fix: validate that all characters after first padding character in Base64 decode (#7491)

fix: validate that all characters after first padding character are also padding characters

Author: priyanshuvishwakarma273403

src/main/java/com/thealgorithms/conversions/Base64.java

@@ -119,8 +119,15 @@ public static byte[] decode(String input) {
 
         // Validate padding: '=' can only appear at the end (last 1 or 2 chars)
         int firstPadding = input.indexOf('=');
-        if (firstPadding != -1 && firstPadding < input.length() - 2) {
-            throw new IllegalArgumentException("Padding '=' can only appear at the end (last 1 or 2 characters)");
+        if (firstPadding != -1) {
+            if (firstPadding < input.length() - 2) {
+                throw new IllegalArgumentException("Padding '=' can only appear at the end (last 1 or 2 characters)");
+            }
+            for (int i = firstPadding; i < input.length(); i++) {
+                if (input.charAt(i) != '=') {
+                    throw new IllegalArgumentException("A padding '=' must not be followed by a non-padding character");
+                }
+            }
         }
 
         List<Byte> result = new ArrayList<>();

src/test/java/com/thealgorithms/conversions/Base64Test.java

@@ -127,6 +127,9 @@ void testInvalidPaddingPosition() {
         assertThrows(IllegalArgumentException.class, () -> Base64.decode("Q=QQ"));
         assertThrows(IllegalArgumentException.class, () -> Base64.decode("Q=Q="));
         assertThrows(IllegalArgumentException.class, () -> Base64.decode("=QQQ"));
+        assertThrows(IllegalArgumentException.class, () -> Base64.decode("QQ=Q"));
+        assertThrows(IllegalArgumentException.class, () -> Base64.decode("AB=C"));
+        assertThrows(IllegalArgumentException.class, () -> Base64.decode("AB=A"));
     }
 
     @Test