dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 16753: Validation, adding check for max and min values for integers and numerics. This to avoid potentia...

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Fri, 19 Sep 2014 13:36:27 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 16753
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-09-19 15:35:52 +0200
message:
  Validation, adding check for max and min values for integers and numerics. This to avoid potential buffer overflows when parsing data values.
modified:
  dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/MathUtils.java
  dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/MathUtilsTest.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/MathUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/MathUtils.java	2014-07-27 16:58:03 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/MathUtils.java	2014-09-19 13:35:52 +0000
@@ -34,6 +34,8 @@
 import java.util.Random;
 import java.util.regex.Pattern;
 
+import org.apache.commons.validator.routines.DoubleValidator;
+import org.apache.commons.validator.routines.IntegerValidator;
 import org.hisp.dhis.datavalue.DataValue;
 import org.hisp.dhis.expression.Operator;
 import org.nfunk.jep.JEP;
@@ -45,6 +47,9 @@
 {
     public static final Double ZERO = new Double( 0 );
     
+    private static DoubleValidator DOUBLE_VALIDATOR = new DoubleValidator();
+    private static IntegerValidator INT_VALIDATOR = new IntegerValidator();
+    
     private static final double TOLERANCE = 0.01; 
     
     public static final String NUMERIC_REGEXP = "^(-?0|-?[1-9]\\d*)(\\.\\d+)?(E\\d+)?$";
@@ -301,7 +306,7 @@
      */
     public static boolean isNumeric( String value )
     {
-        return value != null && NUMERIC_PATTERN.matcher( value ).matches();
+        return value != null && DOUBLE_VALIDATOR.isValid( value ) && NUMERIC_PATTERN.matcher( value ).matches();
     }
 
     /**
@@ -313,7 +318,7 @@
      */
     public static boolean isNumericLenient( String value )
     {
-        return value != null && NUMERIC_LENIENT_PATTERN.matcher( value ).matches();
+        return value != null && DOUBLE_VALIDATOR.isValid( value ) && NUMERIC_LENIENT_PATTERN.matcher( value ).matches();
     }
     
     /**
@@ -363,7 +368,7 @@
      */
     public static boolean isInteger( String value )
     {
-        return value != null && INT_PATTERN.matcher( value ).matches();
+        return value != null && INT_VALIDATOR.isValid( value ) && INT_PATTERN.matcher( value ).matches();
     }
 
     /**
@@ -376,7 +381,7 @@
      */
     public static boolean isPositiveInteger( String value )
     {
-        return value != null && POSITIVE_INT_PATTERN.matcher( value ).matches();
+        return value != null && INT_VALIDATOR.isValid( value ) && POSITIVE_INT_PATTERN.matcher( value ).matches();
     }    
     
     /**
@@ -389,7 +394,7 @@
      */
     public static boolean isZeroOrPositiveInteger( String value )
     {
-        return value != null && POSITIVE_OR_ZERO_INT_PATTERN.matcher( value ).matches();
+        return value != null && INT_VALIDATOR.isValid( value ) && POSITIVE_OR_ZERO_INT_PATTERN.matcher( value ).matches();
     }
 
     /**
@@ -402,7 +407,7 @@
      */
     public static boolean isNegativeInteger( String value )
     {
-        return value != null && NEGATIVE_INT_PATTERN.matcher( value ).matches();
+        return value != null && INT_VALIDATOR.isValid( value ) && NEGATIVE_INT_PATTERN.matcher( value ).matches();
     }
 
     /**

=== modified file 'dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/MathUtilsTest.java'
--- dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/MathUtilsTest.java	2014-07-21 09:45:25 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/test/java/org/hisp/dhis/system/util/MathUtilsTest.java	2014-09-19 13:35:52 +0000
@@ -215,6 +215,7 @@
         assertFalse( MathUtils.isInteger( " 1" ) );
         assertFalse( MathUtils.isInteger( "1 " ) );
         assertFalse( MathUtils.isInteger( "1.2345" ) );
+        assertFalse( MathUtils.isInteger( "12147483647" ) );
     }
 
     @Test