From c258290178f35d1f7cca664ab2b20dbd72c3e304 Mon Sep 17 00:00:00 2001
From: Woder <17339354+wode490390@users.noreply.github.com>
Date: Sat, 2 Sep 2023 13:11:11 +0800
Subject: [PATCH] Add trusted common JSON mapper
---
pom.xml | 2 +-
src/main/java/cn/nukkit/block/Block.java | 2 +-
src/main/java/cn/nukkit/level/Level.java | 4 ++--
src/main/java/cn/nukkit/plugin/PluginBase.java | 2 ++
src/main/java/cn/nukkit/plugin/PluginDescription.java | 2 ++
.../java/cn/nukkit/resourcepacks/PackManifest.java | 2 +-
src/main/java/cn/nukkit/utils/Config.java | 2 ++
src/main/java/cn/nukkit/utils/JsonUtil.java | 11 +++++++++++
8 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/pom.xml b/pom.xml
index e723ad04d8f..d2150f8a406 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
UTF-8
5.10.0
2.20.0
- 2.14.3
+ 2.15.2
3.23.0
../../_api
diff --git a/src/main/java/cn/nukkit/block/Block.java b/src/main/java/cn/nukkit/block/Block.java
index 6eb490a290f..8ae011d3cea 100644
--- a/src/main/java/cn/nukkit/block/Block.java
+++ b/src/main/java/cn/nukkit/block/Block.java
@@ -126,7 +126,7 @@ public static void init() {
BlockEntry[] propertiesTable; // auto-generated
try (InputStream stream = Server.class.getClassLoader().getResourceAsStream("block_properties_table.json")) {
- propertiesTable = JsonUtil.COMMON_JSON_MAPPER.readValue(stream, BlockEntry[].class);
+ propertiesTable = JsonUtil.TRUSTED_JSON_MAPPER.readValue(stream, BlockEntry[].class);
} catch (NullPointerException | IOException e) {
throw new AssertionError("Unable to load block_properties_table.json", e);
}
diff --git a/src/main/java/cn/nukkit/level/Level.java b/src/main/java/cn/nukkit/level/Level.java
index 3f0bcb25167..41613dafdd1 100644
--- a/src/main/java/cn/nukkit/level/Level.java
+++ b/src/main/java/cn/nukkit/level/Level.java
@@ -3119,7 +3119,7 @@ public int getBiomeId(int x, int z) {
}
public void setBiomeId(int x, int z, int biomeId) {
- this.getChunk(x >> 4, z >> 4, true).setBiomeId(x & 0x0f, z & 0x0f, biomeId & 0x0f);
+ this.getChunk(x >> 4, z >> 4, true).setBiomeId(x & 0x0f, z & 0x0f, biomeId);
}
public int getHeightMap(int x, int z) {
@@ -3127,7 +3127,7 @@ public int getHeightMap(int x, int z) {
}
private void setHeightMap(int x, int z, int value) {
- this.getChunk(x >> 4, z >> 4, true).setHeightMap(x & 0x0f, z & 0x0f, value & 0x0f);
+ this.getChunk(x >> 4, z >> 4, true).setHeightMap(x & 0x0f, z & 0x0f, value);
}
public Map getChunks() {
diff --git a/src/main/java/cn/nukkit/plugin/PluginBase.java b/src/main/java/cn/nukkit/plugin/PluginBase.java
index 7fdefbadb45..fb64a8fa40a 100644
--- a/src/main/java/cn/nukkit/plugin/PluginBase.java
+++ b/src/main/java/cn/nukkit/plugin/PluginBase.java
@@ -239,6 +239,8 @@ public void reloadConfig() {
if (configStream != null) {
LoadSettings settings = LoadSettings.builder()
.setParseComments(false)
+ .setMaxAliasesForCollections(Integer.MAX_VALUE)
+ .setCodePointLimit(Integer.MAX_VALUE)
.build();
Load yaml = new Load(settings);
try {
diff --git a/src/main/java/cn/nukkit/plugin/PluginDescription.java b/src/main/java/cn/nukkit/plugin/PluginDescription.java
index d3cd1adcd11..cf359d786bc 100644
--- a/src/main/java/cn/nukkit/plugin/PluginDescription.java
+++ b/src/main/java/cn/nukkit/plugin/PluginDescription.java
@@ -125,6 +125,8 @@ public PluginDescription(Map yamlMap) {
public PluginDescription(String yamlString) {
LoadSettings settings = LoadSettings.builder()
.setParseComments(false)
+ .setMaxAliasesForCollections(Integer.MAX_VALUE)
+ .setCodePointLimit(Integer.MAX_VALUE)
.build();
Load yaml = new Load(settings);
this.loadMap((Map) yaml.loadFromString(yamlString));
diff --git a/src/main/java/cn/nukkit/resourcepacks/PackManifest.java b/src/main/java/cn/nukkit/resourcepacks/PackManifest.java
index 1c58c24f4f2..ce68e361020 100644
--- a/src/main/java/cn/nukkit/resourcepacks/PackManifest.java
+++ b/src/main/java/cn/nukkit/resourcepacks/PackManifest.java
@@ -29,7 +29,7 @@ public class PackManifest {
private List subpacks = Collections.emptyList();
public static PackManifest load(InputStream stream) throws IOException {
- return JsonUtil.COMMON_JSON_MAPPER.readValue(stream, PackManifest.class);
+ return JsonUtil.TRUSTED_JSON_MAPPER.readValue(stream, PackManifest.class);
}
public boolean isValid() {
diff --git a/src/main/java/cn/nukkit/utils/Config.java b/src/main/java/cn/nukkit/utils/Config.java
index 61b87cbf7a9..57c787a37f1 100644
--- a/src/main/java/cn/nukkit/utils/Config.java
+++ b/src/main/java/cn/nukkit/utils/Config.java
@@ -560,6 +560,8 @@ private void parseContent(String content) {
case Config.YAML:
LoadSettings settings = LoadSettings.builder()
.setParseComments(false)
+ .setMaxAliasesForCollections(Integer.MAX_VALUE)
+ .setCodePointLimit(Integer.MAX_VALUE)
.build();
Load yaml = new Load(settings);
this.config = new ConfigSection((LinkedHashMap) yaml.loadFromString(content));
diff --git a/src/main/java/cn/nukkit/utils/JsonUtil.java b/src/main/java/cn/nukkit/utils/JsonUtil.java
index 2126d4f841e..291e6b44499 100644
--- a/src/main/java/cn/nukkit/utils/JsonUtil.java
+++ b/src/main/java/cn/nukkit/utils/JsonUtil.java
@@ -1,5 +1,6 @@
package cn.nukkit.utils;
+import com.fasterxml.jackson.core.StreamReadConstraints;
import com.fasterxml.jackson.core.json.JsonReadFeature;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
@@ -13,4 +14,14 @@ public class JsonUtil {
.addModule(new Jdk8Module())
.addModule(new GuavaModule())
.build();
+ public static final JsonMapper TRUSTED_JSON_MAPPER = COMMON_JSON_MAPPER.copy();
+
+ static {
+ TRUSTED_JSON_MAPPER.getFactory()
+ .setStreamReadConstraints(StreamReadConstraints.builder()
+ .maxNestingDepth(Integer.MAX_VALUE)
+ .maxNumberLength(Integer.MAX_VALUE)
+ .maxStringLength(Integer.MAX_VALUE)
+ .build());
+ }
}