github/Discord.Net
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce a maximum value when parsing unix timestamps (#981)

Browse Source 
* UnixTimestampConverter should now obey a maximum value

This change prevents an issue where the converter would be unable to
handle obscenely large timestamp values - which are actually quite
common on Discord.

OptionalConverter had to be rewritten to support checking whether or not
an InnerConverter returned an Optional. The perf impacts from this
_shouldn't_ be too bad, as types without a custom parser (which should
be the majority of Optionals in the lib) will bypass the type-check.

* optimizations on OptionalConverter
This commit is contained in:
Christopher F
2018-03-18 16:22:27 -04:00
committed by GitHub
parent 02c650773d
commit bfaa6fc97a
2 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Discord.Net.Rest/Net/Converters/OptionalConverter.cs
View File

@@ -1,4 +1,4 @@
using Newtonsoft.Json; using Newtonsoft.Json;
using System; using System;
namespace Discord.Net.Converters namespace Discord.Net.Converters
@@ -19,10 +19,18 @@ namespace Discord.Net.Converters
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{ {
T obj; T obj;
// custom converters need to be able to safely fail; move this check in here to prevent wasteful casting when parsing primitives
if (_innerConverter != null) if (_innerConverter != null)
obj = (T)_innerConverter.ReadJson(reader, typeof(T), null, serializer); {
object o = _innerConverter.ReadJson(reader, typeof(T), null, serializer);
if (o is Optional<T>)
return o;
obj = (T)o;
}
else else
obj = serializer.Deserialize<T>(reader); obj = serializer.Deserialize<T>(reader);
return new Optional<T>(obj); return new Optional<T>(obj);
} }

17
src/Discord.Net.Rest/Net/Converters/UnixTimestampConverter.cs
View File

@@ -1,4 +1,4 @@
using System; using System;
using Newtonsoft.Json; using Newtonsoft.Json;
namespace Discord.Net.Converters namespace Discord.Net.Converters
@@ -11,13 +11,18 @@ namespace Discord.Net.Converters
public override bool CanRead => true; public override bool CanRead => true;
public override bool CanWrite => true; public override bool CanWrite => true;
// 1e13 unix ms = year 2286
// necessary to prevent discord.js from sending values in the e15 and overflowing a DTO
private const long MaxSaneMs = 1_000_000_000_000_0;
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{ {
// Discord doesn't validate if timestamps contain decimals or not // Discord doesn't validate if timestamps contain decimals or not, and they also don't validate if timestamps are reasonably sized
if (reader.Value is double d) if (reader.Value is double d && d < MaxSaneMs)
return new DateTimeOffset(1970, 1, 1, 0, 0, 0, 0, TimeSpan.Zero).AddMilliseconds(d); return new DateTimeOffset(1970, 1, 1, 0, 0, 0, 0, TimeSpan.Zero).AddMilliseconds(d);
long offset = (long)reader.Value; else if (reader.Value is long l && l < MaxSaneMs)
return new DateTimeOffset(1970, 1, 1, 0, 0, 0, 0, TimeSpan.Zero).AddMilliseconds(offset); return new DateTimeOffset(1970, 1, 1, 0, 0, 0, 0, TimeSpan.Zero).AddMilliseconds(l);
return Optional<DateTimeOffset>.Unspecified;
} }
public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer) public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
@@ -25,4 +30,4 @@ namespace Discord.Net.Converters
throw new NotImplementedException(); throw new NotImplementedException();
} }
} }
} }