Input string was not in a correct format exception in method IsChromiumVersionAtLeast #1811
Description
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
1.25.1
Web app
Sign-in users
Web API
Protected web APIs (validating tokens)
Token cache serialization
Not Applicable
Description
Incorrect Regexp in IsChromiumVersionAtLeast
"Chrom[^ \/]+/(\d+)[.\d]* "
Corrected regexp
"Chrom[^ \/]+/(\d+)[.\d]*"
It means Chrome can be only last in row
For some user agent string it is not true
For example "Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100"
Reproduction steps
in Startup.cs added next code
services.Configure(options =>
{
options.HandleSameSiteCookieCompatibility();
});
Try to open web application with userAgent: "Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100"
Error message
Input string was not in a correct format.
System.Number.ThrowOverflowOrFormatException(ParsingStatus status, TypeCode type)
at System.Convert.ToInt32(String value, IFormatProvider provider)
at Microsoft.Identity.Web.CookiePolicyOptionsExtensions.g__IsChromiumVersionAtLeast|3_7(Int32 major, <>c__DisplayClass3_0& )
at Microsoft.Identity.Web.CookiePolicyOptionsExtensions.g__DropsUnrecognizedSameSiteCookies|3_1(<>c__DisplayClass3_0& )
at Microsoft.Identity.Web.CookiePolicyOptionsExtensions.DisallowsSameSiteNone(String userAgent)
Id Web logs
No response
Relevant code snippets
public static bool IsChromiumVersionAtLeastOriginal(string userAgent, int major)
{
string regex = @"Chrom[^ \/]+\/(\d+)[\.\d]* ";
// Extract digits from first capturing group.
Match match = Regex.Match(userAgent, regex);
int version = Convert.ToInt32(match.Groups[1].Value, CultureInfo.CurrentCulture);
return version >= major;
}
[TestCase("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36")]
[TestCase("Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100")]
public void ChromiumVersionIssueOriginalTest(string userAgent)
{
Assert.DoesNotThrow(() => CookiePolicyOptionsExtensions.IsChromiumVersionAtLeastOriginal(userAgent, 51));
}Regression
No response
Expected behavior
No exception thrown
ChromiumVersionIssue.zip