From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Luna Date: Wed, 31 May 2023 18:14:00 -0300 Subject: [PATCH] Add depth limit to Component deserializer diff --git a/src/main/java/me/totalfreedom/scissors/ScissorsConfig.java b/src/main/java/me/totalfreedom/scissors/ScissorsConfig.java index 39b56ca496ed7369ead21805d476c2b813fcdd1d..9659cff6412584190ff0c32e01f602de4ff7d3b3 100644 --- a/src/main/java/me/totalfreedom/scissors/ScissorsConfig.java +++ b/src/main/java/me/totalfreedom/scissors/ScissorsConfig.java @@ -87,8 +87,8 @@ public class ScissorsConfig config.options().header(HEADER); config.options().copyDefaults(true); - version = getInt("config-version", 4); - set("config-version", 4); + version = getInt("config-version", 5); + set("config-version", 5); readConfig(ScissorsConfig.class, null); } @@ -175,6 +175,12 @@ public class ScissorsConfig excludePlayersFromNbtComponents = getBoolean("excludePlayersFromNbtComponents", false); } + public static int componentDepthLimit = 128; + private static void componentDepthLimit() + { + componentDepthLimit = getInt("componentDepthLimit", 128); + } + private static void set(String path, Object val) { config.set(path, val); diff --git a/src/main/java/net/minecraft/network/chat/Component.java b/src/main/java/net/minecraft/network/chat/Component.java index 9c2c22ee548ad77f0912698f33de5f467f32fb7f..ba2879b25e59290ab81501458414a417c121ed03 100644 --- a/src/main/java/net/minecraft/network/chat/Component.java +++ b/src/main/java/net/minecraft/network/chat/Component.java @@ -26,6 +26,7 @@ import java.util.List; import java.util.Map.Entry; import java.util.Optional; import javax.annotation.Nullable; +import me.totalfreedom.scissors.ScissorsConfig; // Scissors import net.minecraft.ChatFormatting; import net.minecraft.Util; import net.minecraft.network.chat.contents.BlockDataSource; @@ -44,6 +45,7 @@ import net.minecraft.util.GsonHelper; import net.minecraft.util.LowerCaseEnumTypeAdapterFactory; // CraftBukkit start import com.google.common.collect.Streams; +import java.util.regex.Pattern; // Scissors import java.util.stream.Stream; // CraftBukkit end @@ -254,10 +256,16 @@ public interface Component extends Message, FormattedText, Iterable { throw new IllegalStateException("Couldn't get field 'lineStart' for JsonReader", nosuchfieldexception); } }); + private static final Pattern PLACEHOLDER_PATTERN = Pattern.compile("%[0-9]+\\$s"); // Scissors public Serializer() {} - public MutableComponent deserialize(JsonElement jsonelement, Type type, JsonDeserializationContext jsondeserializationcontext) throws JsonParseException { + // Scissors start + private MutableComponent deserialize(JsonElement jsonelement, JsonDeserializationContext jsondeserializationcontext, int depth) throws JsonParseException { + if (depth > ScissorsConfig.componentDepthLimit) { + throw new JsonParseException("Depth limit exceeded"); + } + if (jsonelement.isJsonPrimitive()) { return Component.literal(jsonelement.getAsString()); } else { @@ -266,18 +274,16 @@ public interface Component extends Message, FormattedText, Iterable { if (!jsonelement.isJsonObject()) { if (jsonelement.isJsonArray()) { JsonArray jsonarray = jsonelement.getAsJsonArray(); - // Scissors start if (jsonarray.size() <= 0) { throw new JsonParseException("Unexpected empty array of components"); } - // Scissors end ichatmutablecomponent = null; Iterator iterator = jsonarray.iterator(); while (iterator.hasNext()) { JsonElement jsonelement1 = (JsonElement) iterator.next(); - MutableComponent ichatmutablecomponent1 = this.deserialize(jsonelement1, jsonelement1.getClass(), jsondeserializationcontext); + MutableComponent ichatmutablecomponent1 = this.deserialize(jsonelement1, jsondeserializationcontext, depth + 1); if (ichatmutablecomponent == null) { ichatmutablecomponent = ichatmutablecomponent1; @@ -301,12 +307,17 @@ public interface Component extends Message, FormattedText, Iterable { s = GsonHelper.getAsString(jsonobject, "translate"); String s1 = GsonHelper.getAsString(jsonobject, "fallback", (String) null); + // Penalize depth for placeholders in translate & fallback + long translate_placeholders = PLACEHOLDER_PATTERN.matcher(s).results().count(); + long fallback_placeholders = s1 != null ? PLACEHOLDER_PATTERN.matcher(s1).results().count() : 0; + int penalty = (int)Math.max(translate_placeholders, fallback_placeholders) * 12; + if (jsonobject.has("with")) { JsonArray jsonarray1 = GsonHelper.getAsJsonArray(jsonobject, "with"); Object[] aobject = new Object[jsonarray1.size()]; for (int i = 0; i < aobject.length; ++i) { - aobject[i] = Serializer.unwrapTextArgument(this.deserialize(jsonarray1.get(i), type, jsondeserializationcontext)); + aobject[i] = Serializer.unwrapTextArgument(this.deserialize(jsonarray1.get(i), jsondeserializationcontext, depth + 1 + penalty)); } ichatmutablecomponent = Component.translatableWithFallback(s, s1, aobject); @@ -322,7 +333,7 @@ public interface Component extends Message, FormattedText, Iterable { ichatmutablecomponent = Component.score(GsonHelper.getAsString(jsonobject1, "name"), GsonHelper.getAsString(jsonobject1, "objective")); } else if (jsonobject.has("selector")) { - Optional optional = this.parseSeparator(type, jsondeserializationcontext, jsonobject); + Optional optional = this.parseSeparator(jsondeserializationcontext, jsonobject, depth + 1); ichatmutablecomponent = Component.selector(GsonHelper.getAsString(jsonobject, "selector"), optional); } else if (jsonobject.has("keybind")) { @@ -333,7 +344,7 @@ public interface Component extends Message, FormattedText, Iterable { } s = GsonHelper.getAsString(jsonobject, "nbt"); - Optional optional1 = this.parseSeparator(type, jsondeserializationcontext, jsonobject); + Optional optional1 = this.parseSeparator(jsondeserializationcontext, jsonobject, depth + 1); boolean flag = GsonHelper.getAsBoolean(jsonobject, "interpret", false); Object object; @@ -360,7 +371,7 @@ public interface Component extends Message, FormattedText, Iterable { } for (int j = 0; j < jsonarray2.size(); ++j) { - ichatmutablecomponent.append((Component) this.deserialize(jsonarray2.get(j), type, jsondeserializationcontext)); + ichatmutablecomponent.append((Component) this.deserialize(jsonarray2.get(j), jsondeserializationcontext, depth + 1)); } } @@ -370,6 +381,11 @@ public interface Component extends Message, FormattedText, Iterable { } } + public MutableComponent deserialize(JsonElement jsonelement, Type type, JsonDeserializationContext jsondeserializationcontext) throws JsonParseException { + return this.deserialize(jsonelement, jsondeserializationcontext, 1); + } + // Scissors end + private static Object unwrapTextArgument(Object text) { if (text instanceof Component) { Component ichatbasecomponent = (Component) text; @@ -388,8 +404,10 @@ public interface Component extends Message, FormattedText, Iterable { return text; } - private Optional parseSeparator(Type type, JsonDeserializationContext context, JsonObject json) { - return json.has("separator") ? Optional.of(this.deserialize(json.get("separator"), type, context)) : Optional.empty(); + // Scissors start + private Optional parseSeparator(JsonDeserializationContext context, JsonObject json, int depth) { + return json.has("separator") ? Optional.of(this.deserialize(json.get("separator"), context, depth + 1)) : Optional.empty(); + // Scissors end } private void serializeStyle(Style style, JsonObject json, JsonSerializationContext context) {