RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/protocolbuffers/protobuf/commit/88a3b9033014bfd4185d934bd199191667a67d2a below:

Change pre-22 poison pill to only log once per affected message type.… · protocolbuffers/protobuf@88a3b90 · GitHub

File tree Expand file treeCollapse file tree 3 files changed

+71

-34

lines changed

Filter options

- main/java/com/google/protobuf
- test/java/com/google/protobuf

Expand file treeCollapse file tree 3 files changed

+71

-34

lines changed Original file line number Diff line number Diff line change


 @@ -21,9 +21,11 @@

21 21


 import java.lang.reflect.Method;

22 22


 import java.util.ArrayList;

23 23


 import java.util.Collections;

24

+
 import java.util.HashSet;

24 25


 import java.util.Iterator;

25 26


 import java.util.List;

26 27


 import java.util.Map;

28

+
 import java.util.Set;

27 29


 import java.util.TreeMap;

28 30


 import java.util.logging.Logger;

29 31


 @@ -329,21 +331,30 @@ public int getSerializedSize() {

329 331


 + " security vulnerability:"

330 332


 + " https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2";

331 333 332

-
 static void warnPre22Gencode() {

334

+
 private static final Set<String> loggedPre22TypeNames

335

+
 = Collections.synchronizedSet(new HashSet<String>());

336

+
 static void warnPre22Gencode(Class<?> messageClass) {

333 337


 if (System.getProperty(PRE22_GENCODE_SILENCE_PROPERTY) != null) {

334 338


 return;

335 339

336

-
 UnsupportedOperationException exception =

337

-
 new UnsupportedOperationException(PRE22_GENCODE_VULNERABILITY_MESSAGE);

340

+
 String messageName = messageClass.getName();

341

+
 String vulnerabilityMessage =

342

+
 "Vulnerable protobuf generated type in use: " + messageName + "\n" +

343

+
 PRE22_GENCODE_VULNERABILITY_MESSAGE;

344 + 338 345


 if (System.getProperty(PRE22_GENCODE_ERROR_PROPERTY) != null) {

339

-
 throw exception;

346

+
 throw new UnsupportedOperationException(vulnerabilityMessage);

347

+
 }

348 + 349

+
 if (!loggedPre22TypeNames.add(messageName)) {

350

+
 return;

340 351

341

-
 logger.warning(exception.toString());

352

+
 logger.warning(vulnerabilityMessage);

342 353

343 354 344 355


 /** Used by parsing constructors in generated classes. */

345 356


 protected void makeExtensionsImmutable() {

346

-
 warnPre22Gencode();

357

+
 warnPre22Gencode(getClass());

347 358

348 359 349 360

/**


 @@ -933,7 +944,7 @@ protected boolean parseUnknownField(

933 944


 /** Used by parsing constructors in generated classes. */

934 945


 @Override

935 946


 protected void makeExtensionsImmutable() {

936

-
 warnPre22Gencode();

947

+
 warnPre22Gencode(getClass());

937 948


 extensions.makeImmutable();

938 949

939 950 Original file line number Diff line number Diff line change


 @@ -528,7 +528,7 @@ protected Object newInstance(UnusedPrivateParameter unused) {

528 528

*/

529 529


 protected void makeExtensionsImmutable() {

530 530


 // Noop for messages without extensions.

531

-
 GeneratedMessage.warnPre22Gencode();

531

+
 GeneratedMessage.warnPre22Gencode(getClass());

532 532

533 533 534 534

/**


 @@ -1276,7 +1276,7 @@ protected boolean parseUnknownFieldProto3(

1276 1276

*/

1277 1277


 @Override

1278 1278


 protected void makeExtensionsImmutable() {

1279

-
 GeneratedMessage.warnPre22Gencode();

1279

+
 GeneratedMessage.warnPre22Gencode(getClass());

1280 1280


 extensions.makeImmutable();

1281 1281

1282 1282 Original file line number Diff line number Diff line change


 @@ -2015,39 +2015,58 @@ private TestUtil.TestLogHandler setupLogger() {

2015 2015


 @Test

2016 2016


 public void generatedMessage_makeExtensionsImmutableShouldLog() {

2017 2017


 TestUtil.TestLogHandler logHandler = setupLogger();

