Skip to content

Commit

Permalink
fix: All user code input should be validated forge#199
Browse files Browse the repository at this point in the history
You should not be able to pass in invalid code and get obscure errors like "index out of range" exceptions. I found one place for this but the code should be audited for it everywhere. Better to run slower and have excellent errors.
  • Loading branch information
astubbs committed Jul 29, 2021
1 parent 14e0f6b commit a08a8ba
Showing 1 changed file with 9 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -131,8 +131,15 @@ public MethodImpl(final O parent, final String method)

String stub = "public class Stub { " + method + " }";
JavaClassSource temp = (JavaClassSource) Roaster.parse(stub);
List<MethodSource<JavaClassSource>> methods = temp.getMethods();
MethodDeclaration newMethod = (MethodDeclaration) methods.get(0).getInternal();
List<Problem> problems = Roaster.validateSnippet(stub);
if (!problems.isEmpty()) {
throw new IllegalArgumentException("Invalid method code. " + problems.toString());
}
List<MethodSource<JavaClassSource>> methods = temp.getMethods();
if (methods.isEmpty())
throw new IllegalArgumentException("No methods found - check your method syntax");
MethodSource<JavaClassSource> javaClassSourceMethodSource = methods.get(0); // don't lookup indexes without validating them
MethodDeclaration newMethod = (MethodDeclaration) javaClassSourceMethodSource.getInternal();
this.method = (MethodDeclaration) ASTNode.copySubtree(cu.getAST(), newMethod);
}

Expand Down

0 comments on commit a08a8ba

Please sign in to comment.