All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.thymeleaf.spring5.util.SpringStandardExpressionUtils Maven / Gradle / Ivy

Go to download

Modern server-side Java template engine for both web and standalone environments

The newest version!
/*
 * =============================================================================
 *
 *   Copyright (c) 2011-2020, The THYMELEAF team (http://www.thymeleaf.org)
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 *
 * =============================================================================
 */
package org.thymeleaf.spring5.util;

import org.thymeleaf.util.ExpressionUtils;

/**
 * 
 * @author Daniel Fernández
 * 
 * @since 3.0.12
 *
 */
public final class SpringStandardExpressionUtils {


    private static final char[] NEW_ARRAY = "wen".toCharArray(); // Inverted "new"
    private static final int NEW_LEN = NEW_ARRAY.length;
    private static final char[] PARAM_ARRAY = "marap".toCharArray(); // Inverted "param"
    private static final int PARAM_LEN = PARAM_ARRAY.length;


    public static boolean containsSpELInstantiationOrStaticOrParam(final String expression) {

        /*
         * Checks whether the expression contains instantiation of objects ("new SomeClass") or makes use of
         * static methods ("T(SomeClass)") as both are forbidden in certain contexts in restricted mode.
         */

        final String exp = ExpressionUtils.normalize(expression);

        final int explen = exp.length();
        int n = explen;
        int ni = 0; // index for computing position in the NEW_ARRAY
        int pi = 0; // index for computing position in the PARAM_ARRAY
        char c;
        while (n-- != 0) {

            c = exp.charAt(n);

            // When checking for the "new" keyword, we need to identify that it is not a part of a larger
            // identifier, i.e. there is whitespace after it and no character that might be a part of an
            // identifier before it.
            if (ni < NEW_LEN
                    && c == NEW_ARRAY[ni]
                    && (ni > 0 || ((n + 1 < explen) && Character.isWhitespace(exp.charAt(n + 1))))) {
                ni++;
                if (ni == NEW_LEN && (n == 0 || !isSafeIdentifierChar(exp.charAt(n - 1)))) {
                    return true; // we found an object instantiation
                }
                continue;
            }

            if (ni > 0) {
                // We 'restart' the matching counter just in case we had a partial match
                n += ni;
                ni = 0;
                continue;
            }

            ni = 0;

            // When checking for the "param" keyword, we need to identify that it is not a part of a larger
            // identifier.
            if (pi < PARAM_LEN
                    && c == PARAM_ARRAY[pi]
                    && (pi > 0 || ((n + 1 < explen) && !isSafeIdentifierChar(exp.charAt(n + 1))))) {
                pi++;
                if (pi == PARAM_LEN && (n == 0 || !isSafeIdentifierChar(exp.charAt(n - 1)))) {
                    return true; // we found a param access
                }
                continue;
            }

            if (pi > 0) {
                // We 'restart' the matching counter just in case we had a partial match
                n += pi;
                pi = 0;
                continue;
            }

            pi = 0;

            if (c == '(' && ((n - 1 >= 0) && isPreviousStaticMarker(exp, n))) {
                return true;
            }

        }

        return false;

    }


    private static boolean isPreviousStaticMarker(final String expression, final int idx) {
        char c,c1;
        int n = idx;
        while (n-- != 0) {
            c = expression.charAt(n);
            if (c == 'T') {
                if (n == 0) {
                    return true;
                }
                c1 = expression.charAt(n - 1);
                return !isSafeIdentifierChar(c1);
            } else if (!Character.isWhitespace(c)) {
                return false;
            }
        }
        return false;
    }


    private static boolean isSafeIdentifierChar(final char c) {
        return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '_';
    }


    private SpringStandardExpressionUtils() {
        super();
    }



}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy