Scissors/patches/server/0039-Add-depth-limit-to-Component-deserialization.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Telesphoreo <me@telesphoreo.me>
Date: Fri, 14 Jun 2024 19:01:14 -0500
Subject: [PATCH] Add depth limit to Component deserialization


diff --git a/src/main/java/net/minecraft/network/chat/Component.java b/src/main/java/net/minecraft/network/chat/Component.java
index 3b075dcb6bda40b278296fc8750f2af90c13acc4..a0c3c4faa8c80c880340e0150e16223ac0b5e5a0 100644
--- a/src/main/java/net/minecraft/network/chat/Component.java
+++ b/src/main/java/net/minecraft/network/chat/Component.java
@@ -1,15 +1,7 @@
 package net.minecraft.network.chat;
 
 import com.google.common.collect.Lists;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializationContext;
-import com.google.gson.JsonDeserializer;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonParseException;
-import com.google.gson.JsonParser;
-import com.google.gson.JsonSerializationContext;
-import com.google.gson.JsonSerializer;
+import com.google.gson.*;
 import com.google.gson.stream.JsonReader;
 import com.mojang.brigadier.Message;
 import com.mojang.serialization.JsonOps;
@@ -24,6 +16,7 @@ import java.util.Optional;
 import java.util.UUID;
 import javax.annotation.Nullable;
 
+import me.totalfreedom.scissors.ScissorsConfig;
 import net.minecraft.ChatFormatting;
 import net.minecraft.core.HolderLookup;
 import net.minecraft.network.chat.contents.DataSource;
@@ -35,8 +28,10 @@ import net.minecraft.network.chat.contents.SelectorContents;
 import net.minecraft.network.chat.contents.TranslatableContents;
 import net.minecraft.resources.ResourceLocation;
 import net.minecraft.util.FormattedCharSequence;
+import net.minecraft.util.GsonHelper;
 import net.minecraft.world.level.ChunkPos;
 // CraftBukkit start
+import java.util.regex.Pattern;
 import java.util.stream.Stream;
 // CraftBukkit end
 
@@ -286,10 +281,70 @@ public interface Component extends Message, FormattedText, Iterable<Component> {
     public static class Serializer {
 
         private static final Gson GSON = (new GsonBuilder()).disableHtmlEscaping().create();
+        private static final Pattern PLACEHOLDER_PATTERN = Pattern.compile("%[0-9]+\\$s"); // Scissors
 
         private Serializer() {}
 
+        // Scissors start
+        static int depthChecker(int depth) {
+            depth = depth + 1;
+            if (depth > ScissorsConfig.componentDepthLimit) {
+                throw new JsonParseException("Depth limit exceeded");
+            }
+            return depth;
+        }
+
+        static int getPenalty(String string) {
+            if (PLACEHOLDER_PATTERN.matcher(string).find()) {
+                long translate_placeholders = PLACEHOLDER_PATTERN.matcher(string).results().count();
+                return (int) translate_placeholders * 12;
+            }
+            return 0;
+        }
+
         static MutableComponent deserialize(JsonElement json, HolderLookup.Provider registries) {
+            int depth = 1;
+            if (!json.isJsonPrimitive()) {
+                if (!json.isJsonObject()) {
+                    if (json.isJsonArray()) {
+                        JsonArray jsonArray = json.getAsJsonArray();
+                        if (jsonArray.size() <= 0) {
+                            throw new JsonParseException("Unexpected empty array of components");
+                        }
+
+                        for (JsonElement ignored : jsonArray) {
+                            depth = depthChecker(depth);
+                        }
+                    }
+                }
+                else
+                {
+                    JsonObject jsonObject = json.getAsJsonObject();
+                    if (jsonObject.has("translate")) {
+                        String s = GsonHelper.getAsString(jsonObject, "translate");
+                        int penalty = getPenalty(s);
+                        depth = depthChecker(depth + penalty);
+
+                        if (jsonObject.has("with")) {
+                            String s1 = GsonHelper.getAsJsonArray(jsonObject, "with").toString();
+                            penalty = getPenalty(s1);
+                            depth = depthChecker(depth + penalty);
+                        }
+                    }
+
+                    if (jsonObject.has("extra")) {
+                        JsonArray jsonArray = GsonHelper.getAsJsonArray(jsonObject, "extra");
+                        if (jsonArray.size() <= 0) {
+                            throw new JsonParseException("Unexpected empty array of components");
+                        }
+
+                        for (JsonElement ignored : jsonArray) {
+                            depth = depthChecker(depth);
+                        }
+                    }
+                }
+            }
+            // Scissors end
             return (MutableComponent) ComponentSerialization.CODEC.parse(registries.createSerializationContext(JsonOps.INSTANCE), json).getOrThrow(JsonParseException::new);
         }
Add rest of patches 2024-06-15 00:09:16 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Telesphoreo <me@telesphoreo.me>`
			`Date: Fri, 14 Jun 2024 19:01:14 -0500`
			`Subject: [PATCH] Add depth limit to Component deserialization`


