Taybou created UNOMI-452:
----------------------------
Summary: Improve the parser in the ActionExecutorDispatcher class
Key: UNOMI-452
URL: https://issues.apache.org/jira/browse/UNOMI-452
Project: Apache Unomi
Issue Type: Improvement
Reporter: Taybou
Improve the parser in the ActionExecutorDispatcher class
{code:java}
while (s.contains(PLACEHOLDER_PREFIX)) {
String substring =
s.substring(s.indexOf(PLACEHOLDER_PREFIX) + 2, s.indexOf(PLACEHOLDER_SUFFIX));
Object v = extractValue(substring, event);
if (v != null) {
s = s.replace(PLACEHOLDER_PREFIX + substring +
PLACEHOLDER_SUFFIX, v.toString());
} else {
break;
}
}
value = s;
{code}
Should check:
- What happens if the PLACEHOLDER_SUFFIX is not found, does it raise an
exception because indexOf is < 0 ?
- We should check the value to make sure it doesn't have any PLACEHOLDER_PREFIX
in which case we might need to encode it somehow, otherwise this could lead to
a security vulnerability as attackers could inject expressions that could ready
any data.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