2018

-
 GeneratedMessageV3 msg =

2019

-
 new GeneratedMessageV3() {

2020

-
 @Override

2021

-
 protected FieldAccessorTable internalGetFieldAccessorTable() {

2022

-
 return null;

2023

-
 }

2024 - 2025

-
 @Override

2026

-
 protected Message.Builder newBuilderForType(BuilderParent parent) {

2027

-
 return null;

2028

-
 }

2018

+
 class TestMessage1 extends GeneratedMessageV3 {

2019

+
 @Override

2020

+
 protected FieldAccessorTable internalGetFieldAccessorTable() {

2021

+
 return null;

2022

+
 }

2023 + 2024

+
 @Override

2025

+
 protected Message.Builder newBuilderForType(BuilderParent parent) {

2026

+
 return null;

2027

+
 }

2028 + 2029

+
 @Override

2030

+
 public Message.Builder newBuilderForType() {

2031

+
 return null;

2032

+
 }

2033 + 2034

+
 @Override

2035

+
 public Message.Builder toBuilder() {

2036

+
 return null;

2037

+
 }

2038 + 2039

+
 @Override

2040

+
 public Message getDefaultInstanceForType() {

2041

+
 return null;

2042

+
 }

2043

+
 }

2029 2044 2030

-
 @Override

2031

-
 public Message.Builder newBuilderForType() {

2032

-
 return null;

2033

-
 }

2045

+
 class TestMessage2 extends TestMessage1 {}

2034 2046 2035

-
 @Override

2036

-
 public Message.Builder toBuilder() {

2037

-
 return null;

2038

-
 }

2039 - 2040

-
 @Override

2041

-
 public Message getDefaultInstanceForType() {

2042

-
 return null;

2043

-
 }

2044

-
 };

2047

+
 TestMessage1 msg = new TestMessage1();

2045 2048


 msg.makeExtensionsImmutable();

2046 2049


 List<LogRecord> logs = logHandler.getStoredLogRecords();

2047 2050


 assertThat(logs).hasSize(1);

2048 2051


 String message = logs.get(0).getMessage();

2052

+
 // The generated type

2053

+
 assertThat(message).contains(

2054

+
 "Vulnerable protobuf generated type in use: " +

2055

+
 "com.google.protobuf.GeneratedMessageTest$1TestMessage1");

2049 2056


 assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);

2050 2057


 assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_SILENCE_PROPERTY);

2058 + 2059

+
 // Subsequent calls for the same type do not log again.

2060

+
 msg.makeExtensionsImmutable();

2061

+
 assertThat(logHandler.getStoredLogRecords()).hasSize(1);

2062 + 2063

+
 // A call on a second type does log for that type.

2064

+
 TestMessage2 msg2 = new TestMessage2();

2065

+
 msg2.makeExtensionsImmutable();

2066

+
 assertThat(logHandler.getStoredLogRecords()).hasSize(2);

2067

+
 // And not again (only once per type).

2068

+
 msg2.makeExtensionsImmutable();

2069

+
 assertThat(logHandler.getStoredLogRecords()).hasSize(2);

2051 2070

2052 2071 2053 2072


 @Test


 @@ -2059,7 +2078,14 @@ public void extendableMessage_makeExtensionsImmutableShouldThrow() {

2059 2078


 List<LogRecord> logs = logHandler.getStoredLogRecords();

2060 2079


 assertThat(logs).hasSize(1);

2061 2080


 String message = logs.get(0).getMessage();

2081

+
 assertThat(message).contains(

2082

+
 "Vulnerable protobuf generated type in use: " +

2083

+
 "protobuf_unittest.UnittestProto$TestAllExtensions");

2062 2084


 assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);

2063 2085


 assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_SILENCE_PROPERTY);

2086 + 2087

+
 // Subsequent calls for the same type do not log again.

2088

+
 msg.makeExtensionsImmutable();

2089

+
 assertThat(logHandler.getStoredLogRecords()).hasSize(1);

2064 2090

2065 2091

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4