Skip to content

Commit

Permalink
Merge pull request Querz#30 from Querz/Marcono1234-inconsistencies-fix
Browse files Browse the repository at this point in the history
add nesting description to README
  • Loading branch information
Querz authored Jan 29, 2019
2 parents e7d7613 + 7cae36d commit 66ce529
Show file tree
Hide file tree
Showing 23 changed files with 184 additions and 137 deletions.
15 changes: 15 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,16 @@ ListTag<FloatTag> fl = new ListTag<>(FloatTag.class);
fl.add(new FloatTag(1.234f);
fl.addFloat(5.678f);
```

#### Nesting
All methods serializing instances or deserializing data track the nesting levels to prevent circular references or malicious data which could, when deserialized, result in thousands of instances causing a denial of service.

These methods have a parameter for the maximum nesting depth they are allowed to traverse. A value of `0` means that only the object itself, but no nested object may be processed.

If an instance is nested further than allowed, a [MaxDepthReachedException](src/main/java/net/querz/nbt/MaxDepthReachedException.java) will be thrown. A negative maximum depth will cause an `IllegalArgumentException`.

Some methods do not provide a parameter to specify the maximum depth, but instead use `Tag.DEFAULT_MAX_DEPTH` (`512`) which is also the maximum used in Minecraft.

---
### Utility
There are several utility methods to make your life easier if you use this library.
Expand Down Expand Up @@ -124,3 +134,8 @@ To be able to use a custom tag with deserialization, a `Supplier` and the custom
```java
TagFactory.registerCustomTag(90, ObjectTag::new, ObjectTag.class);
```
#### Nesting
As mentioned before, serialization and deserialization methods are provided with a parameter indicating the maximum processing depth of the structure. This is not guaranteed when using custom tags, it is the responsibility of the creator of that custom tag to call `Tag#decrementMaxDepth(int)` to correctly update the nesting depth.
It is also highly encouraged to document the custom tag behaviour when it does so to make users aware of the possible exceptions thrown by `Tag#decrementMaxDepth(int)`.
2 changes: 1 addition & 1 deletion src/main/java/net/querz/nbt/ArrayTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ public void setValue(T value) {
}

@Override
public String valueToString(int depth) {
public String valueToString(int maxDepth) {
return arrayToString("", "");
}

Expand Down
7 changes: 3 additions & 4 deletions src/main/java/net/querz/nbt/ByteArrayTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.lang.reflect.Array;
import java.util.Arrays;

public class ByteArrayTag extends ArrayTag<byte[]> implements Comparable<ByteArrayTag> {
Expand All @@ -19,20 +18,20 @@ public ByteArrayTag(byte[] value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeInt(length());
dos.write(getValue());
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
int length = dis.readInt();
setValue(new byte[length]);
dis.readFully(getValue());
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return arrayToString("B", "b");
}

Expand Down
6 changes: 3 additions & 3 deletions src/main/java/net/querz/nbt/ByteTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,17 @@ public void setValue(byte value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeByte(getValue());
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
setValue(dis.readByte());
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return getValue() + "b";
}

Expand Down
18 changes: 9 additions & 9 deletions src/main/java/net/querz/nbt/CompoundTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -226,46 +226,46 @@ public Tag<?> putLongArray(String key, long[] value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
for (Map.Entry<String, Tag<?>> e : getValue().entrySet()) {
e.getValue().serialize(dos, e.getKey(), decrementDepth(depth));
e.getValue().serialize(dos, e.getKey(), decrementMaxDepth(maxDepth));
}
EndTag.INSTANCE.serialize(dos, depth);
EndTag.INSTANCE.serialize(dos, maxDepth);
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
clear();
for (int id = dis.readByte() & 0xFF; id != 0; id = dis.readByte() & 0xFF) {
Tag<?> tag = TagFactory.fromID(id);
String name = dis.readUTF();
tag.deserializeValue(dis, decrementDepth(depth));
tag.deserializeValue(dis, decrementMaxDepth(maxDepth));
put(name, tag);
}
}

@Override
public String valueToString(int depth) {
public String valueToString(int maxDepth) {
StringBuilder sb = new StringBuilder("{");
boolean first = true;
for (Map.Entry<String, Tag<?>> e : getValue().entrySet()) {
sb.append(first ? "" : ",")
.append(escapeString(e.getKey(), false)).append(":")
.append(e.getValue().toString(decrementDepth(depth)));
.append(e.getValue().toString(decrementMaxDepth(maxDepth)));
first = false;
}
sb.append("}");
return sb.toString();
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
StringBuilder sb = new StringBuilder("{");
boolean first = true;
for (Map.Entry<String, Tag<?>> e : getValue().entrySet()) {
sb.append(first ? "" : ",")
.append(escapeString(e.getKey(), true)).append(":")
.append(e.getValue().valueToTagString(decrementDepth(depth)));
.append(e.getValue().valueToTagString(decrementMaxDepth(maxDepth)));
first = false;
}
sb.append("}");
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/net/querz/nbt/DoubleTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ public void setValue(double value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeDouble(getValue());
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
setValue(dis.readDouble());
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return getValue() + "d";
}

Expand Down
