-
Notifications
You must be signed in to change notification settings - Fork 1.1k
CheckCharset on PostData to prevent hanging or crashing #564
base: main
Are you sure you want to change the base?
Changes from all commits
d59b3a4
f78e544
561f7f7
d603cf3
fa44a90
43d07c5
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,22 +10,31 @@ | |
| package com.facebook.stetho.inspector.network; | ||
|
|
||
| import android.os.SystemClock; | ||
|
|
||
| import com.facebook.stetho.common.Utf8Charset; | ||
| import com.facebook.stetho.inspector.console.CLog; | ||
| import com.facebook.stetho.inspector.protocol.module.Console; | ||
| import com.facebook.stetho.inspector.protocol.module.Network; | ||
| import com.facebook.stetho.inspector.protocol.module.Page; | ||
|
|
||
| import org.json.JSONException; | ||
| import org.json.JSONObject; | ||
|
|
||
| import javax.annotation.Nonnull; | ||
| import javax.annotation.Nullable; | ||
| import java.io.IOException; | ||
| import java.io.InputStream; | ||
| import java.io.OutputStream; | ||
| import java.nio.ByteBuffer; | ||
| import java.nio.CharBuffer; | ||
| import java.nio.charset.CharacterCodingException; | ||
| import java.nio.charset.Charset; | ||
| import java.nio.charset.CharsetDecoder; | ||
| import java.nio.charset.CodingErrorAction; | ||
| import java.util.ArrayList; | ||
| import java.util.concurrent.atomic.AtomicInteger; | ||
|
|
||
| import javax.annotation.Nonnull; | ||
| import javax.annotation.Nullable; | ||
|
|
||
| /** | ||
| * Implementation of {@link NetworkEventReporter} which allows callers to inform the Stetho | ||
| * system of network traffic. Callers can safely eagerly access this class and store a | ||
|
|
@@ -39,6 +48,8 @@ public class NetworkEventReporterImpl implements NetworkEventReporter { | |
|
|
||
| private static NetworkEventReporter sInstance; | ||
|
|
||
| private static final CharsetDecoder decoder = Charset.forName(Utf8Charset.NAME).newDecoder(); | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Make this a non-static member variable and initialize it in the constructor. No need to muck up the |
||
|
|
||
| private NetworkEventReporterImpl() { | ||
| } | ||
|
|
||
|
|
@@ -49,6 +60,8 @@ private NetworkEventReporterImpl() { | |
| public static synchronized NetworkEventReporter get() { | ||
| if (sInstance == null) { | ||
| sInstance = new NetworkEventReporterImpl(); | ||
| decoder.onUnmappableCharacter(CodingErrorAction.REPORT); | ||
| decoder.onMalformedInput(CodingErrorAction.REPORT); | ||
| } | ||
| return sInstance; | ||
| } | ||
|
|
@@ -115,15 +128,29 @@ private static String readBodyAsString( | |
| InspectorRequest request) { | ||
| try { | ||
| byte[] body = request.body(); | ||
| if (body != null) { | ||
| return new String(body, Utf8Charset.INSTANCE); | ||
| if (body == null || body.length == 0) { | ||
| return ""; | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It used to return null if body was null before. Should it still? |
||
| } | ||
| try { | ||
| CharBuffer charBuffer = decoder.decode(ByteBuffer.wrap(body)); | ||
| return charBuffer.toString(); | ||
| } catch (CharacterCodingException e) { | ||
| String logMessage = "Charset in POST/PUT is not UTF-8. Data (length:"+ body.length | ||
| +") cannot be represented as a string. "; | ||
| CLog.writeToConsole( | ||
| peerManager, | ||
| Console.MessageLevel.WARNING, | ||
| Console.MessageSource.NETWORK, | ||
| logMessage + e); | ||
| return logMessage; | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hmm, I like returning the log message here, but it suggests actually that we'd be better off merging the error cases below: Then determineErrorMessage could peak and see if it's a CharsetCodingException and craft your better error message above. |
||
| } | ||
| } catch (IOException | OutOfMemoryError e) { | ||
| CLog.writeToConsole( | ||
| peerManager, | ||
| Console.MessageLevel.WARNING, | ||
| Console.MessageSource.NETWORK, | ||
| "Could not reproduce POST body: " + e); | ||
| peerManager, | ||
| Console.MessageLevel.WARNING, | ||
| Console.MessageSource.NETWORK, | ||
| "Could not reproduce POST/PUT body: " + e); | ||
|
|
||
| } | ||
| return null; | ||
| } | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You appear to have a number of unrelated changes here that should be removed. Also an aside, you don't need this SQLCipher thing directly in Stetho as you can just install your own
DatabaseDriver2implementation now (seeSqliteDatabaseDriverand work from there as needed).