Skip to content

Commit 1439300

Browse files
aitnitishshelageaitnitishshelage
authored
Merge pull request #71 from yuzawa-san/fibonacci-limit
Enforce limits on ranges
2 parents 28d8dd5 + 8a5dd47 commit 1439300

File tree

6 files changed

+56
-0
lines changed

6 files changed

+56
-0
lines changed

iabgpp-encoder/src/main/java/com/iab/gpp/encoder/datatype/encoder/FibonacciIntegerEncoder.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,11 @@ public static String encode(int value) {
3939
}
4040

4141
public static int decode(String bitString) throws DecodingException {
42+
// enforce a length restriction to avoid overflows
43+
// 2^16 has a bit string length of 24
44+
if (bitString.length() > 24) {
45+
throw new DecodingException("FibonacciInteger too long");
46+
}
4247
if (!BITSTRING_VERIFICATION_PATTERN.matcher(bitString).matches() || bitString.length() < 2
4348
|| bitString.indexOf("11") != bitString.length() - 2) {
4449
throw new DecodingException("Undecodable FibonacciInteger '" + bitString + "'");

iabgpp-encoder/src/main/java/com/iab/gpp/encoder/datatype/encoder/FibonacciIntegerRangeEncoder.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,16 @@
33
import java.util.ArrayList;
44
import java.util.Collections;
55
import java.util.List;
6+
import java.util.logging.Logger;
67
import java.util.regex.Pattern;
78
import com.iab.gpp.encoder.error.DecodingException;
89

910
public class FibonacciIntegerRangeEncoder {
1011

12+
private static final Logger LOGGER = Logger.getLogger(FibonacciIntegerRangeEncoder.class.getName());
13+
// NOTE: This is a value roughly the 2x the size of this list
14+
// https://tools.iabtechlab.com/transparencycenter/explorer/business/gpp
15+
static final int MAX_SIZE = 8192;
1116
private static Pattern BITSTRING_VERIFICATION_PATTERN = Pattern.compile("^[0-1]*$", Pattern.CASE_INSENSITIVE);
1217

1318
public static String encode(List<Integer> value) {
@@ -70,13 +75,21 @@ public static List<Integer> decode(String bitString) throws DecodingException {
7075
offset = end;
7176
startIndex = index + 2;
7277

78+
if (value.size() + (end - start) > MAX_SIZE) {
79+
LOGGER.warning("FibonacciIntegerRange has too many values");
80+
break;
81+
}
7382
for (int j = start; j <= end; j++) {
7483
value.add(j);
7584
}
7685
} else {
7786
int index = bitString.indexOf("11", startIndex);
7887
int val = FibonacciIntegerEncoder.decode(bitString.substring(startIndex, index + 2)) + offset;
7988
offset = val;
89+
if (value.size() == MAX_SIZE) {
90+
LOGGER.warning("FibonacciIntegerRange has too many values");
91+
break;
92+
}
8093
value.add(val);
8194
startIndex = index + 2;
8295
}

iabgpp-encoder/src/main/java/com/iab/gpp/encoder/datatype/encoder/FixedIntegerRangeEncoder.java

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,16 @@
33
import java.util.ArrayList;
44
import java.util.Collections;
55
import java.util.List;
6+
import java.util.logging.Logger;
67
import java.util.regex.Pattern;
78
import com.iab.gpp.encoder.error.DecodingException;
89

910
public class FixedIntegerRangeEncoder {
1011

12+
private static final Logger LOGGER = Logger.getLogger(FixedIntegerRangeEncoder.class.getName());
13+
// NOTE: This is a value roughly the 2x the size of this list
14+
// https://tools.iabtechlab.com/transparencycenter/explorer/business/gpp
15+
private static final int MAX_SIZE = 8192;
1116
private static Pattern BITSTRING_VERIFICATION_PATTERN = Pattern.compile("^[0-1]*$", Pattern.CASE_INSENSITIVE);
1217

1318
public static String encode(List<Integer> value) {
@@ -58,11 +63,22 @@ public static List<Integer> decode(String bitString) throws DecodingException {
5863
int end = FixedIntegerEncoder.decode(bitString.substring(startIndex, startIndex + 16));
5964
startIndex += 16;
6065

66+
if (end < start) {
67+
throw new DecodingException("FixedIntegerRange has invalid range");
68+
}
69+
if (value.size() + (end - start) > MAX_SIZE) {
70+
LOGGER.warning("FixedIntegerRange has too many values");
71+
break;
72+
}
6173
for (int j = start; j <= end; j++) {
6274
value.add(j);
6375
}
6476
} else {
6577
int val = FixedIntegerEncoder.decode(bitString.substring(startIndex, startIndex + 16));
78+
if (value.size() == MAX_SIZE) {
79+
LOGGER.warning("FixedIntegerRange has too many values");
80+
break;
81+
}
6682
value.add(val);
6783
startIndex += 16;
6884
}

iabgpp-encoder/src/test/java/com/iab/gpp/encoder/datatype/encoder/FibonacciIntegerEncoderTest.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
package com.iab.gpp.encoder.datatype.encoder;
22

3+
import static org.junit.jupiter.api.Assertions.assertThrows;
34
import org.junit.jupiter.api.Assertions;
45
import org.junit.jupiter.api.Test;
56
import com.iab.gpp.encoder.error.DecodingException;
@@ -100,4 +101,9 @@ public void testDecode10() {
100101
}
101102
}
102103

104+
@Test
105+
public void testDecodeTooLarge() {
106+
String large = FibonacciIntegerEncoder.encode(2 << 17);
107+
assertThrows(DecodingException.class, () -> FibonacciIntegerEncoder.decode(large));
108+
}
103109
}

iabgpp-encoder/src/test/java/com/iab/gpp/encoder/datatype/encoder/FibonacciIntegerRangeEncoderTest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
11
package com.iab.gpp.encoder.datatype.encoder;
22

3+
import static org.junit.jupiter.api.Assertions.assertThrows;
34
import java.util.ArrayList;
45
import java.util.Arrays;
6+
import java.util.List;
57
import org.junit.jupiter.api.Assertions;
68
import org.junit.jupiter.api.Test;
79
import com.iab.gpp.encoder.error.DecodingException;
@@ -96,4 +98,10 @@ public void testDecode8() {
9698

9799
}
98100
}
101+
102+
@Test
103+
public void testGiantRange() {
104+
String max = FibonacciIntegerEncoder.encode(FibonacciIntegerRangeEncoder.MAX_SIZE + 1);
105+
Assertions.assertEquals(List.of(), FibonacciIntegerRangeEncoder.decode("000000000001111" + max));
106+
}
99107
}

iabgpp-encoder/src/test/java/com/iab/gpp/encoder/datatype/encoder/FixedIntegerRangeEncoderTest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
11
package com.iab.gpp.encoder.datatype.encoder;
22

3+
import static org.junit.jupiter.api.Assertions.assertThrows;
34
import java.util.ArrayList;
45
import java.util.Arrays;
6+
import java.util.List;
57
import org.junit.jupiter.api.Assertions;
68
import org.junit.jupiter.api.Test;
79
import com.iab.gpp.encoder.error.DecodingException;
@@ -126,4 +128,10 @@ public void testDecode10() {
126128

127129
}
128130
}
131+
132+
@Test
133+
public void testGiantRange() {
134+
String max = FibonacciIntegerEncoder.encode(FibonacciIntegerRangeEncoder.MAX_SIZE + 1);
135+
Assertions.assertEquals(List.of(), FixedIntegerRangeEncoder.decode("00000000000110000000000000001" + max));
136+
}
129137
}

0 commit comments

Comments
 (0)