From 695342cb1cef42f30fd1a8496f181c92b21ae82d Mon Sep 17 00:00:00 2001 From: Ivan Morozov Date: Tue, 15 Nov 2016 11:49:11 +0100 Subject: [PATCH 1/3] LANG-1287: RandomStringUtils#random can enter infinite loop if end parameter is to small (closes #211) 1.) Fixed possible infinite loop that can be caused by generating either digits or letters by calling with a to low end param. 2.) Added (inclusive) and (exclusive) terms to javadoc of random method --- .../apache/commons/lang3/RandomStringUtils.java | 15 +++++++++++++-- .../commons/lang3/RandomStringUtilsTest.java | 8 ++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/apache/commons/lang3/RandomStringUtils.java b/src/main/java/org/apache/commons/lang3/RandomStringUtils.java index 84b30fd64..b76e2695e 100644 --- a/src/main/java/org/apache/commons/lang3/RandomStringUtils.java +++ b/src/main/java/org/apache/commons/lang3/RandomStringUtils.java @@ -327,8 +327,8 @@ public class RandomStringUtils { * and predictably.

* * @param count the length of random string to create - * @param start the position in set of chars to start at - * @param end the position in set of chars to end before + * @param start the position in set of chars to start at (inclusive) + * @param end the position in set of chars to end before (exclusive) * @param letters only allow letters? * @param numbers only allow numbers? * @param chars the set of chars to choose randoms from, must not be empty. @@ -368,6 +368,17 @@ public class RandomStringUtils { } } + final int zero_digit_ascii = 48; + final int first_letter_ascii = 65; + + if (chars == null) { + if (numbers && end <= zero_digit_ascii + || letters && end <= first_letter_ascii) { + throw new IllegalArgumentException("Parameter end (" + end + ") must be greater then (" + zero_digit_ascii + ") for generating digits " + + "or greater then (" + first_letter_ascii + ") for generating letters."); + } + } + final char[] buffer = new char[count]; final int gap = end - start; diff --git a/src/test/java/org/apache/commons/lang3/RandomStringUtilsTest.java b/src/test/java/org/apache/commons/lang3/RandomStringUtilsTest.java index 28c014b87..4aff749f7 100644 --- a/src/test/java/org/apache/commons/lang3/RandomStringUtilsTest.java +++ b/src/test/java/org/apache/commons/lang3/RandomStringUtilsTest.java @@ -206,6 +206,14 @@ public class RandomStringUtilsTest { RandomStringUtils.random(-1, 'a', 'z', false, false, DUMMY, new Random()); fail(); } catch (final IllegalArgumentException ex) {} + try { + RandomStringUtils.random(8, 32, 48, false, true); + fail(); + } catch (final IllegalArgumentException ex) {} + try { + RandomStringUtils.random(8, 32, 65, true, false); + fail(); + } catch (final IllegalArgumentException ex) {} } /** From d2cc78e2dd2b7ad0171a15df9704fa4fc4f28cc3 Mon Sep 17 00:00:00 2001 From: pascalschumacher Date: Fri, 18 Nov 2016 16:50:30 +0100 Subject: [PATCH 2/3] LANG-1287: RandomStringUtils#random can enter infinite loop if end parameter is to small add changes.xml entry --- src/changes/changes.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 632414767..63a94a318 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -46,6 +46,7 @@ The type attribute can be add,update,fix,remove. + RandomStringUtils#random can enter infinite loop if end parameter is to small NullPointerException in FastDateParser$TimeZoneStrategy Javadoc of StringUtils.ordinalIndexOf is contradictory. Wrong name or result of StringUtils#getJaroWinklerDistance From b6d35656f4b0dde16c2e6e5a04c1487e244708a8 Mon Sep 17 00:00:00 2001 From: pascalschumacher Date: Thu, 3 Nov 2016 22:18:41 +0100 Subject: [PATCH 3/3] StringUtils: mention in javadoc that Character#isWhitespace(char) defines which characters are considered whitespace (closes #206) --- .../org/apache/commons/lang3/StringUtils.java | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/apache/commons/lang3/StringUtils.java b/src/main/java/org/apache/commons/lang3/StringUtils.java index c134e7bf7..c5038f534 100644 --- a/src/main/java/org/apache/commons/lang3/StringUtils.java +++ b/src/main/java/org/apache/commons/lang3/StringUtils.java @@ -310,6 +310,8 @@ public class StringUtils { /** *

Checks if a CharSequence is whitespace, empty ("") or null.

+ * + *

Whitespace is defined by {@link Character#isWhitespace(char)}.

* * 
      * StringUtils.isBlank(null)      = true
@@ -339,6 +341,8 @@ public class StringUtils {
 
     /**
      * 
Checks if a CharSequence is not empty (""), not null and not whitespace only.

+     * 
+     * 
Whitespace is defined by {@link Character#isWhitespace(char)}.

      *
      * 
      * StringUtils.isNotBlank(null)      = false
@@ -360,6 +364,8 @@ public class StringUtils {
 
     /**
      * 
Checks if any one of the CharSequences are blank ("") or null and not whitespace only.

+     * 
+     * 
Whitespace is defined by {@link Character#isWhitespace(char)}.

      *
      * 
      * StringUtils.isAnyBlank(null)             = true
@@ -390,6 +396,8 @@ public class StringUtils {
 
     /**
      * 
Checks if any one of the CharSequences are not blank ("") or null and not whitespace only.

+     * 
+     * 
Whitespace is defined by {@link Character#isWhitespace(char)}.

      *
      * 
      * StringUtils.isAnyNotBlank(null)             = false
@@ -420,6 +428,8 @@ public class StringUtils {
 
     /**
      * 
Checks if none of the CharSequences are blank ("") or null and whitespace only.

+     * 
+     * 
Whitespace is defined by {@link Character#isWhitespace(char)}.

      *
      * 
      * StringUtils.isNoneBlank(null)             = false
@@ -1926,11 +1936,13 @@ public class StringUtils {
     }
 
     /**
-     * Check whether the given CharSequence contains any whitespace characters.
+     * 
Check whether the given CharSequence contains any whitespace characters.

+     * 
+     * 
Whitespace is defined by {@link Character#isWhitespace(char)}.

+     * 
      * @param seq the CharSequence to check (may be {@code null})
      * @return {@code true} if the CharSequence is not empty and
-     * contains at least 1 whitespace character
-     * @see java.lang.Character#isWhitespace
+     * contains at least 1 (breaking) whitespace character
      * @since 3.0
      */
     // From org.springframework.util.StringUtils, under Apache License 2.0
@@ -7073,6 +7085,8 @@ public class StringUtils {
 
     /**
      * 
Checks if the CharSequence contains only whitespace.

+     * 
+     * 
Whitespace is defined by {@link Character#isWhitespace(char)}.

      *
      * 
{@code null} will return {@code false}.
      * An empty CharSequence (length()=0) will return {@code true}.

@@ -7220,6 +7234,8 @@ public class StringUtils {
     /**
      * 
Returns either the passed in CharSequence, or if the CharSequence is
      * whitespace, empty ("") or {@code null}, the value of {@code defaultStr}.

+     * 
+     * 
Whitespace is defined by {@link Character#isWhitespace(char)}.

      *
      * 
      * StringUtils.defaultIfBlank(null, "NULL")  = "NULL"