You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "sonatype-lift[bot] (via GitHub)" <gi...@apache.org> on 2023/05/22 04:32:27 UTC
[GitHub] [solr] sonatype-lift[bot] commented on a diff in pull request #1654: SOLR-16810: Under certain situations Solr produces managed schema XML that cannot be loaded

sonatype-lift[bot] commented on code in PR #1654:
URL: https://github.com/apache/solr/pull/1654#discussion_r1199943926


##########
solr/solrj/src/java/org/apache/solr/common/util/XML.java:
##########
@@ -164,7 +212,44 @@ private static void escape(char[] chars, int offset, int length, Writer out, Str
     }
   }
 
+  private static final Pattern toEscPattern =
+      Pattern.compile("([^#]|^)(#*)(?:(([0-9]{1,2});)|([\0-\37]))");
+
+  /**
+   * Replace any character control c with value less than 32 #nn; where nn is the decimal
+   * representation of c. Since this encoding will be ambiguous with literal '#nn;', any occurrence
+   * of '#' is repeated. Now this will become ambiguous with '#'s preceding control characters. They
+   * are also repeated. Thus, when the number of consecutive '#' is even then they are literal '#'s
+   * and when it is odd, the last '#' should be considered encoding of control characters.
+   *
+   * <p>Also replace characters like '#' into "&qout;" etc.
+   *
+   * @param str Input string
+   * @param out Output writer to write into
+   * @param escapes Escape character map
+   * @throws IOException If write operation fails
+   */
   private static void escape(String str, Writer out, String[] escapes) throws IOException {
+    Matcher m = toEscPattern.matcher(str);
+    if (m.find()) {
+      StringBuilder sb = new StringBuilder();
+      do {
+        m.appendReplacement(sb, m.group(1));
+        sb.append(m.group(2));
+        String g3 = m.group(3);
+        if (g3 != null) {
+          if (Integer.parseInt(m.group(4)) < 32) {
+            sb.append(m.group(2));
+          }
+          sb.append(g3);
+        } else {
+          sb.append(m.group(2));
+          sb.append(escapes[m.group(5).charAt(0)]);

Review Comment:
   <picture><img alt="15% of developers fix this issue" src="https://lift.sonatype.com/api/commentimage/fixrate/15/display.svg"></picture>
   
   <b>*NULL_DEREFERENCE:</b>*  object returned by `m.group(5)` could be null and is dereferenced at line 247.
   
   ---
   
   <details><summary>ℹ️ Expand to see all <b>@sonatype-lift</b> commands</summary>
   
   You can reply with the following commands. For example, reply with ***@sonatype-lift ignoreall*** to leave out all findings.
   | **Command** | **Usage** |
   | ------------- | ------------- |
   | `@sonatype-lift ignore` | Leave out the above finding from this PR |
   | `@sonatype-lift ignoreall` | Leave out all the existing findings from this PR |
   | `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified `file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
   
   **Note:** When talking to LiftBot, you need to **refresh** the page to see its response.
   <sub>[Click here](https://github.com/apps/sonatype-lift/installations/new) to add LiftBot to another repo.</sub></details>
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org