Add Validation of UTF-8 sequence for percent encoding, also improves coverage

524974de · miloyip · c35d47f8 · 524974de · 524974de
Commit 524974de authored May 03, 2015 by miloyip
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 6 deletions

pointer.h include/rapidjson/pointer.h +2 -2

pointertest.cpp test/unittest/pointertest.cpp +23 -4

No files found.
--- a/include/rapidjson/pointer.h
+++ b/include/rapidjson/pointer.h
@@ -429,7 +429,7 @@ private:
                        GenericInsituStringStream<EncodingType> os(name);
                        Ch* begin = os.PutBegin();
                        Transcoder<UTF8<>, EncodingType> transcoder;
-                        if (!transcoder.Transcode(is, os) || !is.IsValid()) {
+                        if (!transcoder.Validate(is, os) || !is.IsValid()) {
                            parseErrorCode_ = kPointerParseErrorInvalidPercentEncoding;
                            goto error;
                        }
@@ -538,7 +538,7 @@ private:
                    GenericStringStream<typename ValueType::EncodingType> source(&t->name[j]);
                    PercentEncodeStream<OutputStream> target(os);
                    Transcoder<EncodingType, UTF8<> > transcoder;
-                    if (!transcoder.Transcode(source, target))
+                    if (!transcoder.Validate(source, target))
                        return false;
                    j += source.Tell() - 1;
                }

--- a/test/unittest/pointertest.cpp
+++ b/test/unittest/pointertest.cpp
@@ -340,7 +340,7 @@ TEST(Pointer, Parse_URIFragment) {
    }

    {
-        // kPointerParseErrorInvalidPercentEncoding
+        // kPointerParseErrorInvalidPercentEncoding (invalid hex)
        Pointer p("#/%g0");
        EXPECT_FALSE(p.IsValid());
        EXPECT_EQ(kPointerParseErrorInvalidPercentEncoding, p.GetParseErrorCode());
@@ -348,13 +348,21 @@ TEST(Pointer, Parse_URIFragment) {
    }

    {
-        // kPointerParseErrorInvalidPercentEncoding
+        // kPointerParseErrorInvalidPercentEncoding (invalid hex)
        Pointer p("#/%0g");
        EXPECT_FALSE(p.IsValid());
        EXPECT_EQ(kPointerParseErrorInvalidPercentEncoding, p.GetParseErrorCode());
        EXPECT_EQ(2u, p.GetParseErrorOffset());
    }

+    {
+        // kPointerParseErrorInvalidPercentEncoding (incomplete UTF-8 sequence)
+        Pointer p("#/%C2");
+        EXPECT_FALSE(p.IsValid());
+        EXPECT_EQ(kPointerParseErrorInvalidPercentEncoding, p.GetParseErrorCode());
+        EXPECT_EQ(2u, p.GetParseErrorOffset());
+    }
+
    {
        // kPointerParseErrorCharacterMustPercentEncode
        Pointer p("#/ ");
@@ -395,16 +403,23 @@ TEST(Pointer, Stringify) {
    for (size_t i = 0; i < sizeof(sources) / sizeof(sources[0]); i++) {
        Pointer p(sources[i]);
        StringBuffer s;
-        p.Stringify(s);
+        EXPECT_TRUE(p.Stringify(s));
        EXPECT_STREQ(sources[i], s.GetString());

        // Stringify to URI fragment
        StringBuffer s2;
-        p.StringifyUriFragment(s2);
+        EXPECT_TRUE(p.StringifyUriFragment(s2));
        Pointer p2(s2.GetString(), s2.GetSize());
        EXPECT_TRUE(p2.IsValid());
        EXPECT_TRUE(p == p2);
    }
+
+    {
+        // Strigify to URI fragment with an invalid UTF-8 sequence
+        Pointer p("/\xC2");
+        StringBuffer s;
+        EXPECT_FALSE(p.StringifyUriFragment(s));
+    }
 }

 // Construct a Pointer with static tokens, no dynamic allocation involved.
@@ -552,6 +567,10 @@ TEST(Pointer, Get) {
    EXPECT_EQ(&d[" "], Pointer("/ ").Get(d));
    EXPECT_EQ(&d["m~n"], Pointer("/m~0n").Get(d));
    EXPECT_TRUE(Pointer("/abc").Get(d) == 0);
+    EXPECT_TRUE(Pointer("/foo/2").Get(d) == 0); // Out of boundary
+    EXPECT_TRUE(Pointer("/foo/a").Get(d) == 0); // "/foo" is an array, cannot query by "a"
+    EXPECT_TRUE(Pointer("/foo/0/0").Get(d) == 0); // "/foo/0" is an string, cannot further query
+    EXPECT_TRUE(Pointer("/foo/0/a").Get(d) == 0); // "/foo/0" is an string, cannot further query
 }

 TEST(Pointer, GetWithDefault) {