From 6cb03299bc315e78c43038706e29f1fc722d8531 Mon Sep 17 00:00:00 2001 From: Maarten van der Schrieck Date: Sat, 23 Dec 2023 00:06:50 +0100 Subject: [PATCH] lib/addoninfo.cpp: When loading a JSON addon, test existence and type of script key. In case a user accidentally uses a wrong JSON file (e.g. naming.json, which is the config file for namingng.py), the code could give a confusing exception. This happens when the key 'script' is not defined as a string. This is solved by testing the key for existence and type. In case 'script' is not a key or refers to a type other than a string, a clear error is given, stating for example: 'Loading naming.json failed. script must be set to a string value.' A unit test is included for this specific error. --- lib/addoninfo.cpp | 5 +++++ test/cli/test-other.py | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/lib/addoninfo.cpp b/lib/addoninfo.cpp index cfe720b81e7..c96543f755a 100644 --- a/lib/addoninfo.cpp +++ b/lib/addoninfo.cpp @@ -87,6 +87,11 @@ static std::string parseAddonInfo(AddonInfo& addoninfo, const picojson::value &j return ""; } + if (!obj.count("script") || !obj["script"].is()) + { + return "Loading " + fileName + " failed. script must be set to a string value."; + } + return addoninfo.getAddonInfo(obj["script"].get(), exename); } diff --git a/test/cli/test-other.py b/test/cli/test-other.py index 819f1d6a64f..a183161fc9a 100644 --- a/test/cli/test-other.py +++ b/test/cli/test-other.py @@ -278,6 +278,22 @@ def test_addon_threadsafety(tmpdir): assert stderr == '{}:4:12: warning: strerror is MT-unsafe [threadsafety-unsafe-call]\n'.format(test_file) +def test_addon_invalidjson(tmpdir): + addon_file = os.path.join(tmpdir, 'invalid.json') + with open(addon_file, 'wt') as f: + f.write(""" +{ + "Script": "addons/something.py" +} + """) + + args = ['--addon={}'.format(addon_file), '--enable=all', 'nonexistent.cpp'] + + exitcode, stdout, stderr = cppcheck(args) + assert exitcode != 0 + assert stdout == 'Loading {} failed. script must be set to a string value.\n'.format(addon_file) + + def test_addon_naming(tmpdir): # the addon does nothing without a config addon_file = os.path.join(tmpdir, 'naming1.json')