Skip to content

Commit

Permalink
validate string before parsing to avoid exceptions
Browse files Browse the repository at this point in the history
  • Loading branch information
michaeloffner committed Dec 23, 2024
1 parent f29d1b1 commit bfa371c
Show file tree
Hide file tree
Showing 8 changed files with 87 additions and 26 deletions.
11 changes: 10 additions & 1 deletion core/src/main/java/lucee/commons/i18n/FormatUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -696,7 +696,7 @@ public static long parseX(DateTimeFormatter formatter, String date, TimeZone tim
return zonedDateTime.withZoneSameInstant(timeZone != null ? timeZone.toZoneId() : ZoneId.systemDefault()).toInstant().toEpochMilli();
}

public static long parse(FormatterWrapper fw, String date, ZoneId zone) {
public static long parse(FormatterWrapper fw, String date, ZoneId zone) throws DateTimeParseException {

if (fw.type == FormatUtil.FORMAT_TYPE_DATE_TIME) {
return optimzeDate(ZonedDateTime.parse(date, fw.formatter)).toInstant().toEpochMilli();
Expand All @@ -708,6 +708,15 @@ else if (fw.type == FormatUtil.FORMAT_TYPE_DATE) {
return getEpochMillis(DEFAULT_DATE, LocalTime.parse(date, fw.formatter), zone);
}

public static Long parse(FormatterWrapper fw, String date, ZoneId zone, Long defaultValue) {
try {
return parse(fw, date, zone);
}
catch (Exception e) {
return defaultValue;
}
}

private static ZonedDateTime optimzeDate(ZonedDateTime zdt) {
if (zdt.getYear() < 100) {
if (zdt.getYear() < 40) {
Expand Down
59 changes: 59 additions & 0 deletions core/src/main/java/lucee/commons/i18n/FormatterWrapper.java
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,25 @@ public class FormatterWrapper {
public final short type;
public final ZoneId zone;

private final boolean hasComma;
private final boolean hasSlash;
private final boolean hasColon;
private final boolean hasSpace;
private final boolean hasHyphen;

FormatterWrapper(DateTimeFormatter formatter, String pattern, short type, ZoneId zone) {
this.formatter = formatter;
this.successCount = 0;
this.pattern = pattern;
this.type = type;
this.zone = zone;
this.custom = false;

this.hasComma = pattern.indexOf(',') != -1;
this.hasSlash = pattern.indexOf('/') != -1;
this.hasHyphen = pattern.indexOf('-') != -1;
this.hasColon = pattern.indexOf(':') != -1;
this.hasSpace = pattern.indexOf(' ') != -1;
}

FormatterWrapper(DateTimeFormatter formatter, String pattern, short type, ZoneId zone, boolean custom) {
Expand All @@ -27,5 +39,52 @@ public class FormatterWrapper {
this.type = type;
this.zone = zone;
this.custom = custom;

this.hasComma = pattern.indexOf(',') != -1;
this.hasSlash = pattern.indexOf('/') != -1;
this.hasHyphen = pattern.indexOf('-') != -1;
this.hasColon = pattern.indexOf(':') != -1;
this.hasSpace = pattern.indexOf(' ') != -1;
}

public boolean valid(String str) {
if (pattern.length() > str.length()) return false;

if (hasComma) {
if (str.indexOf(',') == -1) return false;
}
else {
if (str.indexOf(',') != -1) return false;
}

if (hasHyphen) {
if (str.indexOf('-') == -1) return false;
}
else {
if (str.indexOf('-') != -1) return false;
}

if (hasSlash) {
if (str.indexOf('/') == -1) return false;
}
else {
if (str.indexOf('/') != -1) return false;
}

if (hasColon) {
if (str.indexOf(':') == -1) return false;
}
else {
if (str.indexOf(':') != -1) return false;
}

if (hasSpace) {
if (str.indexOf(' ') == -1) return false;
}
else {
if (str.indexOf(' ') != -1) return false;
}
return true;
}

}
5 changes: 4 additions & 1 deletion core/src/main/java/lucee/commons/io/SystemUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -1477,7 +1477,10 @@ public static InputStream getResourceAsStream(Bundle bundle, String path) {
URL entry = bundle.getEntry(path);
is = entry != null ? entry.openStream() : null;
if (is != null) return is;
if (path.startsWith("/")) is = bundle.getEntry(path.substring(1)).openStream();
if (path.startsWith("/")) {
URL e = bundle.getEntry(path.substring(1));
is = e == null ? null : e.openStream();
}
if (is != null) return is;

}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@

import org.apache.felix.framework.BundleWiringImpl.BundleClassLoader;

import lucee.print;
import lucee.commons.digest.HashUtil;
import lucee.commons.io.CharsetUtil;
import lucee.commons.io.IOUtil;
Expand Down Expand Up @@ -225,11 +224,9 @@ private Class<?> loadClass(String name, boolean resolve, boolean loadFromFS, Cla
if (c == null) {
ClassLoader pcl = getParent();
if (pcl instanceof ClassLoaderDefault) {
print.e("-" + pcl + ">" + name);
c = ((ClassLoaderDefault) pcl).loadClass(name, resolve, null);
}
else {
print.e("=" + pcl + ">" + name);
try {
c = super.loadClass(name, resolve);
}
Expand Down
22 changes: 10 additions & 12 deletions core/src/main/java/lucee/runtime/op/date/DateCaster.java
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import java.util.Locale;
import java.util.TimeZone;

import lucee.print;
import lucee.commons.date.DateTimeUtil;
import lucee.commons.date.JREDateTimeUtil;
import lucee.commons.date.TimeZoneConstants;
Expand Down Expand Up @@ -306,29 +307,26 @@ public static DateTime toDateTime(Locale locale, String str, TimeZone tz, DateTi
return (dt == null) ? defaultValue : dt;
}

public static void main(String[] args) {
print.e(toDateTimeNew(Locale.ENGLISH, "2024/12/23 12:07:11 CET", TimeZoneConstants.CET, null, true));
}

public static DateTime toDateTimeNew(Locale locale, String str, TimeZone tz, DateTime defaultValue, boolean useCommomDateParserAsWell) {
countCheck++;
str = str.trim();
tz = ThreadLocalPageContext.getTimeZone(tz);

List<FormatterWrapper> all = FormatUtil.getAllFormats(locale, tz, true);

Long time;
try {
for (FormatterWrapper fw: all) {

// if (fw.custom && fw.pattern.length() != str.length()) continue;
try {
DateTimeImpl res = new DateTimeImpl(FormatUtil.parse(fw, str, fw.zone));
if (!fw.valid(str)) continue;
time = FormatUtil.parse(fw, str, fw.zone, null);
if (time != null) {
DateTimeImpl res = new DateTimeImpl(time.longValue());
fw.successCount++;
// print.e("++++ " + fw.successCount + "|" + str + "|" + FormatUtil.format(fw.formatter, new Date(),
// tz) + "|" + fw.pattern + " -----");
return res;
}
catch (Exception e) {// TODO can we avoid the exception?
// print.e("X--- " + fw.successCount + "|" + str + "|" + FormatUtil.format(fw.formatter, new Date(),
// tz) + "|" + fw.pattern + " -----");
// print.e(e);
}
}
}
finally {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
import lucee.commons.lang.Pair;
import lucee.commons.lang.SerializableObject;
import lucee.commons.lang.SystemOut;
import lucee.loader.engine.CFMLEngineFactory;
import lucee.runtime.engine.ThreadLocalPageContext;
import lucee.runtime.op.Caster;
import lucee.runtime.reflection.Reflector;
import lucee.runtime.type.Collection.Key;
Expand Down Expand Up @@ -87,12 +87,7 @@ public DynamicInvoker(Resource configDir) {

public Log getLog() {
if (_log == null) {
try {
_log = CFMLEngineFactory.getInstance().getThreadConfig().getLog("application");
}
catch (Exception e) {

}
_log = ThreadLocalPageContext.getLog("application");
}
return _log;
}
Expand Down
2 changes: 1 addition & 1 deletion loader/build.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<project default="core" basedir="." name="Lucee"
xmlns:resolver="antlib:org.apache.maven.resolver.ant">

<property name="version" value="6.2.0.249-SNAPSHOT"/>
<property name="version" value="6.2.0.250-SNAPSHOT"/>

<taskdef uri="antlib:org.apache.maven.resolver.ant" resource="org/apache/maven/resolver/ant/antlib.xml">
<classpath>
Expand Down
2 changes: 1 addition & 1 deletion loader/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

<groupId>org.lucee</groupId>
<artifactId>lucee</artifactId>
<version>6.2.0.249-SNAPSHOT</version>
<version>6.2.0.250-SNAPSHOT</version>
<packaging>jar</packaging>

<name>Lucee Loader Build</name>
Expand Down

0 comments on commit bfa371c

Please sign in to comment.