Scissors/patches/server/0050-Add-depth-limit-to-Component-deserialization.patch
2024-02-18 12:44:06 -06:00

116 lines
4.9 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Focusvity <nathan.curran10012@gmail.com>
Date: Mon, 5 Feb 2024 19:39:23 +1100
Subject: [PATCH] Add depth limit to Component deserialization
diff --git a/src/main/java/net/minecraft/network/chat/Component.java b/src/main/java/net/minecraft/network/chat/Component.java
index ba13650b52e39c9cc5cfa421f7720c7d4ba75678..df3c03aeaee5c12c5d57584535c9c7aa01be7dd3 100644
--- a/src/main/java/net/minecraft/network/chat/Component.java
+++ b/src/main/java/net/minecraft/network/chat/Component.java
@@ -3,9 +3,11 @@ package net.minecraft.network.chat;
import com.google.common.collect.Lists;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
+import com.google.gson.JsonArray;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import com.google.gson.JsonSerializationContext;
@@ -13,6 +15,7 @@ import com.google.gson.JsonSerializer;
import com.google.gson.stream.JsonReader;
import com.mojang.brigadier.Message;
import com.mojang.serialization.JsonOps;
+
import java.io.StringReader;
import java.lang.reflect.Type;
import java.util.ArrayList;
@@ -24,6 +27,7 @@ import java.util.Optional;
import java.util.UUID;
import javax.annotation.Nullable;
+import me.totalfreedom.scissors.ScissorsConfig; // Scissors
import net.minecraft.ChatFormatting;
import net.minecraft.Util;
import net.minecraft.network.chat.contents.DataSource;
@@ -35,8 +39,10 @@ import net.minecraft.network.chat.contents.SelectorContents;
import net.minecraft.network.chat.contents.TranslatableContents;
import net.minecraft.resources.ResourceLocation;
import net.minecraft.util.FormattedCharSequence;
+import net.minecraft.util.GsonHelper;
import net.minecraft.world.level.ChunkPos;
// CraftBukkit start
+import java.util.regex.Pattern; // Scissors
import java.util.stream.Stream;
// CraftBukkit end
@@ -286,10 +292,65 @@ public interface Component extends Message, FormattedText, Iterable<Component> {
public static class Serializer {
private static final Gson GSON = (new GsonBuilder()).disableHtmlEscaping().create();
+ private static final Pattern PLACEHOLDER_PATTERN = Pattern.compile("%[0-9]+\\$s"); // Scissors
private Serializer() {}
+ // Scissors start
+ static int depthChecker(int depth) {
+ depth = depth + 1;
+ if (depth > ScissorsConfig.componentDepthLimit) {
+ throw new JsonParseException("Depth limit exceeded");
+ }
+ return depth;
+ }
+
+ static int getPenalty(String string) {
+ if (PLACEHOLDER_PATTERN.matcher(string).find()) {
+ long translate_placeholders = PLACEHOLDER_PATTERN.matcher(string).results().count();
+ return (int) translate_placeholders * 12;
+ }
+ return 0;
+ }
+
static MutableComponent deserialize(JsonElement json) {
+ int depth = 1;
+ if (!json.isJsonPrimitive()) {
+ if (!json.isJsonObject()) {
+ if (json.isJsonArray()) {
+ JsonArray jsonArray = json.getAsJsonArray();
+ if (jsonArray.size() <= 0) throw new JsonParseException("Unexpected empty array of components");
+
+ for (JsonElement ignored : jsonArray) {
+ depth = depthChecker(depth);
+ }
+ }
+ } else {
+ JsonObject jsonObject = json.getAsJsonObject();
+ if (jsonObject.has("translate")) {
+ String s = GsonHelper.getAsString(jsonObject, "translate");
+ int penalty = getPenalty(s);
+ depth = depthChecker(depth + penalty);
+
+ if (jsonObject.has("with")) {
+ String s1 = GsonHelper.getAsJsonArray(jsonObject, "with").toString();
+ penalty = getPenalty(s1);
+ depth = depthChecker(depth + penalty);
+ }
+ }
+
+ if (jsonObject.has("extra")) {
+ JsonArray jsonArray = GsonHelper.getAsJsonArray(jsonObject, "extra");
+ if (jsonArray.size() <= 0) throw new JsonParseException("Unexpected empty array of components");
+
+ for (JsonElement ignored : jsonArray) {
+ depth = depthChecker(depth);
+ }
+ }
+ }
+ }
+ // Scissors end
+
return (MutableComponent) Util.getOrThrow(ComponentSerialization.CODEC.parse(JsonOps.INSTANCE, json), JsonParseException::new);
}