From 18081cf1ba57d97aa3c7674e8f67f227e0ce789b Mon Sep 17 00:00:00 2001 From: libraryaddict Date: Mon, 17 Jan 2022 16:43:03 +1300 Subject: [PATCH] Try avoid letting people use stupid values for numbers. Fixes #635 --- .../params/types/base/ParamInfoDouble.java | 8 +++- .../params/types/base/ParamInfoFloat.java | 14 +++++- .../types/base/ParamInfoFloatNullable.java | 4 +- .../types/custom/ParamInfoParticle.java | 5 ++ .../utilities/parser/DisguiseParser.java | 48 ++++++++----------- 5 files changed, 45 insertions(+), 34 deletions(-) diff --git a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoDouble.java b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoDouble.java index b3d9b291..d8817941 100644 --- a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoDouble.java +++ b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoDouble.java @@ -17,7 +17,13 @@ public class ParamInfoDouble extends ParamInfo { @Override protected Object fromString(String string) { - return Double.parseDouble(string); + double result = Double.parseDouble(string); + + if (!Double.isFinite(result) || Math.abs(result) > 999_999_999) { + throw new NumberFormatException("For input string: \"" + string + "\""); + } + + return result; } @Override diff --git a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloat.java b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloat.java index ec3da2c5..109e7f2d 100644 --- a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloat.java +++ b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloat.java @@ -7,12 +7,22 @@ import me.libraryaddict.disguise.utilities.params.ParamInfo; */ public class ParamInfoFloat extends ParamInfo { public ParamInfoFloat(String name, String description) { - super(float.class, name, description); + this(float.class, name, description); + } + + public ParamInfoFloat(Class cl, String name, String description) { + super(cl, name, description); } @Override protected Object fromString(String string) { - return Float.parseFloat(string); + float result = Float.parseFloat(string); + + if (!Float.isFinite(result) || Math.abs(result) > 999_999_999) { + throw new NumberFormatException("For input string: \"" + string + "\""); + } + + return result; } @Override diff --git a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloatNullable.java b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloatNullable.java index f0ba002f..6068f141 100644 --- a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloatNullable.java +++ b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/base/ParamInfoFloatNullable.java @@ -5,7 +5,7 @@ import me.libraryaddict.disguise.utilities.params.ParamInfo; /** * Created by libraryaddict on 7/09/2018. */ -public class ParamInfoFloatNullable extends ParamInfo { +public class ParamInfoFloatNullable extends ParamInfoFloat { public ParamInfoFloatNullable(String name, String description) { super(Float.class, name, description); } @@ -16,7 +16,7 @@ public class ParamInfoFloatNullable extends ParamInfo { return null; } - return Float.parseFloat(string); + return super.fromString(string); } @Override diff --git a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/custom/ParamInfoParticle.java b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/custom/ParamInfoParticle.java index ec8b61f1..f2ef76bb 100644 --- a/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/custom/ParamInfoParticle.java +++ b/plugin/src/main/java/me/libraryaddict/disguise/utilities/params/types/custom/ParamInfoParticle.java @@ -143,6 +143,11 @@ public class ParamInfoParticle extends ParamInfoEnum { throw new DisguiseParseException(LibsMsg.PARSE_PARTICLE_REDSTONE, particle.name(), string); } else { size = Math.max(0.2f, Float.parseFloat(split[split.length - 1])); + + // Stupid high cap + if (size > 100) { + size = 100; + } } data = new Particle.DustOptions(color, size); diff --git a/plugin/src/main/java/me/libraryaddict/disguise/utilities/parser/DisguiseParser.java b/plugin/src/main/java/me/libraryaddict/disguise/utilities/parser/DisguiseParser.java index 551d9e70..e9218fa7 100644 --- a/plugin/src/main/java/me/libraryaddict/disguise/utilities/parser/DisguiseParser.java +++ b/plugin/src/main/java/me/libraryaddict/disguise/utilities/parser/DisguiseParser.java @@ -108,14 +108,14 @@ public class DisguiseParser { } if (getMethod == null) { - DisguiseUtilities.getLogger().severe(String - .format("No such method '%s' when looking for the companion of '%s' in '%s'", getName, setMethod.getName(), - setMethod.getWatcherClass().getSimpleName())); + DisguiseUtilities.getLogger().severe( + String.format("No such method '%s' when looking for the companion of '%s' in '%s'", getName, setMethod.getName(), + setMethod.getWatcherClass().getSimpleName())); continue; } else if (getMethod.getReturnType() != setMethod.getParam()) { - DisguiseUtilities.getLogger().severe(String - .format("Invalid return type of '%s' when looking for the companion of '%s' in '%s'", getName, setMethod.getName(), - setMethod.getWatcherClass().getSimpleName())); + DisguiseUtilities.getLogger().severe( + String.format("Invalid return type of '%s' when looking for the companion of '%s' in '%s'", getName, setMethod.getName(), + setMethod.getWatcherClass().getSimpleName())); continue; } @@ -175,7 +175,7 @@ public class DisguiseParser { // Special handling for this