			`diff --git a/src/main/java/net/minecraft/network/chat/Component.java b/src/main/java/net/minecraft/network/chat/Component.java`
			`index 3b075dcb6bda40b278296fc8750f2af90c13acc4..a0c3c4faa8c80c880340e0150e16223ac0b5e5a0 100644`
			`--- a/src/main/java/net/minecraft/network/chat/Component.java`
			`+++ b/src/main/java/net/minecraft/network/chat/Component.java`
			`@@ -1,15 +1,7 @@`
			`package net.minecraft.network.chat;`

			`import com.google.common.collect.Lists;`
			`-import com.google.gson.Gson;`
			`-import com.google.gson.GsonBuilder;`
			`-import com.google.gson.JsonDeserializationContext;`
			`-import com.google.gson.JsonDeserializer;`
			`-import com.google.gson.JsonElement;`
			`-import com.google.gson.JsonParseException;`
			`-import com.google.gson.JsonParser;`
			`-import com.google.gson.JsonSerializationContext;`
			`-import com.google.gson.JsonSerializer;`
			`+import com.google.gson.*;`
			`import com.google.gson.stream.JsonReader;`
			`import com.mojang.brigadier.Message;`
			`import com.mojang.serialization.JsonOps;`
			`@@ -24,6 +16,7 @@ import java.util.Optional;`
			`import java.util.UUID;`
			`import javax.annotation.Nullable;`

			`+import me.totalfreedom.scissors.ScissorsConfig;`
			`import net.minecraft.ChatFormatting;`
			`import net.minecraft.core.HolderLookup;`
			`import net.minecraft.network.chat.contents.DataSource;`
			`@@ -35,8 +28,10 @@ import net.minecraft.network.chat.contents.SelectorContents;`
			`import net.minecraft.network.chat.contents.TranslatableContents;`
			`import net.minecraft.resources.ResourceLocation;`
			`import net.minecraft.util.FormattedCharSequence;`
			`+import net.minecraft.util.GsonHelper;`
			`import net.minecraft.world.level.ChunkPos;`
			`// CraftBukkit start`
			`+import java.util.regex.Pattern;`
			`import java.util.stream.Stream;`
			`// CraftBukkit end`

			`@@ -286,10 +281,70 @@ public interface Component extends Message, FormattedText, Iterable<Component> {`
			`public static class Serializer {`

			`private static final Gson GSON = (new GsonBuilder()).disableHtmlEscaping().create();`
			`+ private static final Pattern PLACEHOLDER_PATTERN = Pattern.compile("%[0-9]+\\$s"); // Scissors`

			`private Serializer() {}`

			`+ // Scissors start`
			`+ static int depthChecker(int depth) {`
			`+ depth = depth + 1;`
			`+ if (depth > ScissorsConfig.componentDepthLimit) {`
			`+ throw new JsonParseException("Depth limit exceeded");`
			`+ }`
			`+ return depth;`
			`+ }`
			`+`
			`+ static int getPenalty(String string) {`
			`+ if (PLACEHOLDER_PATTERN.matcher(string).find()) {`
			`+ long translate_placeholders = PLACEHOLDER_PATTERN.matcher(string).results().count();`
			`+ return (int) translate_placeholders * 12;`
			`+ }`
			`+ return 0;`
			`+ }`
			`+`
			`static MutableComponent deserialize(JsonElement json, HolderLookup.Provider registries) {`
			`+ int depth = 1;`
			`+ if (!json.isJsonPrimitive()) {`
			`+ if (!json.isJsonObject()) {`
			`+ if (json.isJsonArray()) {`
			`+ JsonArray jsonArray = json.getAsJsonArray();`
			`+ if (jsonArray.size() <= 0) {`
			`+ throw new JsonParseException("Unexpected empty array of components");`
			`+ }`
			`+`
			`+ for (JsonElement ignored : jsonArray) {`
			`+ depth = depthChecker(depth);`
			`+ }`
			`+ }`
			`+ }`
			`+ else`
			`+ {`
			`+ JsonObject jsonObject = json.getAsJsonObject();`
			`+ if (jsonObject.has("translate")) {`
			`+ String s = GsonHelper.getAsString(jsonObject, "translate");`
			`+ int penalty = getPenalty(s);`
			`+ depth = depthChecker(depth + penalty);`
			`+`
			`+ if (jsonObject.has("with")) {`
			`+ String s1 = GsonHelper.getAsJsonArray(jsonObject, "with").toString();`
			`+ penalty = getPenalty(s1);`
			`+ depth = depthChecker(depth + penalty);`
			`+ }`
			`+ }`
			`+`
			`+ if (jsonObject.has("extra")) {`
			`+ JsonArray jsonArray = GsonHelper.getAsJsonArray(jsonObject, "extra");`
			`+ if (jsonArray.size() <= 0) {`
			`+ throw new JsonParseException("Unexpected empty array of components");`
			`+ }`
			`+`
			`+ for (JsonElement ignored : jsonArray) {`
			`+ depth = depthChecker(depth);`
			`+ }`
			`+ }`
			`+ }`
			`+ }`
			`+ // Scissors end`
			`return (MutableComponent) ComponentSerialization.CODEC.parse(registries.createSerializationContext(JsonOps.INSTANCE), json).getOrThrow(JsonParseException::new);`
			`}`