8 changes: 4 additions & 4 deletions src/main/java/net/querz/nbt/EndTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,22 @@ protected Void checkValue(Void value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) {
public void serializeValue(DataOutputStream dos, int maxDepth) {
//nothing to do
}

@Override
public void deserializeValue(DataInputStream dis, int depth) {
public void deserializeValue(DataInputStream dis, int maxDepth) {
//nothing to do
}

@Override
public String valueToString(int depth) {
public String valueToString(int maxDepth) {
return "\"end\"";
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
throw new UnsupportedOperationException("EndTag cannot be turned into a String");
}

Expand Down
6 changes: 3 additions & 3 deletions src/main/java/net/querz/nbt/FloatTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ public void setValue(float value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeFloat(getValue());
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
setValue(dis.readFloat());
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return getValue() + "f";
}

Expand Down
6 changes: 3 additions & 3 deletions src/main/java/net/querz/nbt/IntArrayTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@ public IntArrayTag(int[] value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeInt(length());
for (int i : getValue()) {
dos.writeInt(i);
}
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
int length = dis.readInt();
setValue(new int[length]);
for (int i = 0; i < length; i++) {
Expand All @@ -35,7 +35,7 @@ public void deserializeValue(DataInputStream dis, int depth) throws IOException
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return arrayToString("I", "");
}

Expand Down
6 changes: 3 additions & 3 deletions src/main/java/net/querz/nbt/IntTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ public void setValue(int value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeInt(getValue());
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
setValue(dis.readInt());
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return getValue() + "";
}

Expand Down
16 changes: 8 additions & 8 deletions src/main/java/net/querz/nbt/ListTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -246,19 +246,19 @@ public ListTag<CompoundTag> asCompoundTagList() {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeByte(TagFactory.idFromClass(getTypeClass()));
dos.writeInt(size());
if (size() != 0) {
for (T t : getValue()) {
t.serializeValue(dos, decrementDepth(depth));
t.serializeValue(dos, decrementMaxDepth(maxDepth));
}
}
}

@SuppressWarnings("unchecked")
@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
int typeID = dis.readByte();
if (typeID != 0) {
typeClass = TagFactory.classFromID(typeID);
Expand All @@ -269,27 +269,27 @@ public void deserializeValue(DataInputStream dis, int depth) throws IOException
if (size != 0) {
for (int i = 0; i < size; i++) {
Tag<?> tag = TagFactory.fromID(typeID);
tag.deserializeValue(dis, decrementDepth(depth));
tag.deserializeValue(dis, decrementMaxDepth(maxDepth));
add((T) tag);
}
}
}

@Override
public String valueToString(int depth) {
public String valueToString(int maxDepth) {
StringBuilder sb = new StringBuilder("{\"type\":\"").append(getTypeClass().getSimpleName()).append("\",\"list\":[");
for (int i = 0; i < size(); i++) {
sb.append(i > 0 ? "," : "").append(get(i).valueToString(decrementDepth(depth)));
sb.append(i > 0 ? "," : "").append(get(i).valueToString(decrementMaxDepth(maxDepth)));
}
sb.append("]}");
return sb.toString();
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
StringBuilder sb = new StringBuilder("[");
for (int i = 0; i < size(); i++) {
sb.append(i > 0 ? "," : "").append(get(i).valueToTagString(decrementDepth(depth)));
sb.append(i > 0 ? "," : "").append(get(i).valueToTagString(decrementMaxDepth(maxDepth)));
}
sb.append("]");
return sb.toString();
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/net/querz/nbt/LongArrayTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@ public LongArrayTag(long[] value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeInt(length());
for (long i : getValue()) {
dos.writeLong(i);
}
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
int length = dis.readInt();
setValue(new long[length]);
for (int i = 0; i < length; i++) {
Expand All @@ -35,7 +35,7 @@ public void deserializeValue(DataInputStream dis, int depth) throws IOException
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return arrayToString("L", "l");
}

Expand Down
6 changes: 3 additions & 3 deletions src/main/java/net/querz/nbt/LongTag.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ public void setValue(long value) {
}

@Override
public void serializeValue(DataOutputStream dos, int depth) throws IOException {
public void serializeValue(DataOutputStream dos, int maxDepth) throws IOException {
dos.writeLong(getValue());
}

@Override
public void deserializeValue(DataInputStream dis, int depth) throws IOException {
public void deserializeValue(DataInputStream dis, int maxDepth) throws IOException {
setValue(dis.readLong());
}

@Override
public String valueToTagString(int depth) {
public String valueToTagString(int maxDepth) {
return getValue() + "l";
}

Expand Down
5 changes: 4 additions & 1 deletion src/main/java/net/querz/nbt/MaxDepthReachedException.java
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
package net.querz.nbt;

/**
* Exception indicating that the maximum (de-)serialization depth has been reached.
*/
@SuppressWarnings("serial")
public class MaxDepthReachedException extends RuntimeException {

public MaxDepthReachedException(String msg) {
super(msg);
}
Expand Down
Loading

0 comments on commit 66ce529

Please sign in to comment.