Solr
  1. Solr
  2. SOLR-7258

Forbid MessageFormat.format and MessageFormat single-arg constructor

    Details

    • Type: Task Task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1, 6.0
    • Component/s: None
    • Labels:
      None

      Description

      While tracing some TestBlobHandler failures with the thai locale I found that the problem was MessageFormat.format which when given a Number ultimately executes NumberFormat.getInstance(getLocale()).format(argument). In thai locale, this transforms the digit 1 to a thai character and hence fails the test.

      We should audit all usages of MessageFormat.format to see if any Number objects are being passed as argument and wrap them with String.valueOf().

      Edit - Actually most format operations use the default locale so we should just ban this API outright.

      1. SOLR-7258.patch
        30 kB
        Shalin Shekhar Mangar
      2. SOLR-7258.patch
        30 kB
        Shalin Shekhar Mangar

        Issue Links

          Activity

          Hide
          Hoss Man added a comment -

          the root issue is really that (static) MessageFormat.format and new MessageFormat(String) should be forbidden because they rely on the default locale.

          as long as client code uses new MessageFormat(String,Locale) we should be fine.

          Show
          Hoss Man added a comment - the root issue is really that (static) MessageFormat.format and new MessageFormat(String) should be forbidden because they rely on the default locale. as long as client code uses new MessageFormat(String,Locale) we should be fine.
          Hide
          Shalin Shekhar Mangar added a comment -
          1. Added MessageFormat.format and the single-argument MessageFormat constructor to forbidden-apis
          2. Added a StrUtils.formatString method in solr-commons and use it instead of MessageFormat.format in Solr
          3. Lucene had a single usage of this method in NLS which is now replaced with the MessageFormat constructor that accepts a Locale.
          Show
          Shalin Shekhar Mangar added a comment - Added MessageFormat.format and the single-argument MessageFormat constructor to forbidden-apis Added a StrUtils.formatString method in solr-commons and use it instead of MessageFormat.format in Solr Lucene had a single usage of this method in NLS which is now replaced with the MessageFormat constructor that accepts a Locale.
          Hide
          Shalin Shekhar Mangar added a comment -

          Updated to trunk.

          Show
          Shalin Shekhar Mangar added a comment - Updated to trunk.
          Hide
          ASF subversion and git services added a comment -

          Commit 1667414 from shalin@apache.org in branch 'dev/trunk'
          [ https://svn.apache.org/r1667414 ]

          SOLR-7258: Forbid MessageFormat.format and MessageFormat single-arg constructor

          Show
          ASF subversion and git services added a comment - Commit 1667414 from shalin@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1667414 ] SOLR-7258 : Forbid MessageFormat.format and MessageFormat single-arg constructor
          Hide
          ASF subversion and git services added a comment -

          Commit 1667418 from shalin@apache.org in branch 'dev/branches/branch_5x'
          [ https://svn.apache.org/r1667418 ]

          SOLR-7258: Forbid MessageFormat.format and MessageFormat single-arg constructor

          Show
          ASF subversion and git services added a comment - Commit 1667418 from shalin@apache.org in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1667418 ] SOLR-7258 : Forbid MessageFormat.format and MessageFormat single-arg constructor
          Hide
          Uwe Schindler added a comment - - edited

          Hi Shalin,
          can you open an issue at forbidden-apis? It would be good to get the signatures into the unsafe signatures there.
          If you like you can send a pull request https://github.com/policeman-tools/forbidden-apis
          Thanks, Uwe

          Show
          Uwe Schindler added a comment - - edited Hi Shalin, can you open an issue at forbidden-apis? It would be good to get the signatures into the unsafe signatures there. If you like you can send a pull request https://github.com/policeman-tools/forbidden-apis Thanks, Uwe
          Hide
          Shalin Shekhar Mangar added a comment -

          Sure Uwe Schindler. Look out for the pull request

          Show
          Shalin Shekhar Mangar added a comment - Sure Uwe Schindler . Look out for the pull request
          Hide
          Timothy Potter added a comment -

          Bulk close after 5.1 release

          Show
          Timothy Potter added a comment - Bulk close after 5.1 release

            People

            • Assignee:
              Shalin Shekhar Mangar
              Reporter:
              Shalin Shekhar Mangar
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development