Commit3d5343c

committed

1 parentd384ab6 commit3d5343cCopy full SHA for 3d5343c

File tree

5 files changed

+3866

-5

lines changed

java-diff-utils/src
- main/java/com/github/difflib/unifieddiff
  - UnifiedDiffReader.java
- test
  - java/com/github/difflib/unifieddiff
    - UnifiedDiffReaderTest.java
  - resources/com/github/difflib/unifieddiff

5 files changed

+3866

-5

lines changed

`‎java-diff-utils/src/main/java/com/github/difflib/unifieddiff/UnifiedDiffReader.java‎`

Lines changed: 11 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,8 @@ private UnifiedDiff parse() throws IOException, UnifiedDiffParserException {`
`106`	`106`	`if (line !=null) {`
`107`	`107`	`processLine(line,CHUNK);`
`108`	`108`	`while ((line =READER.readLine()) !=null) {`
	`109`	`+line =checkForNoNewLineAtTheEndOfTheFile(line);`
	`110`	`+`
`109`	`111`	`if (!processLine(line,LINE_NORMAL,LINE_ADD,LINE_DEL)) {`
`110`	`112`	`thrownewUnifiedDiffParserException("expected data line not found");`
`111`	`113`	`}`
`@@ -118,10 +120,7 @@ private UnifiedDiff parse() throws IOException, UnifiedDiffParserException {`
`118`	`120`	`}`
`119`	`121`	`line =READER.readLine();`
`120`	`122`
`121`		`-if ("\\ No newline at end of file".equals(line)) {`
`122`		`-actualFile.setNoNewLineAtTheEndOfTheFile(true);`
`123`		`-line =READER.readLine();`
`124`		`- }`
	`123`	`+line =checkForNoNewLineAtTheEndOfTheFile(line);`
`125`	`124`	`}`
`126`	`125`	`if (line ==null \|\| (line.startsWith("--") && !line.startsWith("---"))) {`
`127`	`126`	`break;`
`@@ -142,6 +141,14 @@ private UnifiedDiff parse() throws IOException, UnifiedDiffParserException {`
`142`	`141`	`returndata;`
`143`	`142`	`}`
`144`	`143`
	`144`	`+privateStringcheckForNoNewLineAtTheEndOfTheFile(Stringline)throwsIOException {`
	`145`	`+if ("\\ No newline at end of file".equals(line)) {`
	`146`	`+actualFile.setNoNewLineAtTheEndOfTheFile(true);`
	`147`	`+returnREADER.readLine();`
	`148`	`+ }`
	`149`	`+returnline;`
	`150`	`+ }`
	`151`	`+`
`145`	`152`	`staticString[]parseFileNames(Stringline) {`
`146`	`153`	`String[]split =line.split(" ");`
`147`	`154`	`returnnewString[]{`

`‎java-diff-utils/src/test/java/com/github/difflib/unifieddiff/UnifiedDiffReaderTest.java‎`

Lines changed: 33 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -277,12 +277,44 @@ public void testParseIssue107_2() throws IOException {`
`277`	`277`
`278`	`278`	`assertThat(diff.getFiles().size()).isEqualTo(2);`
`279`	`279`
`280`		`-finalUnifiedDiffFilefile =diff.getFiles().get(0);`
`281`	`280`	`UnifiedDiffFilefile1 =diff.getFiles().get(0);`
`282`	`281`	`assertThat(file1.getFromFile()).isEqualTo("Main.java");`
`283`	`282`	`assertThat(file1.getPatch().getDeltas().size()).isEqualTo(1);`
`284`	`283`
`285`	`284`	`}`
	`285`	`+`
	`286`	`+@Test`
	`287`	`+publicvoidtestParseIssue107_3()throwsIOException {`
	`288`	`+UnifiedDiffdiff =UnifiedDiffReader.parseUnifiedDiff(`
	`289`	`+UnifiedDiffReaderTest.class.getResourceAsStream("problem_diff_issue107_3.diff"));`
	`290`	`+`
	`291`	`+assertThat(diff.getFiles().size()).isEqualTo(1);`
	`292`	`+`
	`293`	`+UnifiedDiffFilefile1 =diff.getFiles().get(0);`
	`294`	`+assertThat(file1.getFromFile()).isEqualTo("Billion laughs attack.md");`
	`295`	`+assertThat(file1.getPatch().getDeltas().size()).isEqualTo(1);`
	`296`	`+`
	`297`	`+ }`
	`298`	`+`
	`299`	`+@Test`
	`300`	`+publicvoidtestParseIssue107_4()throwsIOException {`
	`301`	`+UnifiedDiffdiff =UnifiedDiffReader.parseUnifiedDiff(`
	`302`	`+UnifiedDiffReaderTest.class.getResourceAsStream("problem_diff_issue107_4.diff"));`
	`303`	`+`
	`304`	`+assertThat(diff.getFiles().size()).isEqualTo(27);`
	`305`	`+`
	`306`	`+assertThat(diff.getFiles()).extracting(f ->f.getFromFile()).contains("README.md");`
	`307`	`+ }`
	`308`	`+`
	`309`	`+@Test`
	`310`	`+publicvoidtestParseIssue107_5()throwsIOException {`
	`311`	`+UnifiedDiffdiff =UnifiedDiffReader.parseUnifiedDiff(`
	`312`	`+UnifiedDiffReaderTest.class.getResourceAsStream("problem_diff_issue107_5.diff"));`
	`313`	`+`
	`314`	`+assertThat(diff.getFiles().size()).isEqualTo(22);`
	`315`	`+`
	`316`	`+assertThat(diff.getFiles()).extracting(f ->f.getFromFile()).contains("rt/management/src/test/java/org/apache/cxf/management/jmx/MBServerConnectorFactoryTest.java");`
	`317`	`+ }`
`286`	`318`
`287`	`319`	`@Test`
`288`	`320`	`publicvoidtestParseIssue110()throwsIOException {`

