+136
-24
lines changedFilter options
+136
-24
lines changed Original file line number Diff line number Diff line change
@@ -369,6 +369,7 @@ junit_tests(
369 369
"src/test/java/com/google/protobuf/TestUtil.java",
370 370
"src/test/java/com/google/protobuf/TestUtilLite.java",
371 371
"src/test/java/com/google/protobuf/GeneratedMessagePre22WarningDisabledTest.java",
372 +
"src/test/java/com/google/protobuf/GeneratedMessagePre22ErrorTest.java",
372 373
],
373 374
),
374 375
data = ["//src/google/protobuf:testdata"],
@@ -473,6 +474,7 @@ LITE_TEST_EXCLUSIONS = [
473 474
"src/test/java/com/google/protobuf/FieldPresenceTest.java",
474 475
"src/test/java/com/google/protobuf/ForceFieldBuildersPreRun.java",
475 476
"src/test/java/com/google/protobuf/GeneratedMessagePre22WarningDisabledTest.java",
477 +
"src/test/java/com/google/protobuf/GeneratedMessagePre22ErrorTest.java",
476 478
"src/test/java/com/google/protobuf/GeneratedMessageTest.java",
477 479
"src/test/java/com/google/protobuf/LazyFieldTest.java",
478 480
"src/test/java/com/google/protobuf/LazyStringEndToEndTest.java",
@@ -545,6 +547,24 @@ java_test(
545 547
],
546 548
)
547 549 550 +
java_test(
551 +
name = "GeneratedMessagePre22ErrorTest",
552 +
size = "small",
553 +
srcs = [
554 +
"src/test/java/com/google/protobuf/GeneratedMessagePre22ErrorTest.java",
555 +
],
556 +
jvm_flags = ["-Dcom.google.protobuf.error_on_unsafe_pre22_gencode"],
557 +
deps = [
558 +
":core",
559 +
":generic_test_protos_java_proto",
560 +
":java_test_protos_java_proto",
561 +
":lite_test_protos_java_proto",
562 +
":test_util",
563 +
"@maven//:com_google_truth_truth",
564 +
"@maven//:junit_junit",
565 +
],
566 +
)
567 + 548 568
pkg_files(
549 569
name = "dist_files",
550 570
srcs = glob([
@@ -25,6 +25,7 @@
25 25
import java.util.List;
26 26
import java.util.Map;
27 27
import java.util.TreeMap;
28 +
import java.util.logging.Logger;
28 29 29 30
/**
30 31
* All generated protocol message classes extend this class. This class implements most of the
@@ -35,6 +36,7 @@
35 36
*/
36 37
public abstract class GeneratedMessage extends AbstractMessage implements Serializable {
37 38
private static final long serialVersionUID = 1L;
39 +
private static final Logger logger = Logger.getLogger(GeneratedMessage.class.getName());
38 40 39 41
/**
40 42
* For testing. Allows a test to disable the optimization that avoids using field builders for
@@ -310,22 +312,33 @@ public int getSerializedSize() {
310 312
return memoizedSize;
311 313
}
312 314 313 -
static final String PRE22_GENCODE_ACKNOWLEGE_PROPERTY =
315 +
static final String PRE22_GENCODE_SILENCE_PROPERTY =
314 316
"com.google.protobuf.use_unsafe_pre22_gencode";
317 +
static final String PRE22_GENCODE_ERROR_PROPERTY =
318 +
"com.google.protobuf.error_on_unsafe_pre22_gencode";
319 + 315 320
static final String PRE22_GENCODE_VULNERABILITY_MESSAGE =
316 321
"As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf"
317 322
+ " gencode. If you are seeing this message, your gencode is vulnerable to a denial of"
318 323
+ " service attack. You should regenerate your code using protobuf 25.6 or later. Use the"
319 324
+ " latest version that meets your needs. However, if you understand the risks and wish"
320 325
+ " to continue with vulnerable gencode, you can set the system property"
321 -
+ " `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line. See security"
322 -
+ " vulnerability:"
326 +
+ " `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line to silence this"
327 +
+ " warning. You also can set"
328 +
+ " `-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error instead. See"
329 +
+ " security vulnerability:"
323 330
+ " https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2";
324 331 325 332
static void warnPre22Gencode() {
326 -
if (System.getProperty(PRE22_GENCODE_ACKNOWLEGE_PROPERTY) == null) {
327 -
throw new UnsupportedOperationException(PRE22_GENCODE_VULNERABILITY_MESSAGE);
333 +
if (System.getProperty(PRE22_GENCODE_SILENCE_PROPERTY) != null) {
334 +
return;
335 +
}
336 +
UnsupportedOperationException exception =
337 +
new UnsupportedOperationException(PRE22_GENCODE_VULNERABILITY_MESSAGE);
338 +
if (System.getProperty(PRE22_GENCODE_ERROR_PROPERTY) != null) {
339 +
throw exception;
328 340
}
341 +
logger.warning(exception.toString());
329 342
}
330 343 331 344
/** Used by parsing constructors in generated classes. */
@@ -0,0 +1,53 @@
1 +
package com.google.protobuf;
2 + 3 +
import static com.google.common.truth.Truth.assertThat;
4 +
import static org.junit.Assert.assertThrows;
5 + 6 +
import protobuf_unittest.UnittestProto.TestAllExtensions;
7 +
import org.junit.Test;
8 +
import org.junit.runner.RunWith;
9 +
import org.junit.runners.JUnit4;
10 + 11 +
@RunWith(JUnit4.class)
12 +
public class GeneratedMessagePre22ErrorTest {
13 +
@Test
14 +
public void generatedMessage_makeExtensionsImmutableShouldError() {
15 +
GeneratedMessageV3 msg =
16 +
new GeneratedMessageV3() {
17 +
@Override
18 +
protected FieldAccessorTable internalGetFieldAccessorTable() {
19 +
return null;
20 +
}
21 + 22 +
@Override
23 +
protected Message.Builder newBuilderForType(BuilderParent parent) {
24 +
return null;
25 +
}
26 + 27 +
@Override
28 +
public Message.Builder newBuilderForType() {
29 +
return null;
30 +
}
31 + 32 +
@Override
33 +
public Message.Builder toBuilder() {
34 +
return null;
35 +
}
36 + 37 +
@Override
38 +
public Message getDefaultInstanceForType() {
39 +
return null;
40 +
}
41 +
};
42 +
Throwable e = assertThrows(UnsupportedOperationException.class, () -> msg.makeExtensionsImmutable());
43 +
assertThat(e).hasMessageThat().contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
44 +
}
45 + 46 +
@Test
47 +
public void extendableMessage_makeExtensionsImmutableShouldError() {
48 +
GeneratedMessageV3.ExtendableMessage<TestAllExtensions> msg =
49 +
TestAllExtensions.newBuilder().build();
50 +
Throwable e = assertThrows(UnsupportedOperationException.class, () -> msg.makeExtensionsImmutable());
51 +
assertThat(e).hasMessageThat().contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
52 +
}
53 +
}
Original file line number Diff line number Diff line change
@@ -1,14 +1,27 @@
1 1
package com.google.protobuf;
2 2 3 +
import static com.google.common.truth.Truth.assertThat;
4 + 3 5
import protobuf_unittest.UnittestProto.TestAllExtensions;
6 +
import java.util.logging.Level;
7 +
import java.util.logging.Logger;
4 8
import org.junit.Test;
5 9
import org.junit.runner.RunWith;
6 10
import org.junit.runners.JUnit4;
7 11 8 12
@RunWith(JUnit4.class)
9 13
public class GeneratedMessagePre22WarningDisabledTest {
14 +
private TestUtil.TestLogHandler setupLogger() {
15 +
TestUtil.TestLogHandler logHandler = new TestUtil.TestLogHandler();
16 +
Logger logger = Logger.getLogger(GeneratedMessage.class.getName());
17 +
logger.addHandler(logHandler);
18 +
logHandler.setLevel(Level.ALL);
19 +
return logHandler;
20 +
}
21 + 10 22
@Test
11 -
public void generatedMessage_makeExtensionsImmutableShouldNotThrow() {
23 +
public void generatedMessage_makeExtensionsImmutableShouldNotLog() {
24 +
TestUtil.TestLogHandler logHandler = setupLogger();
12 25
GeneratedMessageV3 msg =
13 26
new GeneratedMessageV3() {
14 27
@Override
@@ -37,13 +50,16 @@ public Message getDefaultInstanceForType() {
37 50
}
38 51
};
39 52
msg.makeExtensionsImmutable();
53 +
assertThat(logHandler.getStoredLogRecords()).isEmpty();
