Merge pull request #217 from nHapiNET/FuzzBadInputFixes3

Add changes to fix bad input from fuzzing, Fixes #210

.github/workflows/build-status.yml

@@ -15,7 +15,7 @@ jobs:
     - name: Setup .NET Core
       uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 3.1.405
+        dotnet-version: 3.1.409
 
     - name: Restore nHapi
       run: |
@@ -46,7 +46,7 @@ jobs:
     - name: Setup .NET Core
       uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 3.1.405
+        dotnet-version: 3.1.409
 
     - name: Restore nHapi
       run: |

.github/workflows/receive-pr.yml

@@ -13,7 +13,7 @@ jobs:
     - name: Setup .NET Core
       uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 3.1.405
+        dotnet-version: 3.1.409
     - name: Restore nHapi
       run: |
         dotnet restore nHapi.sln --configfile build\.nuget\NuGet.config
@@ -56,7 +56,7 @@ jobs:
     - name: Setup .NET Core
       uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 3.1.405
+        dotnet-version: 3.1.409
 
     - name: Restore nHapi
       run: |

global.json

@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "3.1.301",
+    "version": "3.1.409",
     "rollForward": "latestFeature"
   },
   "projects": []

src/NHapi.Base/Parser/EncodingCharacters.cs

@@ -28,6 +28,7 @@
 namespace NHapi.Base.Parser
 {
     using System;
+    using System.Linq;
 
     using NHapi.Base.Model;
 
@@ -52,13 +53,22 @@ public class EncodingCharacters : object, ICloneable
         /// Component Separator, Repetition Separator, Escape Character, and
         /// Subcomponent Separator (in that order).
         /// </param>
+        /// <exception cref="HL7Exception">If encoding characters are not unique.</exception>
         public EncodingCharacters(char fieldSeparator, string encodingCharacters)
         {
+            if (char.IsWhiteSpace(fieldSeparator) || fieldSeparator == char.MinValue)
+            {
+                throw new HL7Exception("Field Seperator must be a printable character.");
+            }
+
             FieldSeparator = fieldSeparator;
 
             encChars = new char[4];
-
-            if (encodingCharacters == null)
+#if NET35
+            if (string.IsNullOrEmpty(encodingCharacters) || encodingCharacters.Trim().Length == 0)
+#else
+            if (string.IsNullOrWhiteSpace(encodingCharacters))
+#endif
             {
                 encChars[0] = '^';
 
@@ -70,6 +80,16 @@ public EncodingCharacters(char fieldSeparator, string encodingCharacters)
             }
             else
             {
+                if (encodingCharacters.Any(@char => char.IsWhiteSpace(@char) || @char == char.MinValue))
+                {
+                    throw new HL7Exception("Encoding characters must be printable characters.");
+                }
+
+                if (!SupportClass.CharsAreUnique(encodingCharacters))
+                {
+                    throw new HL7Exception("Encoding characters must be unique.");
+                }
+
                 SupportClass.GetCharsFromString(encodingCharacters, 0, 4, encChars, 0);
             }
         }

src/NHapi.Base/SupportClass.cs

@@ -18,6 +18,7 @@ namespace NHapi.Base
     using System.Collections;
     using System.Globalization;
     using System.IO;
+    using System.Linq;
     using System.Reflection;
     using System.Text;
     using System.Threading;
@@ -2130,6 +2131,25 @@ public static object Pop(ArrayList stack)
             }
         }
 
+        /// <summary>
+        /// Evaluates if a string is comprised of unique characters.
+        /// </summary>
+        /// <param name="input">string to evaluate.</param>
+        /// <returns>True if all characters are unique, otherwise False.</returns>
+        /// <exception cref="ArgumentException">If <paramref name="input"/> is null or empty.</exception>
+        public static bool CharsAreUnique(string input)
+        {
+            if(string.IsNullOrEmpty(input))
+            {
+                throw new ArgumentException("Argument cannot be null or empty", nameof(input));
+            }
+
+            var chars = input.ToCharArray();
+            var distinct = chars.Distinct().ToArray();
+
+            return chars.Length == distinct.Length;
+        }
+
         /*******************************/
 