`‎java-diff-utils/src/test/resources/com/github/difflib/unifieddiff/problem_diff_issue107_3.diff‎`

Lines changed: 24 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,24 @@`
	`1`	`+diff -r 4d1de0a006b7 -r ace1482360cb Billion laughs attack.md`
	`2`	`+--- a/Billion laughs attack.mdMon Feb 24 13:37:17 2020 +0000`
	`3`	`++++ b/Billion laughs attack.mdMon Feb 24 14:22:50 2020 +0000`
	`4`	`+@@ -11,14 +11,12 @@`
	`5`	`+`
	`6`	`+ The problem is: when you stay with the mouth open and eyes closed then they may throw trash and you get sick.`
	`7`	`+`
	`8`	`+-`
	`9`	`+-SnakeYAML Engine [has a way to restrict the amount of aliases for collections](https://bitbucket.org/asomov/snakeyaml-engine/src/default/src/test/java/org/snakeyaml/engine/usecases/references/ReferencesTest.java) to fail early without allocation too much resources.`
	`10`	`++SnakeYAML 1.26+ [has a way to restrict the amount of aliases for collections](https://bitbucket.org/asomov/snakeyaml/src/default/src/test/java/org/yaml/snakeyaml/issues/issue377/ReferencesTest.java) to fail early without allocation too much resources.`
	`11`	`+`
	`12`	`+ # Solution #`
	`13`	`+`
	`14`	`+-1. If the YAML is not coming from untrusted source (it is merely a configuration file) then it is a false positive. Just ignore it. The quality of NVD database is very low and contains tons of issues which appear to be false positives.`
	`15`	`+-2. Migrate to [SnakeYAML Engine](https://bitbucket.org/asomov/snakeyaml-engine/src/default/). It has a configuration option to restrict aliases for collections (the aliases for scalars cannot grow and they are not restricted)`
	`16`	`+-3. Check how it is done in SnakeYAML Engine and build your own SnakeYAML version with the same change.`
	`17`	+-4. Read the YAML and check its quality before giving the document to SnakeYAML (count `*` and `&` for instance)
	`18`	`++1. Update to SnakeYAML 1.26. It has a configuration option to restrict aliases for collections (the aliases for scalars cannot grow and they are not restricted)`
	`19`	`++2. If the YAML is not coming from untrusted source (it is merely a configuration file) then it is a false positive. Just ignore it. The quality of NVD database is very low and contains tons of issues which appear to be false positives.`
	`20`	++3. Read the YAML and check its quality before giving the document to SnakeYAML (count `*` and `&` for instance)
	`21`	`+`
	`22`	`+-Enjoy.`
	`23`	`+\ No newline at end of file`
	`24`	`++Enjoy.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3d5343c

File tree

5 files changed

5 files changed

`‎java-diff-utils/src/main/java/com/github/difflib/unifieddiff/UnifiedDiffReader.java‎`

`‎java-diff-utils/src/test/java/com/github/difflib/unifieddiff/UnifiedDiffReaderTest.java‎`

`‎java-diff-utils/src/test/resources/com/github/difflib/unifieddiff/problem_diff_issue107_3.diff‎`

0 commit comments