Skip to content

Commit

Permalink
JS-185 Deeply nested ASTs should be de-serialized correctly
Browse files Browse the repository at this point in the history
  • Loading branch information
@quentin-jaquier-sonarsource
quentin-jaquier-sonarsource committed Jul 26, 2024
1 parent eda39e0 commit f29e582
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion sonar-plugin/bridge/src/main/java/org/sonar/plugins/javascript/bridge/FormDataUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
*/
package org.sonar.plugins.javascript.bridge;

import com.google.protobuf.CodedInputStream;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.IOException;
import java.net.http.HttpResponse;
Expand Down Expand Up @@ -85,7 +86,9 @@ public static BridgeServer.BridgeResponse parseFormData(HttpResponse<byte[]> res
@CheckForNull
private static Node parseProtobuf(byte[] ast) throws IOException {
try {
return Node.parseFrom(ast);
CodedInputStream input = CodedInputStream.newInstance(ast, 0, ast.length);
input.setRecursionLimit(1000);
return Node.parseFrom(input);
} catch (InvalidProtocolBufferException e) {
// Failing to parse the protobuf message should not prevent the analysis from continuing.
// This also happen in the case of large recursion. See https://sonarsource.atlassian.net/browse/JS-185.
Expand Down

0 comments on commit f29e582

Please sign in to comment.