method if (m.getName().equals("addPotionEffect")) { MethodHandle getPotion = - MethodHandles.publicLookup().bind(disguise.getWatcher(), "getPotionEffects", MethodType.methodType(PotionEffectType[].class)); + MethodHandles.publicLookup().bind(disguise.getWatcher(), "getPotionEffects", MethodType.methodType(PotionEffectType[].class)); PotionEffectType[] types = (PotionEffectType[]) getPotion.invoke(); for (PotionEffectType type : types) { @@ -267,7 +267,7 @@ public class DisguiseParser { serializedMeta.put(entry.getKey(), val.getClass().getName() + ":" + serialized); } catch (Throwable throwable) { DisguiseUtilities.getLogger() - .warning("Unable to properly serialize the metadata on a disguise, the metadata was saved under name '" + entry.getKey() + "'"); + .warning("Unable to properly serialize the metadata on a disguise, the metadata was saved under name '" + entry.getKey() + "'"); if (!(throwable instanceof StackOverflowError)) { throwable.printStackTrace(); @@ -297,9 +297,8 @@ public class DisguiseParser { if (!Objects.deepEquals(dObj, object)) { throw new IllegalStateException(String.format( - "%s has conflicting values in class %s! This means it expected the same value again but " + "received a " + - "different value on a different disguise! %s is not the same as %s!", setMethod.toString(), setMethod.toString(), object, - dObj)); + "%s has conflicting values in class %s! This means it expected the same value again but " + "received a " + + "different value on a different disguise! %s is not the same as %s!", setMethod.toString(), setMethod.toString(), object, dObj)); } return; @@ -311,7 +310,7 @@ public class DisguiseParser { } private static void doCheck(CommandSender sender, DisguisePermissions permissions, DisguisePerm disguisePerm, Collection usedOptions) - throws DisguiseParseException { + throws DisguiseParseException { if (!permissions.isAllowedDisguise(disguisePerm, usedOptions)) { throw new DisguiseParseException(LibsMsg.D_PARSE_NOPERM, usedOptions.stream().reduce((first, second) -> second).orElse(null)); @@ -416,15 +415,6 @@ public class DisguiseParser { return new DisguisePermissions(sender, commandName); } - private static boolean isDouble(String string) { - try { - Float.parseFloat(string); - return true; - } catch (Exception ex) { - return false; - } - } - private static boolean isInteger(String string) { try { Integer.parseInt(string); @@ -496,7 +486,7 @@ public class DisguiseParser { public static String[] parsePlaceholders(String[] args, CommandSender user, CommandSender target) { return parsePlaceholders(args, getName(user), DisguiseUtilities.getDisplayName(user), getSkin(user), getName(target), - DisguiseUtilities.getDisplayName(target), DisguiseParser.getSkin(target), getEntityEquipment(user), getEntityEquipment(target)); + DisguiseUtilities.getDisplayName(target), DisguiseParser.getSkin(target), getEntityEquipment(user), getEntityEquipment(target)); } private static EntityEquipment getEntityEquipment(CommandSender entity) { @@ -647,7 +637,7 @@ public class DisguiseParser { } DisguiseParser.callMethods(Bukkit.getConsoleSender(), disguise, new DisguisePermissions(Bukkit.getConsoleSender(), "disguise"), - new DisguisePerm(disguise.getType()), new ArrayList<>(), params, "Disguise"); + new DisguisePerm(disguise.getType()), new ArrayList<>(), params, "Disguise"); } public static void modifyDisguise(Disguise disguise, String[] params) throws Throwable { @@ -677,7 +667,7 @@ public class DisguiseParser { * disguise has been feed a proper disguisetype. */ public static Disguise parseDisguise(CommandSender sender, Entity target, String permNode, String[] args, DisguisePermissions permissions) - throws Throwable { + throws Throwable { if (!Bukkit.isPrimaryThread()) { throw new IllegalStateException("DisguiseParser should not be called async!"); } @@ -809,7 +799,7 @@ public class DisguiseParser { boolean adult = true; if (args[1].equalsIgnoreCase(TranslateType.DISGUISE_OPTIONS.get("baby")) || - args[1].equalsIgnoreCase(TranslateType.DISGUISE_OPTIONS.get("adult"))) { + args[1].equalsIgnoreCase(TranslateType.DISGUISE_OPTIONS.get("adult"))) { usedOptions.add("setbaby"); doCheck(sender, permissions, disguisePerm, usedOptions); adult = args[1].equalsIgnoreCase(TranslateType.DISGUISE_OPTIONS.get("adult")); @@ -1006,8 +996,8 @@ public class DisguiseParser { parseException = ex; } catch (Exception ignored) { parseException = - new DisguiseParseException(LibsMsg.PARSE_EXPECTED_RECEIVED, paramInfo.getDescriptiveName(), list.isEmpty() ? null : list.get(0), - TranslateType.DISGUISE_OPTIONS.reverseGet(method.getName())); + new DisguiseParseException(LibsMsg.PARSE_EXPECTED_RECEIVED, paramInfo.getDescriptiveName(), list.isEmpty() ? null : list.get(0), + TranslateType.DISGUISE_OPTIONS.reverseGet(method.getName())); } } @@ -1034,8 +1024,8 @@ public class DisguiseParser { } if (DisguiseConfig.isArmorstandsName() && ((methodToUse.getName().equals("setName") && disguise.isPlayerDisguise()) || - (DisguiseConfig.isOverrideCustomNames() && methodToUse.getName().equals("setCustomName"))) && - !sender.hasPermission("libsdisguises.multiname")) { + (DisguiseConfig.isOverrideCustomNames() && methodToUse.getName().equals("setCustomName"))) && + !sender.hasPermission("libsdisguises.multiname")) { valueToSet = DisguiseUtilities.quoteNewLine((String) valueToSet); }