Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit88a3b90

Browse files
authored
Change pre-22 poison pill to only log once per affected message type. (#21754)
1 parent320eafa commit88a3b90

File tree

3 files changed

+71
-34
lines changed

3 files changed

+71
-34
lines changed

‎java/core/src/main/java/com/google/protobuf/GeneratedMessage.java‎

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,11 @@
2121
importjava.lang.reflect.Method;
2222
importjava.util.ArrayList;
2323
importjava.util.Collections;
24+
importjava.util.HashSet;
2425
importjava.util.Iterator;
2526
importjava.util.List;
2627
importjava.util.Map;
28+
importjava.util.Set;
2729
importjava.util.TreeMap;
2830
importjava.util.logging.Logger;
2931

@@ -329,21 +331,30 @@ public int getSerializedSize() {
329331
+" security vulnerability:"
330332
+" https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2";
331333

332-
staticvoidwarnPre22Gencode() {
334+
privatestaticfinalSet<String>loggedPre22TypeNames
335+
=Collections.synchronizedSet(newHashSet<String>());
336+
staticvoidwarnPre22Gencode(Class<?>messageClass) {
333337
if (System.getProperty(PRE22_GENCODE_SILENCE_PROPERTY) !=null) {
334338
return;
335339
}
336-
UnsupportedOperationExceptionexception =
337-
newUnsupportedOperationException(PRE22_GENCODE_VULNERABILITY_MESSAGE);
340+
StringmessageName =messageClass.getName();
341+
StringvulnerabilityMessage =
342+
"Vulnerable protobuf generated type in use: " +messageName +"\n" +
343+
PRE22_GENCODE_VULNERABILITY_MESSAGE;
344+
338345
if (System.getProperty(PRE22_GENCODE_ERROR_PROPERTY) !=null) {
339-
throwexception;
346+
thrownewUnsupportedOperationException(vulnerabilityMessage);
347+
}
348+
349+
if (!loggedPre22TypeNames.add(messageName)) {
350+
return;
340351
}
341-
logger.warning(exception.toString());
352+
logger.warning(vulnerabilityMessage);
342353
}
343354

344355
/** Used by parsing constructors in generated classes. */
345356
protectedvoidmakeExtensionsImmutable() {
346-
warnPre22Gencode();
357+
warnPre22Gencode(getClass());
347358
}
348359

349360
/**
@@ -933,7 +944,7 @@ protected boolean parseUnknownField(
933944
/** Used by parsing constructors in generated classes. */
934945
@Override
935946
protectedvoidmakeExtensionsImmutable() {
936-
warnPre22Gencode();
947+
warnPre22Gencode(getClass());
937948
extensions.makeImmutable();
938949
}
939950

‎java/core/src/main/java/com/google/protobuf/GeneratedMessageV3.java‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -528,7 +528,7 @@ protected Object newInstance(UnusedPrivateParameter unused) {
528528
*/
529529
protectedvoidmakeExtensionsImmutable() {
530530
// Noop for messages without extensions.
531-
GeneratedMessage.warnPre22Gencode();
531+
GeneratedMessage.warnPre22Gencode(getClass());
532532
}
533533

534534
/**
@@ -1276,7 +1276,7 @@ protected boolean parseUnknownFieldProto3(
12761276
*/
12771277
@Override
12781278
protectedvoidmakeExtensionsImmutable() {
1279-
GeneratedMessage.warnPre22Gencode();
1279+
GeneratedMessage.warnPre22Gencode(getClass());
12801280
extensions.makeImmutable();
12811281
}
12821282

‎java/core/src/test/java/com/google/protobuf/GeneratedMessageTest.java‎

Lines changed: 51 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -2015,39 +2015,58 @@ private TestUtil.TestLogHandler setupLogger() {
20152015
@Test
20162016
publicvoidgeneratedMessage_makeExtensionsImmutableShouldLog() {
20172017
TestUtil.TestLogHandlerlogHandler =setupLogger();
2018-
GeneratedMessageV3msg =
2019-
newGeneratedMessageV3() {
2020-
@Override
2021-
protectedFieldAccessorTableinternalGetFieldAccessorTable() {
2022-
returnnull;
2023-
}
2024-
2025-
@Override
2026-
protectedMessage.BuildernewBuilderForType(BuilderParentparent) {
2027-
returnnull;
2028-
}
2018+
classTestMessage1extendsGeneratedMessageV3 {
2019+
@Override
2020+
protectedFieldAccessorTableinternalGetFieldAccessorTable() {
2021+
returnnull;
2022+
}
2023+
2024+
@Override
2025+
protectedMessage.BuildernewBuilderForType(BuilderParentparent) {
2026+
returnnull;
2027+
}
2028+
2029+
@Override
2030+
publicMessage.BuildernewBuilderForType() {
2031+
returnnull;
2032+
}
2033+
2034+
@Override
2035+
publicMessage.BuildertoBuilder() {
2036+
returnnull;
2037+
}
2038+
2039+
@Override
2040+
publicMessagegetDefaultInstanceForType() {
2041+
returnnull;
2042+
}
2043+
}
20292044

2030-
@Override
2031-
publicMessage.BuildernewBuilderForType() {
2032-
returnnull;
2033-
}
2045+
classTestMessage2extendsTestMessage1 {}
20342046

2035-
@Override
2036-
publicMessage.BuildertoBuilder() {
2037-
returnnull;
2038-
}
2039-
2040-
@Override
2041-
publicMessagegetDefaultInstanceForType() {
2042-
returnnull;
2043-
}
2044-
};
2047+
TestMessage1msg =newTestMessage1();
20452048
msg.makeExtensionsImmutable();
20462049
List<LogRecord>logs =logHandler.getStoredLogRecords();
20472050
assertThat(logs).hasSize(1);
20482051
Stringmessage =logs.get(0).getMessage();
2052+
// The generated type
2053+
assertThat(message).contains(
2054+
"Vulnerable protobuf generated type in use: " +
2055+
"com.google.protobuf.GeneratedMessageTest$1TestMessage1");
20492056
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
20502057
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_SILENCE_PROPERTY);
2058+
2059+
// Subsequent calls for the same type do not log again.
2060+
msg.makeExtensionsImmutable();
2061+
assertThat(logHandler.getStoredLogRecords()).hasSize(1);
2062+
2063+
// A call on a second type does log for that type.
2064+
TestMessage2msg2 =newTestMessage2();
2065+
msg2.makeExtensionsImmutable();
2066+
assertThat(logHandler.getStoredLogRecords()).hasSize(2);
2067+
// And not again (only once per type).
2068+
msg2.makeExtensionsImmutable();
2069+
assertThat(logHandler.getStoredLogRecords()).hasSize(2);
20512070
}
20522071

20532072
@Test
@@ -2059,7 +2078,14 @@ public void extendableMessage_makeExtensionsImmutableShouldThrow() {
20592078
List<LogRecord>logs =logHandler.getStoredLogRecords();
20602079
assertThat(logs).hasSize(1);
20612080
Stringmessage =logs.get(0).getMessage();
2081+
assertThat(message).contains(
2082+
"Vulnerable protobuf generated type in use: " +
2083+
"protobuf_unittest.UnittestProto$TestAllExtensions");
20622084
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_VULNERABILITY_MESSAGE);
20632085
assertThat(message).contains(GeneratedMessage.PRE22_GENCODE_SILENCE_PROPERTY);
2086+
2087+
// Subsequent calls for the same type do not log again.
2088+
msg.makeExtensionsImmutable();
2089+
assertThat(logHandler.getStoredLogRecords()).hasSize(1);
20642090
}
20652091
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp