From 41cea23fffbcc35c48b94cd112a6f6d8f3889905 Mon Sep 17 00:00:00 2001
From: ivan katliarchuk <ivan.katliarchuk@gmail.com>
Date: Sun, 29 Dec 2024 13:10:02 +0000
Subject: [PATCH] fix(aes-encryption): labels.Serialize cover case when
 GenerateNonce errors

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
---
 endpoint/labels_test.go | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/endpoint/labels_test.go b/endpoint/labels_test.go
index 64d214ffd..f92e72f12 100644
--- a/endpoint/labels_test.go
+++ b/endpoint/labels_test.go
@@ -18,6 +18,7 @@ package endpoint
 
 import (
 	"bytes"
+	"crypto/rand"
 	"fmt"
 	"testing"
 
@@ -102,11 +103,39 @@ func (suite *LabelsSuite) TestEncryptionFailed() {
 	log.StandardLogger().SetOutput(b)
 
 	_ = foo.Serialize(false, true, []byte("wrong-key"))
-	
+
 	suite.True(fatalCrash, "should fail if encryption key is wrong")
 	suite.Contains(b.String(), "Failed to encrypt the text")
 }
 
+func (suite *LabelsSuite) TestEncryptionFailedFaultyReader() {
+	foo, err := NewLabelsFromString(suite.fooAsTextEncrypted, suite.aesKey)
+	suite.NoError(err, "should succeed for valid label text")
+
+	// remove encryption nonce just for simplicity, so that we could regenerate nonce
+	delete(foo, txtEncryptionNonce)
+
+	originalRandReader := rand.Reader
+	defer func() {
+		log.StandardLogger().ExitFunc = nil
+		rand.Reader = originalRandReader
+	}()
+
+	// Replace rand.Reader with a faulty reader
+	rand.Reader = &faultyReader{}
+
+	b := new(bytes.Buffer)
+
+	var fatalCrash bool
+	log.StandardLogger().ExitFunc = func(int) { fatalCrash = true }
+	log.StandardLogger().SetOutput(b)
+
+	_ = foo.Serialize(false, true, suite.aesKey)
+
+	suite.True(fatalCrash)
+	suite.Contains(b.String(), "Failed to generate cryptographic nonce")
+}
+
 func (suite *LabelsSuite) TestDeserialize() {
 	foo, err := NewLabelsFromStringPlain(suite.fooAsText)
 	suite.NoError(err, "should succeed for valid label text")