Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(developer): prevent invalid string ids 🏠 #12524

Merged
merged 1 commit into from
Oct 10, 2024
Merged

fix(developer): prevent invalid string ids 🏠 #12524

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions developer/src/kmc-ldml/src/compiler/messages.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,13 @@ export class CompilerMessages {
static Error_UnparseableReorderSet = (o: { from: string, set: string }) =>
m(this.ERROR_UnparseableReorderSet, `Illegal UnicodeSet "${def(o.set)}" in reorder "${def(o.from)}`);

// Available: 0x029
static ERROR_InvalidVariableIdentifer = SevError | 0x0029;
static Error_InvalidVariableIdentifer = (o: { id: string }) => m(
this.ERROR_InvalidVariableIdentifer,
`Invalid variable identifier "\\u${def(o.id)}". Identifiers must be between 1 and 32 characters, and can use A-Z, a-z, 0-9, and _.`,
);

// Available: 0x02A-0x2F

static ERROR_InvalidQuadEscape = SevError | 0x0030;
static Error_InvalidQuadEscape = (o: { cp: number }) =>
Expand All @@ -189,9 +195,12 @@ export class CompilerMessages {
m(this.ERROR_UnparseableTransformFrom, `Invalid transform from="${def(o.from)}": "${def(o.message)}"`);

static ERROR_IllegalTransformDollarsign = SevErrorTransform | 0x01;
static Error_IllegalTransformDollarsign = (o: { from: string }) =>
m(this.ERROR_IllegalTransformDollarsign, `Invalid transform from="${def(o.from)}": Unescaped dollar-sign ($) is not valid transform syntax.`,
'**Hint**: Use `\\$` to match a literal dollar-sign.');
static Error_IllegalTransformDollarsign = (o: { from: string }) => m(
this.ERROR_IllegalTransformDollarsign,
`Invalid transform from="${def(o.from)}": Unescaped dollar-sign ($) is not valid transform syntax.`,
`**Hint**: Use \`\\$\` to match a literal dollar-sign. If this precedes a variable name, `+
`the variable name may not be valid (A-Z, a-z, 0-9, _, 32 character maximum).`
);

static ERROR_TransformFromMatchesNothing = SevErrorTransform | 0x02;
static Error_TransformFromMatchesNothing = (o: { from: string }) =>
Expand Down
20 changes: 20 additions & 0 deletions developer/src/kmc-ldml/src/compiler/vars.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,14 @@ export class VarsCompiler extends SectionCompiler {
return valid;
}

private validateIdentifier(id: string) {
if(!id.match(VariableParser.ID)) { // From <string> DTD
this.callbacks.reportMessage(CompilerMessages.Error_InvalidVariableIdentifer({id}));
return false;
}
return true;
}

private validateVars(st: Substitutions): boolean {
let valid = true;
const variables = this.keyboard3?.variables;
Expand Down Expand Up @@ -67,6 +75,10 @@ export class VarsCompiler extends SectionCompiler {
if (variables) {
// Strings
for (const { id, value } of variables.string) {
if(!this.validateIdentifier(id)) {
valid = false;
continue;
}
addId(id);
const stringrefs = VariableParser.allStringReferences(value);
for(const ref of stringrefs) {
Expand All @@ -81,6 +93,10 @@ export class VarsCompiler extends SectionCompiler {
}
// Sets
for (const { id, value } of variables.set) {
if(!this.validateIdentifier(id)) {
valid = false;
continue;
}
addId(id);
allSets.add(id);
// check for illegal references, here.
Expand All @@ -103,6 +119,10 @@ export class VarsCompiler extends SectionCompiler {
}
// UnicodeSets
for (const { id, value } of variables.uset) {
if(!this.validateIdentifier(id)) {
valid = false;
continue;
}
addId(id);
allUnicodeSets.add(id);
const stringrefs = VariableParser.allStringReferences(value);
Expand Down
17 changes: 17 additions & 0 deletions developer/src/kmc-ldml/test/fixtures/sections/vars/fail-invalid-identifiers.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>

<keyboard3 xmlns="https://schemas.unicode.org/cldr/45/keyboard3" locale="mt" conformsTo="45">
<info name="vars-minimal"/>

<keys />

<!-- from spec -->
<variables>
<string id="invalid-string" value="yes" /> <!-- ERROR_InvalidVariableIdentifer -->
<set id="invalid-set" value="A B C D E FF" /> <!-- ERROR_InvalidVariableIdentifer -->
<uset id="invalid-uset" value="[कसतनमह]" /> <!-- ERROR_InvalidVariableIdentifer -->
<set id="a_marker_name_more_than_32_chars_long" value="Y E S" /> <!-- ERROR_InvalidVariableIdentifer -->
<string id="😡" value="UPPERCASE" /> <!-- ERROR_InvalidVariableIdentifer -->
</variables>

</keyboard3>
10 changes: 10 additions & 0 deletions developer/src/kmc-ldml/test/test-vars.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,16 @@ describe('vars', function () {
CompilerMessages.Error_DuplicateVariable({ids: 'upper, y'})
],
},
{
subpath: 'sections/vars/fail-invalid-identifiers.xml',
errors: [
CompilerMessages.Error_InvalidVariableIdentifer({id: 'invalid-string'}),
CompilerMessages.Error_InvalidVariableIdentifer({id: 'invalid-set'}),
CompilerMessages.Error_InvalidVariableIdentifer({id: 'invalid-uset'}),
CompilerMessages.Error_InvalidVariableIdentifer({id: 'a_marker_name_more_than_32_chars_long'}),
CompilerMessages.Error_InvalidVariableIdentifer({id: '😡'}),
],
},
{
subpath: 'sections/vars/fail-uset-props1.xml',
errors: [
Expand Down
Loading