40 54
}
41 55 42 56
@Test
43 -
public void extendableMessage_makeExtensionsImmutableShouldNotThrow() {
57 +
public void extendableMessage_makeExtensionsImmutableShouldNotLog() {
58 +
TestUtil.TestLogHandler logHandler = setupLogger();
44 59
GeneratedMessageV3.ExtendableMessage<TestAllExtensions> msg =
45 60
TestAllExtensions.newBuilder().build();
46 61
msg.makeExtensionsImmutable();
62 +
assertThat(logHandler.getStoredLogRecords()).isEmpty();
47 63
}
48 64
}
49 65
@@ -50,6 +50,9 @@
50 50
import java.util.Collections;
51 51
import java.util.Iterator;
52 52
import java.util.List;
53 +
import java.util.logging.Level;
54 +
import java.util.logging.LogRecord;
55 +
import java.util.logging.Logger;
53 56
import org.junit.After;
54 57
import org.junit.Test;
55 58
import org.junit.runner.RunWith;
@@ -1999,9 +2002,19 @@ public void extendableBuilder_mergeFrom_repeatedField_doesNotInvalidateExistingB
1999 2002
assertThat(builder.getRepeatedField(REPEATED_NESTED_MESSAGE_EXTENSION, 0))
2000 2003
.isEqualTo(NestedMessage.newBuilder().setBb(100).build());
2001 2004
}
2005 + 2006 +
private TestUtil.TestLogHandler setupLogger() {
2007 +
TestUtil.TestLogHandler logHandler = new TestUtil.TestLogHandler();
2008 +
Logger logger = Logger.getLogger(GeneratedMessage.class.getName());
2009 +
logger.addHandler(logHandler);
2010 +
logHandler.setLevel(Level.ALL);
2011 +
return logHandler;
2012 +
}
2013 + 2002 2014 2003 2015
@Test
2004 -
public void generatedMessage_makeExtensionsImmutableShouldThrow() {
2016 +
public void generatedMessage_makeExtensionsImmutableShouldLog() {
2017 +
TestUtil.TestLogHandler logHandler = setupLogger();
2005 2018
GeneratedMessageV3 msg =
2006 2019
new GeneratedMessageV3() {
2007 2020
@Override
@@ -2029,27 +2042,24 @@ public Message getDefaultInstanceForType() {
2029 2042
return null;
2030 2043
}
2031 2044
};
2032 -
try {
2033 -
msg.makeExtensionsImmutable();
2034 -
assertWithMessage("Expected UnsupportedOperationException").fail();
2035 -
} catch (UnsupportedOperationException e) {
2036 -
// Expected
2037 -
assertThat(e).hasMessageThat().contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
2038 -
assertThat(e).hasMessageThat().contains(GeneratedMessage.PRE22_GENCODE_ACKNOWLEGE_PROPERTY);
2039 -
}
2045 +
msg.makeExtensionsImmutable();
2046 +
List<LogRecord> logs = logHandler.getStoredLogRecords();
2047 +
assertThat(logs).hasSize(1);
2048 +
String message = logs.get(0).getMessage();
2049 +
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
2050 +
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_SILENCE_PROPERTY);
2040 2051
}
2041 2052 2042 2053
@Test
2043 2054
public void extendableMessage_makeExtensionsImmutableShouldThrow() {
2055 +
TestUtil.TestLogHandler logHandler = setupLogger();
2044 2056
GeneratedMessageV3.ExtendableMessage<TestAllExtensions> msg =
2045 2057
TestAllExtensions.getDefaultInstance();
2046 -
try {
2047 -
msg.makeExtensionsImmutable();
2048 -
assertWithMessage("Expected UnsupportedOperationException").fail();
2049 -
} catch (UnsupportedOperationException e) {
2050 -
// Expected
2051 -
assertThat(e).hasMessageThat().contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
2052 -
assertThat(e).hasMessageThat().contains(GeneratedMessage.PRE22_GENCODE_ACKNOWLEGE_PROPERTY);
2053 -
}
2058 +
msg.makeExtensionsImmutable();
2059 +
List<LogRecord> logs = logHandler.getStoredLogRecords();
2060 +
assertThat(logs).hasSize(1);
2061 +
String message = logs.get(0).getMessage();
2062 +
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
2063 +
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_SILENCE_PROPERTY);
2054 2064
}
2055 2065
}
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4