Skip to content

JS: fix yaml StringIndexOutOfBoundsException#1485

Merged
semmle-qlci merged 3 commits intomasterfrom
unknown repository
Jul 2, 2019
Merged

JS: fix yaml StringIndexOutOfBoundsException#1485
semmle-qlci merged 3 commits intomasterfrom
unknown repository

Conversation

@ghost
Copy link

@ghost ghost commented Jun 21, 2019

This fixes ODASA-7993.

We previously got a StringIndexOutOfBoundsException in mkToString on some YAML files with long lines that had been truncated before we got access to them.

We no longer get an exception on such truncated lines, and treat them like multiline strings.

I think this needs to go into 1.21.

@tibbes

@ghost ghost added the JS label Jun 21, 2019
@ghost ghost added this to the 1.21.0 milestone Jun 21, 2019
@ghost ghost self-requested a review as a code owner June 21, 2019 13:02
asger-semmle
asger-semmle reviewed Jun 21, 2019
View reviewed changes
javascript/extractor/src/com/semmle/js/extractor/YAMLExtractor.java Outdated
Copy link
Contributor

@asger-semmle asger-semmle Jun 21, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused by the name isShortString when it's defined to be true is when src is longer than a certain limit. Was there a negation that was flipped during a refactoring here?

Copy link
Author

@ghost ghost Jun 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amended to hasAccessToDesiredString.

@xiemaisi
Copy link

xiemaisi commented Jun 21, 2019

I think this needs to go into 1.21.

It's targeted at master, though.

@ghost ghost changed the base branch from master to rc/1.21 June 21, 2019 13:29
@xiemaisi
Copy link

xiemaisi commented Jun 21, 2019

If we're putting this into 1.21, then maybe we should include #1481 as well. What do you think?

@ghost
Copy link
Author

ghost commented Jun 21, 2019

I agree, as they are both simple crash fixes. Do you want a cherry pick of the #1481 commit into this PR, or a separate PR?

@xiemaisi
Copy link

xiemaisi commented Jun 22, 2019

Maybe just add it to this PR?

Max Schaefer and others added 2 commits June 23, 2019 21:56
JavaScript: Fix potential null-pointer exception in YAML extractor.
a417884 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
JS: updated expected output for different SnakeYaml version
4f9a7d0
@xiemaisi
Copy link

xiemaisi commented Jun 24, 2019

This PR may not need to go into the release after all, so please don't merge yet.

@xiemaisi xiemaisi removed this from the 1.21.0 milestone Jun 24, 2019
@xiemaisi xiemaisi changed the base branch from rc/1.21 to master June 24, 2019 11:42
@semmle-qlci semmle-qlci merged commit 26fd1b9 into github:master Jul 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xiemaisi @asger-semmle @semmle-qlci

Comments