From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Focusvity Date: Mon, 5 Feb 2024 19:39:23 +1100 Subject: [PATCH] Add depth limit to Component deserialization diff --git a/src/main/java/net/minecraft/network/chat/Component.java b/src/main/java/net/minecraft/network/chat/Component.java index ba13650b52e39c9cc5cfa421f7720c7d4ba75678..f500b4aa5aaea89a2a878afe70d386f044401be4 100644 --- a/src/main/java/net/minecraft/network/chat/Component.java +++ b/src/main/java/net/minecraft/network/chat/Component.java @@ -3,9 +3,11 @@ package net.minecraft.network.chat; import com.google.common.collect.Lists; import com.google.gson.Gson; import com.google.gson.GsonBuilder; +import com.google.gson.JsonArray; import com.google.gson.JsonDeserializationContext; import com.google.gson.JsonDeserializer; import com.google.gson.JsonElement; +import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; import com.google.gson.JsonSerializationContext; @@ -13,6 +15,7 @@ import com.google.gson.JsonSerializer; import com.google.gson.stream.JsonReader; import com.mojang.brigadier.Message; import com.mojang.serialization.JsonOps; + import java.io.StringReader; import java.lang.reflect.Type; import java.util.ArrayList; @@ -24,6 +27,7 @@ import java.util.Optional; import java.util.UUID; import javax.annotation.Nullable; +import me.totalfreedom.scissors.ScissorsConfig; // Scissors import net.minecraft.ChatFormatting; import net.minecraft.Util; import net.minecraft.network.chat.contents.DataSource; @@ -35,8 +39,10 @@ import net.minecraft.network.chat.contents.SelectorContents; import net.minecraft.network.chat.contents.TranslatableContents; import net.minecraft.resources.ResourceLocation; import net.minecraft.util.FormattedCharSequence; +import net.minecraft.util.GsonHelper; import net.minecraft.world.level.ChunkPos; // CraftBukkit start +import java.util.regex.Pattern; // Scissors import java.util.stream.Stream; // CraftBukkit end @@ -272,7 +278,8 @@ public interface Component extends Message, FormattedText, Iterable { public static class SerializerAdapter implements JsonDeserializer, JsonSerializer { - public SerializerAdapter() {} + public SerializerAdapter() { + } public MutableComponent deserialize(JsonElement jsonelement, Type type, JsonDeserializationContext jsondeserializationcontext) throws JsonParseException { return Component.Serializer.deserialize(jsonelement); @@ -286,10 +293,66 @@ public interface Component extends Message, FormattedText, Iterable { public static class Serializer { private static final Gson GSON = (new GsonBuilder()).disableHtmlEscaping().create(); + private static final Pattern PLACEHOLDER_PATTERN = Pattern.compile("%[0-9]+\\$s"); // Scissors + + private Serializer() { + } - private Serializer() {} + // Scissors start + static int depthChecker(int depth) { + depth = depth + 1; + if (depth > ScissorsConfig.componentDepthLimit) { + throw new JsonParseException("Depth limit exceeded"); + } + return depth; + } + + static int getPenalty(String string) { + if (PLACEHOLDER_PATTERN.matcher(string).find()) { + long translate_placeholders = PLACEHOLDER_PATTERN.matcher(string).results().count(); + return (int) translate_placeholders * 12; + } + return 0; + } static MutableComponent deserialize(JsonElement json) { + int depth = 1; + if (!json.isJsonPrimitive()) { + if (!json.isJsonObject()) { + if (json.isJsonArray()) { + JsonArray jsonArray = json.getAsJsonArray(); + if (jsonArray.size() <= 0) throw new JsonParseException("Unexpected empty array of components"); + + for (JsonElement ignored : jsonArray) { + depth = depthChecker(depth); + } + } + } else { + JsonObject jsonObject = json.getAsJsonObject(); + if (jsonObject.has("translate")) { + String s = GsonHelper.getAsString(jsonObject, "translate"); + int penalty = getPenalty(s); + depth = depthChecker(depth + penalty); + + if (jsonObject.has("with")) { + String s1 = GsonHelper.getAsJsonArray(jsonObject, "with").toString(); + penalty = getPenalty(s1); + depth = depthChecker(depth + penalty); + } + } + + if (jsonObject.has("extra")) { + JsonArray jsonArray = GsonHelper.getAsJsonArray(jsonObject, "extra"); + if (jsonArray.size() <= 0) throw new JsonParseException("Unexpected empty array of components"); + + for (JsonElement ignored : jsonArray) { + depth = depthChecker(depth); + } + } + } + } + // Scissors end + return (MutableComponent) Util.getOrThrow(ComponentSerialization.CODEC.parse(JsonOps.INSTANCE, json), JsonParseException::new); }