         /// <summary>

tests/NHapi.Base.NUnit/SupportClassTests.cs

@@ -0,0 +1,53 @@
+namespace NHapi.Base.NUnit
+{
+    using System;
+
+    using global::NUnit.Framework;
+
+    using NHapi.Base;
+
+    [TestFixture]
+    public class SupportClassTests
+    {
+        [TestCase("^~\\&")]
+        [TestCase("@#&^")]
+        [TestCase("1234")]
+        [TestCase("qwer")]
+        [TestCase("abcd")]
+        [TestCase("efgh")]
+        [TestCase("!\"£$")]
+        public void CharsAreUnique_InputCharsAreUnique_ReturnsTrue(string input)
+        {
+            // Arrange / Act
+            var actual = SupportClass.CharsAreUnique(input);
+
+            // Assert
+            Assert.IsTrue(actual);
+        }
+
+        [TestCase("^^^^")]
+        [TestCase("~~~~")]
+        [TestCase("^~\\\\")]
+        [TestCase("^\\&&")]
+        [TestCase("0000")]
+        [TestCase("@#$$")]
+        [TestCase("****")]
+        public void CharsAreUnique_InputCharsAreNotUnique_ReturnsFalse(string input)
+        {
+            // Arrange / Act
+            var actual = SupportClass.CharsAreUnique(input);
+
+            // Assert
+            Assert.IsFalse(actual);
+        }
+
+        [TestCase(null)]
+        [TestCase("")]
+        public void CharsAreUnique_InputIsNullOrEmpty_ThrowsArgumentException(string input)
+        {
+            // Arrange / Act / Assert
+            Assert.Throws<ArgumentException>(
+                () => SupportClass.CharsAreUnique(input));
+        }
+    }
+}

tests/NHapi.NUnit/Parser/EncodingCharactersTests.cs

@@ -25,6 +25,63 @@ public void Constructor_ValidInput_ReturnsExpectedResult(char fieldSeperator, st
             Assert.AreEqual(encodingCharacters[3], sut.SubcomponentSeparator);
         }
 
+        [TestCase(null)]
+        [TestCase("")]
+        [TestCase("\r")]
+        [TestCase("\t")]
+        [TestCase("\n")]
+        [TestCase(" ")]
+        public void Constructor_EncodingCharactersAreNullEmptyOrWhiteSpace_SetsDefaultValues(string encodingCharacters)
+        {
+            // Arrange / Act
+            var sut = new EncodingCharacters('|', encodingCharacters);
+
+            // Assert
+            Assert.AreEqual('|', sut.FieldSeparator);
+            Assert.AreEqual('^', sut.ComponentSeparator);
+            Assert.AreEqual('~', sut.RepetitionSeparator);
+            Assert.AreEqual('\\', sut.EscapeCharacter);
+            Assert.AreEqual('&', sut.SubcomponentSeparator);
+        }
+
+        [TestCase("^~\\ ")]
+        [TestCase("]@/\t")]
+        [TestCase("\"£\n*")]
+        [TestCase("\"\r£*")]
+        [TestCase("\"\0£*")]
+        public void Constructor_EncodingCharactersContainWhiteSpaceCharactersOrNullCharacter_ThrowsHl7Exception(string encodingCharacters)
+        {
+            // Arrange / Act / Assert
+            Assert.Throws<HL7Exception>(
+                () => new EncodingCharacters('|', encodingCharacters));
+        }
+
+        [TestCase("^^^^")]
+        [TestCase("~~~~")]
+        [TestCase("^~\\\\")]
+        [TestCase("^\\&&")]
+        [TestCase("0000")]
+        [TestCase("@#$$")]
+        [TestCase("****")]
+        public void Constructor_EncodingCharactersAreNotUnique_ThrowsHl7Exception(string encodingCharacters)
+        {
+            // Arrange / Act / Assert
+            Assert.Throws<HL7Exception>(
+                () => new EncodingCharacters('|', encodingCharacters));
+        }
+
+        [TestCase(' ')]
+        [TestCase('\r')]
+        [TestCase('\n')]
+        [TestCase('\t')]
+        [TestCase('\0')]
+        public void Constructor_FieldSeperatorIsWhiteSpaceOrNullCharacter_ThrowsHl7Exception(char fieldSeperator)
+        {
+            // Arrange / Act / Assert
+            Assert.Throws<HL7Exception>(
+                () => new EncodingCharacters(fieldSeperator, "^~\\&"));
+        }
+
         [TestCase('|', '^', '~', '\\', '&')]
         [TestCase('?', ']', '@', '/', '$')]
         [TestCase('>', '\\', '£', '^', '*')]

