-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: various minor improvements (PR #1418)
* chore: better variable naming for getInstance calls * chore: rebalance preferences window and fix empty plugins section directly after jadx-gui start * chore: do not ask for project save if nothing had been changed * use parallel mode for gradle * minor improvements for app debugging * apply CodeQL suggestion to prevent log injection * handle IntelliJ Idea warnings * replace not-ASCII chars in LogUtils.escape Co-authored-by: Skylot <skylot@gmail.com>
- Loading branch information
Showing
15 changed files
with
193 additions
and
88 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
org.gradle.warning.mode=all | ||
org.gradle.parallel=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package jadx.core.utils.log; | ||
|
||
import java.nio.charset.StandardCharsets; | ||
import java.util.regex.Pattern; | ||
|
||
/** | ||
* Escape input from untrusted source before pass to logger. | ||
* Suggested by CodeQL: https://codeql.github.com/codeql-query-help/java/java-log-injection/ | ||
*/ | ||
public class LogUtils { | ||
|
||
private static final Pattern ALFA_NUMERIC = Pattern.compile("\\w*"); | ||
|
||
public static String escape(String input) { | ||
if (input == null) { | ||
return "null"; | ||
} | ||
if (ALFA_NUMERIC.matcher(input).matches()) { | ||
return input; | ||
} | ||
return input.replaceAll("\\W", "."); | ||
} | ||
|
||
public static String escape(byte[] input) { | ||
if (input == null) { | ||
return "null"; | ||
} | ||
return escape(new String(input, StandardCharsets.UTF_8)); | ||
} | ||
} |
13 changes: 13 additions & 0 deletions
13
jadx-core/src/test/java/jadx/core/utils/log/LogUtilsTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package jadx.core.utils.log; | ||
|
||
import org.junit.jupiter.api.Test; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
|
||
class LogUtilsTest { | ||
|
||
@Test | ||
void escape() { | ||
assertThat(LogUtils.escape("Guest'%0AUser:'Admin")).isEqualTo("Guest..0AUser..Admin"); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.