From 645ee387d3b382c18dd34fc4c6184aee59bdbcdd Mon Sep 17 00:00:00 2001 From: Looly Date: Fri, 1 Sep 2023 23:41:00 +0800 Subject: [PATCH] fix code --- .../hutool/core/array/ArrayWrapper.java | 8 ++--- .../hutool/core/collection/ListUtil.java | 8 ++--- .../dromara/hutool/core/lang/Validator.java | 31 +++++++++++++++---- .../hutool/core/io/ClassPathResourceTest.java | 2 +- .../org/dromara/hutool/json/JSONArray.java | 18 ++++++----- .../dromara/hutool/json/JSONArrayTest.java | 4 +-- 6 files changed, 45 insertions(+), 26 deletions(-) diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/array/ArrayWrapper.java b/hutool-core/src/main/java/org/dromara/hutool/core/array/ArrayWrapper.java index 86c8d6d15..a0ef6bba2 100644 --- a/hutool-core/src/main/java/org/dromara/hutool/core/array/ArrayWrapper.java +++ b/hutool-core/src/main/java/org/dromara/hutool/core/array/ArrayWrapper.java @@ -2,9 +2,9 @@ package org.dromara.hutool.core.array; import org.dromara.hutool.core.collection.iter.ArrayIter; import org.dromara.hutool.core.convert.Convert; -import org.dromara.hutool.core.exception.HutoolException; import org.dromara.hutool.core.func.Wrapper; import org.dromara.hutool.core.lang.Assert; +import org.dromara.hutool.core.lang.Validator; import org.dromara.hutool.core.reflect.ClassUtil; import org.dromara.hutool.core.util.ObjUtil; @@ -294,10 +294,8 @@ public class ArrayWrapper implements Wrapper, Iterable { if (index < this.length) { Array.set(array, index, value); } else { - // issue#3286, 增加安全检查,最多增加2倍 - if(index > (length + 1) * 2) { - throw new HutoolException("Index is too large:", index); - } + // issue#3286, 增加安全检查,最多增加10倍 + Validator.checkIndexLimit(index, this.length); for (int i = length; i < index; i++) { append(paddingElement); diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/collection/ListUtil.java b/hutool-core/src/main/java/org/dromara/hutool/core/collection/ListUtil.java index e66d65591..c6ea10499 100644 --- a/hutool-core/src/main/java/org/dromara/hutool/core/collection/ListUtil.java +++ b/hutool-core/src/main/java/org/dromara/hutool/core/collection/ListUtil.java @@ -20,8 +20,8 @@ import org.dromara.hutool.core.collection.partition.RandomAccessAvgPartition; import org.dromara.hutool.core.collection.partition.RandomAccessPartition; import org.dromara.hutool.core.comparator.PinyinComparator; import org.dromara.hutool.core.comparator.PropertyComparator; -import org.dromara.hutool.core.exception.HutoolException; import org.dromara.hutool.core.lang.Assert; +import org.dromara.hutool.core.lang.Validator; import org.dromara.hutool.core.lang.page.PageInfo; import org.dromara.hutool.core.util.ObjUtil; @@ -477,10 +477,8 @@ public class ListUtil { if (index < size) { list.set(index, element); } else { - // issue#3286, 增加安全检查,最多增加2倍 - if(index > (list.size() + 1) * 2) { - throw new HutoolException("Index is too large:", index); - } + // issue#3286, 增加安全检查,最多增加10倍 + Validator.checkIndexLimit(index, size); for (int i = size; i < index; i++) { list.add(paddingElement); } diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/lang/Validator.java b/hutool-core/src/main/java/org/dromara/hutool/core/lang/Validator.java index ac0a5e733..a4c73c3de 100644 --- a/hutool-core/src/main/java/org/dromara/hutool/core/lang/Validator.java +++ b/hutool-core/src/main/java/org/dromara/hutool/core/lang/Validator.java @@ -12,17 +12,17 @@ package org.dromara.hutool.core.lang; +import org.dromara.hutool.core.data.CreditCodeUtil; +import org.dromara.hutool.core.data.IdcardUtil; import org.dromara.hutool.core.date.DateUtil; import org.dromara.hutool.core.exception.ValidateException; -import org.dromara.hutool.core.regex.PatternPool; -import org.dromara.hutool.core.regex.RegexPool; -import org.dromara.hutool.core.util.CharsetUtil; -import org.dromara.hutool.core.data.CreditCodeUtil; import org.dromara.hutool.core.math.NumberUtil; -import org.dromara.hutool.core.util.ObjUtil; +import org.dromara.hutool.core.regex.PatternPool; import org.dromara.hutool.core.regex.ReUtil; +import org.dromara.hutool.core.regex.RegexPool; import org.dromara.hutool.core.text.StrUtil; -import org.dromara.hutool.core.data.IdcardUtil; +import org.dromara.hutool.core.util.CharsetUtil; +import org.dromara.hutool.core.util.ObjUtil; import java.net.MalformedURLException; import java.nio.charset.Charset; @@ -1239,4 +1239,23 @@ public class Validator { throw new ValidateException(errorMsg); } } + + /** + * 检查给定的index是否超出长度限制,默认检查超出倍数(10倍),此方法主要用于内部,检查包括: + *
