From bfa371cad086ae0e24948989afa77698bb0951a7 Mon Sep 17 00:00:00 2001 From: michaeloffner Date: Mon, 23 Dec 2024 15:45:04 +0100 Subject: [PATCH] validate string before parsing to avoid exceptions --- .../java/lucee/commons/i18n/FormatUtil.java | 11 +++- .../lucee/commons/i18n/FormatterWrapper.java | 59 +++++++++++++++++++ .../java/lucee/commons/io/SystemUtil.java | 5 +- .../commons/lang/PhysicalClassLoader.java | 3 - .../lucee/runtime/op/date/DateCaster.java | 22 ++++--- .../transformer/dynamic/DynamicInvoker.java | 9 +-- loader/build.xml | 2 +- loader/pom.xml | 2 +- 8 files changed, 87 insertions(+), 26 deletions(-) diff --git a/core/src/main/java/lucee/commons/i18n/FormatUtil.java b/core/src/main/java/lucee/commons/i18n/FormatUtil.java index 91ed7dd239..7c264c05ba 100644 --- a/core/src/main/java/lucee/commons/i18n/FormatUtil.java +++ b/core/src/main/java/lucee/commons/i18n/FormatUtil.java @@ -696,7 +696,7 @@ public static long parseX(DateTimeFormatter formatter, String date, TimeZone tim return zonedDateTime.withZoneSameInstant(timeZone != null ? timeZone.toZoneId() : ZoneId.systemDefault()).toInstant().toEpochMilli(); } - public static long parse(FormatterWrapper fw, String date, ZoneId zone) { + public static long parse(FormatterWrapper fw, String date, ZoneId zone) throws DateTimeParseException { if (fw.type == FormatUtil.FORMAT_TYPE_DATE_TIME) { return optimzeDate(ZonedDateTime.parse(date, fw.formatter)).toInstant().toEpochMilli(); @@ -708,6 +708,15 @@ else if (fw.type == FormatUtil.FORMAT_TYPE_DATE) { return getEpochMillis(DEFAULT_DATE, LocalTime.parse(date, fw.formatter), zone); } + public static Long parse(FormatterWrapper fw, String date, ZoneId zone, Long defaultValue) { + try { + return parse(fw, date, zone); + } + catch (Exception e) { + return defaultValue; + } + } + private static ZonedDateTime optimzeDate(ZonedDateTime zdt) { if (zdt.getYear() < 100) { if (zdt.getYear() < 40) { diff --git a/core/src/main/java/lucee/commons/i18n/FormatterWrapper.java b/core/src/main/java/lucee/commons/i18n/FormatterWrapper.java index 2702895843..215429829b 100644 --- a/core/src/main/java/lucee/commons/i18n/FormatterWrapper.java +++ b/core/src/main/java/lucee/commons/i18n/FormatterWrapper.java @@ -11,6 +11,12 @@ public class FormatterWrapper { public final short type; public final ZoneId zone; + private final boolean hasComma; + private final boolean hasSlash; + private final boolean hasColon; + private final boolean hasSpace; + private final boolean hasHyphen; + FormatterWrapper(DateTimeFormatter formatter, String pattern, short type, ZoneId zone) { this.formatter = formatter; this.successCount = 0; @@ -18,6 +24,12 @@ public class FormatterWrapper { this.type = type; this.zone = zone; this.custom = false; + + this.hasComma = pattern.indexOf(',') != -1; + this.hasSlash = pattern.indexOf('/') != -1; + this.hasHyphen = pattern.indexOf('-') != -1; + this.hasColon = pattern.indexOf(':') != -1; + this.hasSpace = pattern.indexOf(' ') != -1; } FormatterWrapper(DateTimeFormatter formatter, String pattern, short type, ZoneId zone, boolean custom) { @@ -27,5 +39,52 @@ public class FormatterWrapper { this.type = type; this.zone = zone; this.custom = custom; + + this.hasComma = pattern.indexOf(',') != -1; + this.hasSlash = pattern.indexOf('/') != -1; + this.hasHyphen = pattern.indexOf('-') != -1; + this.hasColon = pattern.indexOf(':') != -1; + this.hasSpace = pattern.indexOf(' ') != -1; } + + public boolean valid(String str) { + if (pattern.length() > str.length()) return false; + + if (hasComma) { + if (str.indexOf(',') == -1) return false; + } + else { + if (str.indexOf(',') != -1) return false; + } + + if (hasHyphen) { + if (str.indexOf('-') == -1) return false; + } + else { + if (str.indexOf('-') != -1) return false; + } + + if (hasSlash) { + if (str.indexOf('/') == -1) return false; + } + else { + if (str.indexOf('/') != -1) return false; + } + + if (hasColon) { + if (str.indexOf(':') == -1) return false; + } + else { + if (str.indexOf(':') != -1) return false; + } + + if (hasSpace) { + if (str.indexOf(' ') == -1) return false; + } + else { + if (str.indexOf(' ') != -1) return false; + } + return true; + } + } \ No newline at end of file diff --git a/core/src/main/java/lucee/commons/io/SystemUtil.java b/core/src/main/java/lucee/commons/io/SystemUtil.java index e0f29dbd6f..7dbd717c26 100644 --- a/core/src/main/java/lucee/commons/io/SystemUtil.java +++ b/core/src/main/java/lucee/commons/io/SystemUtil.java @@ -1477,7 +1477,10 @@ public static InputStream getResourceAsStream(Bundle bundle, String path) { URL entry = bundle.getEntry(path); is = entry != null ? entry.openStream() : null; if (is != null) return is; - if (path.startsWith("/")) is = bundle.getEntry(path.substring(1)).openStream(); + if (path.startsWith("/")) { + URL e = bundle.getEntry(path.substring(1)); + is = e == null ? null : e.openStream(); + } if (is != null) return is; } diff --git a/core/src/main/java/lucee/commons/lang/PhysicalClassLoader.java b/core/src/main/java/lucee/commons/lang/PhysicalClassLoader.java index 4b43f45be9..573d094926 100644 --- a/core/src/main/java/lucee/commons/lang/PhysicalClassLoader.java +++ b/core/src/main/java/lucee/commons/lang/PhysicalClassLoader.java @@ -35,7 +35,6 @@ import org.apache.felix.framework.BundleWiringImpl.BundleClassLoader; -import lucee.print; import lucee.commons.digest.HashUtil; import lucee.commons.io.CharsetUtil; import lucee.commons.io.IOUtil; @@ -225,11 +224,9 @@ private Class loadClass(String name, boolean resolve, boolean loadFromFS, Cla if (c == null) { ClassLoader pcl = getParent(); if (pcl instanceof ClassLoaderDefault) { - print.e("-" + pcl + ">" + name); c = ((ClassLoaderDefault) pcl).loadClass(name, resolve, null); } else { - print.e("=" + pcl + ">" + name); try { c = super.loadClass(name, resolve); } diff --git a/core/src/main/java/lucee/runtime/op/date/DateCaster.java b/core/src/main/java/lucee/runtime/op/date/DateCaster.java index cea1d5c552..c6099d83cc 100755 --- a/core/src/main/java/lucee/runtime/op/date/DateCaster.java +++ b/core/src/main/java/lucee/runtime/op/date/DateCaster.java @@ -30,6 +30,7 @@ import java.util.Locale; import java.util.TimeZone; +import lucee.print; import lucee.commons.date.DateTimeUtil; import lucee.commons.date.JREDateTimeUtil; import lucee.commons.date.TimeZoneConstants; @@ -306,29 +307,26 @@ public static DateTime toDateTime(Locale locale, String str, TimeZone tz, DateTi return (dt == null) ? defaultValue : dt; } + public static void main(String[] args) { + print.e(toDateTimeNew(Locale.ENGLISH, "2024/12/23 12:07:11 CET", TimeZoneConstants.CET, null, true)); + } + public static DateTime toDateTimeNew(Locale locale, String str, TimeZone tz, DateTime defaultValue, boolean useCommomDateParserAsWell) { countCheck++; str = str.trim(); tz = ThreadLocalPageContext.getTimeZone(tz); List all = FormatUtil.getAllFormats(locale, tz, true); - + Long time; try { for (FormatterWrapper fw: all) { - - // if (fw.custom && fw.pattern.length() != str.length()) continue; - try { - DateTimeImpl res = new DateTimeImpl(FormatUtil.parse(fw, str, fw.zone)); + if (!fw.valid(str)) continue; + time = FormatUtil.parse(fw, str, fw.zone, null); + if (time != null) { + DateTimeImpl res = new DateTimeImpl(time.longValue()); fw.successCount++; - // print.e("++++ " + fw.successCount + "|" + str + "|" + FormatUtil.format(fw.formatter, new Date(), - // tz) + "|" + fw.pattern + " -----"); return res; } - catch (Exception e) {// TODO can we avoid the exception? - // print.e("X--- " + fw.successCount + "|" + str + "|" + FormatUtil.format(fw.formatter, new Date(), - // tz) + "|" + fw.pattern + " -----"); - // print.e(e); - } } } finally { diff --git a/core/src/main/java/lucee/transformer/dynamic/DynamicInvoker.java b/core/src/main/java/lucee/transformer/dynamic/DynamicInvoker.java index 5b1fe37ae3..e0105d2cda 100644 --- a/core/src/main/java/lucee/transformer/dynamic/DynamicInvoker.java +++ b/core/src/main/java/lucee/transformer/dynamic/DynamicInvoker.java @@ -42,7 +42,7 @@ import lucee.commons.lang.Pair; import lucee.commons.lang.SerializableObject; import lucee.commons.lang.SystemOut; -import lucee.loader.engine.CFMLEngineFactory; +import lucee.runtime.engine.ThreadLocalPageContext; import lucee.runtime.op.Caster; import lucee.runtime.reflection.Reflector; import lucee.runtime.type.Collection.Key; @@ -87,12 +87,7 @@ public DynamicInvoker(Resource configDir) { public Log getLog() { if (_log == null) { - try { - _log = CFMLEngineFactory.getInstance().getThreadConfig().getLog("application"); - } - catch (Exception e) { - - } + _log = ThreadLocalPageContext.getLog("application"); } return _log; } diff --git a/loader/build.xml b/loader/build.xml index 9fa04a117b..44d6da234a 100644 --- a/loader/build.xml +++ b/loader/build.xml @@ -2,7 +2,7 @@ - + diff --git a/loader/pom.xml b/loader/pom.xml index db365534da..17029fb09a 100644 --- a/loader/pom.xml +++ b/loader/pom.xml @@ -3,7 +3,7 @@ org.lucee lucee - 6.2.0.249-SNAPSHOT + 6.2.0.250-SNAPSHOT jar Lucee Loader Build