Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syntax: Reject semver version individual parts in strings #14886

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
+29 −1
Open

syntax: Reject semver version individual parts in strings #14886

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ae428cd
syntax: Reject semver version individual parts in strings
Xanewok Feb 26, 2024
fc93da2
Add tests
Xanewok Feb 26, 2024
957b1ed
fix: Handle properly m_pos pointing after the last part after parsing
Xanewok Feb 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 14 additions & 0 deletions liblangutil/SemVerHandler.cpp
View file
Open in desktop
Expand Up @@ -240,6 +240,8 @@ SemVerMatchExpression::MatchComponent SemVerMatchExpressionParser::parseMatchCom
component.prefix = Token::Assign;
}

auto const partsStartPos = m_pos;

component.levelsPresent = 0;
while (component.levelsPresent < 3)
{
Expand All @@ -250,6 +252,18 @@ SemVerMatchExpression::MatchComponent SemVerMatchExpressionParser::parseMatchCom
else
break;
}

// Validate that the parsed version parts are either a single string literal or multiple bare tokens,
// i.e. "1.2.3" or 1.2.3 but not 1."2.3", "1".2.3 or 1"."2.3.
auto const partsEndPos = m_pos; // Points *after* the last version part
for (auto i = partsStartPos; i < partsEndPos; ++i)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you even this loop and the positional tracking? I think you can have a counter/boolean in the above while loop, and check whether currentToken() == Token::StringLiteral, and then error out as soon as you have more than 1?

{
if (m_tokens[i] == Token::StringLiteral && partsStartPos != partsEndPos - 1)
{
solThrow(SemVerError, "String literals are only allowed as the only component in a version pragma.");
}
Comment on lines +261 to +264
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also a side note - our style is to not use scoping braces {} in conditional/loop blocks if they're one liners, i.e., this if block would turn into:

Suggested change
if (m_tokens[i] == Token::StringLiteral && partsStartPos != partsEndPos - 1)
{
solThrow(SemVerError, "String literals are only allowed as the only component in a version pragma.");
}
if (m_tokens[i] == Token::StringLiteral && partsStartPos != partsEndPos - 1)
solThrow(SemVerError, "String literals are only allowed as the only component in a version pragma.");

}

// TODO we do not support pre and build version qualifiers for now in match expressions
// (but we do support them in the actual versions)
return component;
Expand Down
2 changes: 1 addition & 1 deletion libsolidity/ast/AST.h
View file
Open in desktop
Expand Up @@ -312,7 +312,7 @@ class Declaration: public ASTNode, public Scopable
};

/**
* Pragma directive, only version requirements in the form `pragma solidity "^0.4.0";` are
* Pragma directive, only version requirements in the form `pragma solidity ^"0.4.0";` are
* supported for now.
*/
class PragmaDirective: public ASTNode
Expand Down
3 changes: 3 additions & 0 deletions test/libsolidity/syntaxTests/pragma/broken_version_strings_digit.sol
View file
Open in desktop
@@ -0,0 +1,3 @@
pragma solidity ^"0"."8"."2";
// ----
// ParserError 1684: (0-29): Invalid version pragma. String literals are only allowed as the only component in a version pragma.
3 changes: 3 additions & 0 deletions test/libsolidity/syntaxTests/pragma/broken_version_strings_dots.sol
View file
Open in desktop
@@ -0,0 +1,3 @@
pragma solidity ^ 0 "." 8 "." 2;
// ----
// ParserError 1684: (0-32): Invalid version pragma. String literals are only allowed as the only component in a version pragma.
3 changes: 3 additions & 0 deletions test/libsolidity/syntaxTests/pragma/broken_version_strings_part.sol
View file
Open in desktop
@@ -0,0 +1,3 @@
pragma solidity ^ 0."8.0";
// ----
// ParserError 1684: (0-26): Invalid version pragma. String literals are only allowed as the only component in a version pragma.
3 changes: 3 additions & 0 deletions test/libsolidity/syntaxTests/pragma/broken_version_strings_prefix.sol
View file
Open in desktop
@@ -0,0 +1,3 @@
pragma solidity "^0.8.0";
// ----
// ParserError 1684: (0-25): Invalid version pragma. Expected the start of a version number but instead found character '^'. Version number is invalid or the pragma is not terminated with a semicolon.
1 change: 1 addition & 0 deletions test/libsolidity/syntaxTests/pragma/version_component_string_mixed.sol
View file
Open in desktop
@@ -0,0 +1 @@
pragma solidity >= 0.0 <= "123456";
1 change: 1 addition & 0 deletions test/libsolidity/syntaxTests/pragma/version_component_string_prefix.sol
View file
Open in desktop
@@ -0,0 +1 @@
pragma solidity <= "123456";