From 524974deec46f437a2e46f490be556c802635774 Mon Sep 17 00:00:00 2001 From: miloyip Date: Sun, 3 May 2015 21:58:55 +0800 Subject: [PATCH] Add Validation of UTF-8 sequence for percent encoding, also improves coverage --- include/rapidjson/pointer.h | 4 ++-- test/unittest/pointertest.cpp | 27 +++++++++++++++++++++++---- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/include/rapidjson/pointer.h b/include/rapidjson/pointer.h index cd685f0..7ba5174 100644 --- a/include/rapidjson/pointer.h +++ b/include/rapidjson/pointer.h @@ -429,7 +429,7 @@ private: GenericInsituStringStream os(name); Ch* begin = os.PutBegin(); Transcoder, EncodingType> transcoder; - if (!transcoder.Transcode(is, os) || !is.IsValid()) { + if (!transcoder.Validate(is, os) || !is.IsValid()) { parseErrorCode_ = kPointerParseErrorInvalidPercentEncoding; goto error; } @@ -538,7 +538,7 @@ private: GenericStringStream source(&t->name[j]); PercentEncodeStream target(os); Transcoder > transcoder; - if (!transcoder.Transcode(source, target)) + if (!transcoder.Validate(source, target)) return false; j += source.Tell() - 1; } diff --git a/test/unittest/pointertest.cpp b/test/unittest/pointertest.cpp index d74d75f..cc067e7 100644 --- a/test/unittest/pointertest.cpp +++ b/test/unittest/pointertest.cpp @@ -340,7 +340,7 @@ TEST(Pointer, Parse_URIFragment) { } { - // kPointerParseErrorInvalidPercentEncoding + // kPointerParseErrorInvalidPercentEncoding (invalid hex) Pointer p("#/%g0"); EXPECT_FALSE(p.IsValid()); EXPECT_EQ(kPointerParseErrorInvalidPercentEncoding, p.GetParseErrorCode()); @@ -348,13 +348,21 @@ TEST(Pointer, Parse_URIFragment) { } { - // kPointerParseErrorInvalidPercentEncoding + // kPointerParseErrorInvalidPercentEncoding (invalid hex) Pointer p("#/%0g"); EXPECT_FALSE(p.IsValid()); EXPECT_EQ(kPointerParseErrorInvalidPercentEncoding, p.GetParseErrorCode()); EXPECT_EQ(2u, p.GetParseErrorOffset()); } + { + // kPointerParseErrorInvalidPercentEncoding (incomplete UTF-8 sequence) + Pointer p("#/%C2"); + EXPECT_FALSE(p.IsValid()); + EXPECT_EQ(kPointerParseErrorInvalidPercentEncoding, p.GetParseErrorCode()); + EXPECT_EQ(2u, p.GetParseErrorOffset()); + } + { // kPointerParseErrorCharacterMustPercentEncode Pointer p("#/ "); @@ -395,16 +403,23 @@ TEST(Pointer, Stringify) { for (size_t i = 0; i < sizeof(sources) / sizeof(sources[0]); i++) { Pointer p(sources[i]); StringBuffer s; - p.Stringify(s); + EXPECT_TRUE(p.Stringify(s)); EXPECT_STREQ(sources[i], s.GetString()); // Stringify to URI fragment StringBuffer s2; - p.StringifyUriFragment(s2); + EXPECT_TRUE(p.StringifyUriFragment(s2)); Pointer p2(s2.GetString(), s2.GetSize()); EXPECT_TRUE(p2.IsValid()); EXPECT_TRUE(p == p2); } + + { + // Strigify to URI fragment with an invalid UTF-8 sequence + Pointer p("/\xC2"); + StringBuffer s; + EXPECT_FALSE(p.StringifyUriFragment(s)); + } } // Construct a Pointer with static tokens, no dynamic allocation involved. @@ -552,6 +567,10 @@ TEST(Pointer, Get) { EXPECT_EQ(&d[" "], Pointer("/ ").Get(d)); EXPECT_EQ(&d["m~n"], Pointer("/m~0n").Get(d)); EXPECT_TRUE(Pointer("/abc").Get(d) == 0); + EXPECT_TRUE(Pointer("/foo/2").Get(d) == 0); // Out of boundary + EXPECT_TRUE(Pointer("/foo/a").Get(d) == 0); // "/foo" is an array, cannot query by "a" + EXPECT_TRUE(Pointer("/foo/0/0").Get(d) == 0); // "/foo/0" is an string, cannot further query + EXPECT_TRUE(Pointer("/foo/0/a").Get(d) == 0); // "/foo/0" is an string, cannot further query } TEST(Pointer, GetWithDefault) {