Crypto#descrypt_text always returns a
 string

Fixes another Steep/RBS violation
---
 lib/nostr/crypto.rb       |  4 ++++
 spec/nostr/crypto_spec.rb | 19 +++++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/nostr/crypto.rb b/lib/nostr/crypto.rb
index 2c9a033..1fc62d1 100644
--- a/lib/nostr/crypto.rb
+++ b/lib/nostr/crypto.rb
@@ -62,6 +62,10 @@ module Nostr
     #
     def decrypt_text(recipient_private_key, sender_public_key, encrypted_text)
       base64_encoded_text, iv = encrypted_text.split('?iv=')
+
+      # Ensure iv and base64_encoded_text are not nil
+      return '' unless iv && base64_encoded_text
+
       cipher = OpenSSL::Cipher.new(CIPHER_ALGORITHM).decrypt
       cipher.iv = Base64.decode64(iv)
       cipher.key = compute_shared_key(recipient_private_key, sender_public_key)
diff --git a/spec/nostr/crypto_spec.rb b/spec/nostr/crypto_spec.rb
index f5a4011..de106ab 100644
--- a/spec/nostr/crypto_spec.rb
+++ b/spec/nostr/crypto_spec.rb
@@ -69,11 +69,22 @@ RSpec.describe Nostr::Crypto do
       )
     end
 
-    it 'decrypts an encrypted text' do
-      encrypted_text = crypto.encrypt_text(sender_keypair.private_key, recipient_keypair.public_key, 'Twitter Files')
-      decrypted_text = crypto.decrypt_text(recipient_keypair.private_key, sender_keypair.public_key, encrypted_text)
+    context 'when the encrypted text includes an iv query string' do
+      it 'decrypts an encrypted text' do
+        encrypted_text = crypto.encrypt_text(sender_keypair.private_key, recipient_keypair.public_key, 'Twitter Files')
+        decrypted_text = crypto.decrypt_text(recipient_keypair.private_key, sender_keypair.public_key, encrypted_text)
 
-      expect(decrypted_text).to eq('Twitter Files')
+        expect(decrypted_text).to eq('Twitter Files')
+      end
+    end
+
+    context 'when the encrypted text does not include an iv query string' do
+      it 'returns an empty string' do
+        encrypted_text = 'wrYQaHDfpOEvyJELSCg1vzsywmlJTz8NqH03eFW44s8iQs869jtSb26Lr4s23gmY?it=v38vAJ3LlJAGZxbmWU4qAg=='
+        decrypted_text = crypto.decrypt_text(recipient_keypair.private_key, sender_keypair.public_key, encrypted_text)
+
+        expect(decrypted_text).to eq('')
+      end
     end
   end
 end