From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Telesphoreo Date: Fri, 14 Jun 2024 19:01:14 -0500 Subject: [PATCH] Add depth limit to Component deserialization diff --git a/src/main/java/net/minecraft/network/chat/Component.java b/src/main/java/net/minecraft/network/chat/Component.java index 3b075dcb6bda40b278296fc8750f2af90c13acc4..a0c3c4faa8c80c880340e0150e16223ac0b5e5a0 100644 --- a/src/main/java/net/minecraft/network/chat/Component.java +++ b/src/main/java/net/minecraft/network/chat/Component.java @@ -1,15 +1,7 @@ package net.minecraft.network.chat; import com.google.common.collect.Lists; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonDeserializationContext; -import com.google.gson.JsonDeserializer; -import com.google.gson.JsonElement; -import com.google.gson.JsonParseException; -import com.google.gson.JsonParser; -import com.google.gson.JsonSerializationContext; -import com.google.gson.JsonSerializer; +import com.google.gson.*; import com.google.gson.stream.JsonReader; import com.mojang.brigadier.Message; import com.mojang.serialization.JsonOps; @@ -24,6 +16,7 @@ import java.util.Optional; import java.util.UUID; import javax.annotation.Nullable; +import me.totalfreedom.scissors.ScissorsConfig; import net.minecraft.ChatFormatting; import net.minecraft.core.HolderLookup; import net.minecraft.network.chat.contents.DataSource; @@ -35,8 +28,10 @@ import net.minecraft.network.chat.contents.SelectorContents; import net.minecraft.network.chat.contents.TranslatableContents; import net.minecraft.resources.ResourceLocation; import net.minecraft.util.FormattedCharSequence; +import net.minecraft.util.GsonHelper; import net.minecraft.world.level.ChunkPos; // CraftBukkit start +import java.util.regex.Pattern; import java.util.stream.Stream; // CraftBukkit end @@ -286,10 +281,70 @@ public interface Component extends Message, FormattedText, Iterable { public static class Serializer { private static final Gson GSON = (new GsonBuilder()).disableHtmlEscaping().create(); + private static final Pattern PLACEHOLDER_PATTERN = Pattern.compile("%[0-9]+\\$s"); // Scissors private Serializer() {} + // Scissors start + static int depthChecker(int depth) { + depth = depth + 1; + if (depth > ScissorsConfig.componentDepthLimit) { + throw new JsonParseException("Depth limit exceeded"); + } + return depth; + } + + static int getPenalty(String string) { + if (PLACEHOLDER_PATTERN.matcher(string).find()) { + long translate_placeholders = PLACEHOLDER_PATTERN.matcher(string).results().count(); + return (int) translate_placeholders * 12; + } + return 0; + } + static MutableComponent deserialize(JsonElement json, HolderLookup.Provider registries) { + int depth = 1; + if (!json.isJsonPrimitive()) { + if (!json.isJsonObject()) { + if (json.isJsonArray()) { + JsonArray jsonArray = json.getAsJsonArray(); + if (jsonArray.size() <= 0) { + throw new JsonParseException("Unexpected empty array of components"); + } + + for (JsonElement ignored : jsonArray) { + depth = depthChecker(depth); + } + } + } + else + { + JsonObject jsonObject = json.getAsJsonObject(); + if (jsonObject.has("translate")) { + String s = GsonHelper.getAsString(jsonObject, "translate"); + int penalty = getPenalty(s); + depth = depthChecker(depth + penalty); + + if (jsonObject.has("with")) { + String s1 = GsonHelper.getAsJsonArray(jsonObject, "with").toString(); + penalty = getPenalty(s1); + depth = depthChecker(depth + penalty); + } + } + + if (jsonObject.has("extra")) { + JsonArray jsonArray = GsonHelper.getAsJsonArray(jsonObject, "extra"); + if (jsonArray.size() <= 0) { + throw new JsonParseException("Unexpected empty array of components"); + } + + for (JsonElement ignored : jsonArray) { + depth = depthChecker(depth); + } + } + } + } + // Scissors end return (MutableComponent) ComponentSerialization.CODEC.parse(registries.createSerializationContext(JsonOps.INSTANCE), json).getOrThrow(JsonParseException::new); }