You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Benjamin Marwell (Jira)" <ji...@apache.org> on 2020/03/29 14:00:00 UTC
[jira] [Commented] (SHIRO-530) INI parser does not properly handled
backslashes at end of values
[ https://issues.apache.org/jira/browse/SHIRO-530?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17070350#comment-17070350 ]
Benjamin Marwell commented on SHIRO-530:
----------------------------------------
[~bdemers] please close this, it is invalid. Code is from 2010-10-12.
In file {color:#0747a6}{{IniTest.groovy}}{color}:
{code:java}
@Test
public void testIsContinued() {
//no slashes
String line = "prop = value ";
assertFalse(Ini.Section.isContinued(line));
//1 slash (odd number, but edge case):
line = "prop = value" + Ini.ESCAPE_TOKEN;
assertTrue(Ini.Section.isContinued(line));
//2 slashes = even number
line = "prop = value" + Ini.ESCAPE_TOKEN + Ini.ESCAPE_TOKEN;
assertFalse(Ini.Section.isContinued(line));
//3 slashes = odd number
line = "prop = value" + Ini.ESCAPE_TOKEN + Ini.ESCAPE_TOKEN + Ini.ESCAPE_TOKEN;
assertTrue(Ini.Section.isContinued(line));
}
{code}
In file {color:#0747a6}{{Ini.java}}{color}:
{code:java}
private static Map<String, String> toMapProps(String content) {
Map<String, String> props = new LinkedHashMap<String, String>();
String line;
StringBuilder lineBuffer = new StringBuilder();
Scanner scanner = new Scanner(content);
while (scanner.hasNextLine()) {
line = StringUtils.clean(scanner.nextLine());
if (isContinued(line)) {
//strip off the last continuation backslash:
line = line.substring(0, line.length() - 1);
lineBuffer.append(line);
continue;
} else {
lineBuffer.append(line);
}
line = lineBuffer.toString();
lineBuffer = new StringBuilder();
String[] kvPair = splitKeyValue(line);
props.put(kvPair[0], kvPair[1]);
}
return props;
}
{code}
I added another test to make sure, but the coverage did not change.
{code:java}
@Test
public void shouldContinue() {
String test =
"prop1 = value1, \\" + NL +
"value2";
Ini ini = new Ini();
ini.load(test);
assertNotNull(ini.getSections());
assertEquals(1, ini.getSections().size());
Ini.Section section = ini.getSections().iterator().next();
assertEquals(Ini.DEFAULT_SECTION_NAME, section.getName());
assertFalse(section.isEmpty());
assertEquals(1, section.size());
assertThat(section.get("prop1"), containsString("value1,"))
assertThat(section.get("prop1"), containsString("value2"))
}
{code}
> INI parser does not properly handled backslashes at end of values
> -----------------------------------------------------------------
>
> Key: SHIRO-530
> URL: https://issues.apache.org/jira/browse/SHIRO-530
> Project: Shiro
> Issue Type: Bug
> Components: Configuration
> Affects Versions: 1.2.3
> Reporter: atomicknight
> Priority: Major
>
> The backslash character is overloaded for use as a continuation delimiter as well as an escape character. However, the parsing logic does not presently handle this character consistently, which prevents the use of odd numbers of backslashes at the end of values. Here is a matrix of examples:
> ||Original value||Parsed value||Notes||
> |{noformat}
> key=value\
> {noformat}|{noformat}
> key=value
> {noformat}|Backslash treated as continuation delimiter|
> |{noformat}
> key=value\\
> {noformat}|{noformat}
> key=value\\
> {noformat}|Backslashes treated as literal characters|
> |{noformat}
> key=value\\\
> {noformat}|{noformat}
> key=value\\
> {noformat}|Final backslash treated as continuation delimiter, other backslashes treated as literal characters|
> |{noformat}
> key=value\\\\
> {noformat}|{noformat}
> key=value\\\\
> {noformat}|Backslashes treated as literal characters|
> There is a comment in Ini.Section#isContinued(String) that states:
> {quote}
> //find the number of backslashes at the end of the line. If an even number, the
> //backslashes are considered escaped. If an odd number, the line is considered continued on the next line
> {quote}
> However, there is no unescaping logic in either Ini.Section#toMapProps(String) (which calls #isContinued) or IniSection#splitKeyValue(String).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)