    + *
  • 数组调用setOrPadding时,最多允许padding的长度
    • + *
  • List调用setOrPadding时,最多允许padding的长度
    • + *
  • JSONArray调用setOrPadding时,最多允许padding的长度
    • + *
+ * + * @param index 索引 + * @param size 数组、列表长度 + * @since 6.0.0 + */ + public static void checkIndexLimit(final int index, final int size) { + // issue#3286, 增加安全检查,最多增加10倍 + if (index > (size + 1) * 10) { + throw new ValidateException("Index [{}] is too large for size: [{}]", index, size); + } + } } diff --git a/hutool-core/src/test/java/org/dromara/hutool/core/io/ClassPathResourceTest.java b/hutool-core/src/test/java/org/dromara/hutool/core/io/ClassPathResourceTest.java index bc9d5da34..6ffa22734 100644 --- a/hutool-core/src/test/java/org/dromara/hutool/core/io/ClassPathResourceTest.java +++ b/hutool-core/src/test/java/org/dromara/hutool/core/io/ClassPathResourceTest.java @@ -41,7 +41,7 @@ public class ClassPathResourceTest { // 读取classpath根目录测试 final ClassPathResource resource = new ClassPathResource("/"); final String content = resource.readUtf8Str(); - Assertions.assertTrue(StrUtil.isEmpty(content)); + Assertions.assertNotNull(content); } @Test diff --git a/hutool-json/src/main/java/org/dromara/hutool/json/JSONArray.java b/hutool-json/src/main/java/org/dromara/hutool/json/JSONArray.java index 25b321d9b..704c63406 100644 --- a/hutool-json/src/main/java/org/dromara/hutool/json/JSONArray.java +++ b/hutool-json/src/main/java/org/dromara/hutool/json/JSONArray.java @@ -15,6 +15,7 @@ package org.dromara.hutool.json; import org.dromara.hutool.core.collection.CollUtil; import org.dromara.hutool.core.convert.Convert; import org.dromara.hutool.core.convert.impl.ArrayConverter; +import org.dromara.hutool.core.lang.Validator; import org.dromara.hutool.core.lang.mutable.Mutable; import org.dromara.hutool.core.lang.mutable.MutableEntry; import org.dromara.hutool.core.lang.mutable.MutableObj; @@ -25,12 +26,7 @@ import org.dromara.hutool.json.writer.JSONWriter; import java.io.StringWriter; import java.io.Writer; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.ListIterator; -import java.util.RandomAccess; +import java.util.*; import java.util.function.Predicate; /** @@ -456,7 +452,15 @@ public class JSONArray implements JSON, JSONGetter, List, Rando } this.rawList.add(index, InternalJSONUtil.wrap(element, this.config)); } else { - // 相对于5.x逻辑变更,当index大于size,则追加,而不是补充null,这样更加安全 + // issue#3286, 如果用户指定的index太大,容易造成Java heap space错误。 + if (!config.isIgnoreNullValue()) { + // issue#3286, 增加安全检查,最多增加10倍 + Validator.checkIndexLimit(index, this.size()); + while (index != this.size()) { + // 非末尾,则填充null + this.add(null); + } + } this.add(element); } diff --git a/hutool-json/src/test/java/org/dromara/hutool/json/JSONArrayTest.java b/hutool-json/src/test/java/org/dromara/hutool/json/JSONArrayTest.java index 54b077d64..486269e5a 100644 --- a/hutool-json/src/test/java/org/dromara/hutool/json/JSONArrayTest.java +++ b/hutool-json/src/test/java/org/dromara/hutool/json/JSONArrayTest.java @@ -225,9 +225,9 @@ public class JSONArrayTest { Assertions.assertEquals(1, jsonArray.size()); jsonArray = new JSONArray(JSONConfig.of().setIgnoreNullValue(false)); - jsonArray.set(3, "test"); + jsonArray.set(2, "test"); // 第三个位置插入值,0~2都是null - Assertions.assertEquals(4, jsonArray.size()); + Assertions.assertEquals(3, jsonArray.size()); } // https://github.com/dromara/hutool/issues/1858