From 6fdfa378438c2de195149409390237d4048d300d Mon Sep 17 00:00:00 2001 From: Martin Kouba Date: Mon, 6 Dec 2021 12:27:22 +0100 Subject: [PATCH] Qute - improve validation of param declarations - resolves #21946 --- .../core/src/main/java/io/quarkus/qute/Parser.java | 9 ++++++--- .../src/test/java/io/quarkus/qute/ParserTest.java | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/independent-projects/qute/core/src/main/java/io/quarkus/qute/Parser.java b/independent-projects/qute/core/src/main/java/io/quarkus/qute/Parser.java index b69b5e9100c7c..fa4461a393a56 100644 --- a/independent-projects/qute/core/src/main/java/io/quarkus/qute/Parser.java +++ b/independent-projects/qute/core/src/main/java/io/quarkus/qute/Parser.java @@ -477,9 +477,12 @@ private void flushTag() { // Parameter declaration // {@org.acme.Foo foo} Scope currentScope = scopeStack.peek(); - int spaceIdx = content.indexOf(" "); - String key = content.substring(spaceIdx + 1, content.length()); - String value = content.substring(1, spaceIdx); + String[] parts = content.substring(1).trim().split("[ ]{1,}"); + if (parts.length != 2) { + throw parserError("invalid parameter declaration " + START_DELIMITER + buffer.toString() + END_DELIMITER); + } + String value = parts[0]; + String key = parts[1]; currentScope.putBinding(key, Expressions.typeInfoFrom(value)); sectionStack.peek().currentBlock().addNode(new ParameterDeclarationNode(content, origin(0))); } else { diff --git a/independent-projects/qute/core/src/test/java/io/quarkus/qute/ParserTest.java b/independent-projects/qute/core/src/test/java/io/quarkus/qute/ParserTest.java index aba4d4f4e6357..1a12c2952f0c3 100644 --- a/independent-projects/qute/core/src/test/java/io/quarkus/qute/ParserTest.java +++ b/independent-projects/qute/core/src/test/java/io/quarkus/qute/ParserTest.java @@ -358,6 +358,20 @@ public void testInvalidBracket() { "Parser error on line 1: invalid bracket notation expression in {foo.baz[}", 1); } + @Test + public void testInvalidParamDeclaration() { + assertParserError("{@com.foo }", + "Parser error on line 1: invalid parameter declaration {@com.foo }", 1); + assertParserError("{@ com.foo }", + "Parser error on line 1: invalid parameter declaration {@ com.foo }", 1); + assertParserError("{@com.foo.Bar bar baz}", + "Parser error on line 1: invalid parameter declaration {@com.foo.Bar bar baz}", 1); + assertParserError("{@}", + "Parser error on line 1: invalid parameter declaration {@}", 1); + assertParserError("{@\n}", + "Parser error on line 1: invalid parameter declaration {@\n}", 1); + } + public static class Foo { public List getItems() {