tests/NHapi.NUnit/Parser/LegacyPipeParserBadInputTests.cs

@@ -12,8 +12,8 @@
     [TestFixture]
     public class LegacyPipeParserBadInputTests
     {
-        [TestCaseSource(nameof(TestPaths), new object[] { "EncodingNotSupportedException", typeof(EncodingNotSupportedException) })]
-        [TestCaseSource(nameof(TestPaths), new object[] { "HL7Exception", typeof(HL7Exception) })]
+        [TestCaseSource(nameof(TestPaths), new object[] { nameof(EncodingNotSupportedException), typeof(EncodingNotSupportedException) })]
+        [TestCaseSource(nameof(TestPaths), new object[] { nameof(HL7Exception), typeof(HL7Exception) })]
         public void TestBadInputsThrowException(string path, Type expectedExceptionType)
         {
             // Arrange

tests/NHapi.NUnit/Parser/PipeParserBadInputTests.cs

@@ -12,8 +12,8 @@
     [TestFixture]
     public class PipeParserBadInputTests
     {
-        [TestCaseSource(nameof(TestPaths), new object[] { "EncodingNotSupportedException", typeof(EncodingNotSupportedException) })]
-        [TestCaseSource(nameof(TestPaths), new object[] { "HL7Exception", typeof(HL7Exception) })]
+        [TestCaseSource(nameof(TestPaths), new object[] { nameof(EncodingNotSupportedException), typeof(EncodingNotSupportedException) })]
+        [TestCaseSource(nameof(TestPaths), new object[] { nameof(HL7Exception), typeof(HL7Exception) })]
         public void TestBadInputsThrowException(string path, Type expectedExceptionType)
         {
             // Arrange

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/EncodingNotSupportedException/id_000213,sig_02,src_001353+000130,op_splice,rep_8

@@ -0,0 +1 @@
+MSH|0000||H|H|||||||2.80HHHHH|0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/id_000099,sig_02,src_004226+004602,op_splice,rep_4

@@ -0,0 +1 @@
+MSH|0000|||||||00|||2.7.1OBX||PPN|||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/id_000125,sig_02,src_004230+004691,op_splice,rep_16

@@ -0,0 +1 @@
+MSH|0000|||||||00|||2.7.1TXA||||||||||||||||||||||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/id_000149,sig_02,src_004338+004594,op_splice,rep_4

@@ -0,0 +1 @@
+MSH|0000|||||||00|||2.8.1OBX||PPN|||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/id_000160,sig_02,src_004804+004815,op_splice,rep_8

@@ -0,0 +1 @@
+MSH|0000|||||||00|||2.8.1TXA||||||||||||||||||||||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/id_000205,sig_02,src_001449,op_havoc,rep_2

@@ -0,0 +1 @@
+MSH|^000|||||||ADT^A03*|||2.7000|

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/so

@@ -0,0 +1 @@
+MSH|0000|||||||00|||2.8.1IN2||||||||||||||||||||||||||||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/so2

@@ -0,0 +1 @@
+MSH|0000|||||||00|||2.8.1OBX||RMC|||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/so3

@@ -0,0 +1 @@
+MSH|0000|||||||00|||2.8.1OBX||PTA|||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/so4

@@ -0,0 +1 @@
+MSH|0~00|||||||000|||2.7.1IN2||||||||||||||||||||||||||||0

tests/NHapi.NUnit/TestData/BadInputs/PipeParser/HL7Exception/so5

@@ -0,0 +1 @@
+MSH|0~00||0|||||000|||2.8.10000000000000000000000000000000000000000000000000OBX||RMC|||~