[
https://issues.apache.org/jira/browse/LANG-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhongxin Yan updated LANG-1774:
-------------------------------
Component/s: lang.*
Affects Version/s: 3.17.0
Description:
{code:java}
// code placeholder
{code}
@Test
public void getShortCanonicalName(){
String a = ClassUtils.getShortCanonicalName("[[");
String b = ClassUtils.getShortCanonicalName("[[L");
String c = ClassUtils.getShortCanonicalName("[IPackageName.TestClassUtils");
System.out.println("a="+a+" b="+b+" c="+c);
}
output result: a=][][] b=][][] c=int[]
----------------------------------------------------------------
The method comment of ClassUtils.getShortCanonicalName(final String
canonicalName) states "The string passed in is assumed to be a class name - it
is not checked". However, when the input parameter canonicalName does not
conform to the JVM class name specification, the behavior of the
getShortCanonicalName method may be unpredictable, which may produce misleading
results for developers, for example, returning "][][]", which is obviously not
a reasonable result. Developers may expect the method to handle more edge
cases, or at least give a more reasonable response to obviously wrong input,
such as returning an empty string or throwing an exception.
Suggestions:
1. Input validation: Add a check inside the ClassUtils.getShortCanonicalName or
getCanonicalName(String className) method to check whether the input string
conforms to the JVM class name specification. For illegal input, you can throw
`IllegalArgumentException` or return an empty string to avoid misleading
results, such as "][][]".
2. Update the document: Make it clear that the method is only applicable to
input that conforms to the JVM class name specification, and remind the caller
to verify the input first when they are unsure of the legality of the input.
> ClassUtils.getShortCanonicalName can not handle invalid input data
> ------------------------------------------------------------------
>
> Key: LANG-1774
> URL: https://issues.apache.org/jira/browse/LANG-1774
> Project: Commons Lang
> Issue Type: Bug
> Components: lang.*
> Affects Versions: 3.17.0
> Reporter: Zhongxin Yan
> Priority: Major
>
> {code:java}
> // code placeholder
> {code}
> @Test
> public void getShortCanonicalName(){
> String a = ClassUtils.getShortCanonicalName("[[");
> String b = ClassUtils.getShortCanonicalName("[[L");
> String c = ClassUtils.getShortCanonicalName("[IPackageName.TestClassUtils");
> System.out.println("a="+a+" b="+b+" c="+c);
> }
> output result: a=][][] b=][][] c=int[]
> ----------------------------------------------------------------
> The method comment of ClassUtils.getShortCanonicalName(final String
> canonicalName) states "The string passed in is assumed to be a class name -
> it is not checked". However, when the input parameter canonicalName does not
> conform to the JVM class name specification, the behavior of the
> getShortCanonicalName method may be unpredictable, which may produce
> misleading results for developers, for example, returning "][][]", which is
> obviously not a reasonable result. Developers may expect the method to handle
> more edge cases, or at least give a more reasonable response to obviously
> wrong input, such as returning an empty string or throwing an exception.
> Suggestions:
> 1. Input validation: Add a check inside the ClassUtils.getShortCanonicalName
> or getCanonicalName(String className) method to check whether the input
> string conforms to the JVM class name specification. For illegal input, you
> can throw `IllegalArgumentException` or return an empty string to avoid
> misleading results, such as "][][]".
> 2. Update the document: Make it clear that the method is only applicable to
> input that conforms to the JVM class name specification, and remind the
> caller to verify the input first when they are unsure of the legality of the
> input.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
