1 /*
2  * Copyright (C) 2010 Google Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.google.clearsilver.jsilver.compiler;
18 
19 import static com.google.clearsilver.jsilver.compiler.JavaExpression.BooleanLiteralExpression;
20 import static com.google.clearsilver.jsilver.compiler.JavaExpression.callOn;
21 import static com.google.clearsilver.jsilver.compiler.JavaExpression.string;
22 import com.google.clearsilver.jsilver.syntax.analysis.DepthFirstAdapter;
23 import com.google.clearsilver.jsilver.syntax.node.AAddExpression;
24 import com.google.clearsilver.jsilver.syntax.node.AAndExpression;
25 import com.google.clearsilver.jsilver.syntax.node.ADecimalExpression;
26 import com.google.clearsilver.jsilver.syntax.node.ADescendVariable;
27 import com.google.clearsilver.jsilver.syntax.node.ADivideExpression;
28 import com.google.clearsilver.jsilver.syntax.node.AEqExpression;
29 import com.google.clearsilver.jsilver.syntax.node.AExistsExpression;
30 import com.google.clearsilver.jsilver.syntax.node.AFunctionExpression;
31 import com.google.clearsilver.jsilver.syntax.node.AGtExpression;
32 import com.google.clearsilver.jsilver.syntax.node.AGteExpression;
33 import com.google.clearsilver.jsilver.syntax.node.AHexExpression;
34 import com.google.clearsilver.jsilver.syntax.node.ALtExpression;
35 import com.google.clearsilver.jsilver.syntax.node.ALteExpression;
36 import com.google.clearsilver.jsilver.syntax.node.AModuloExpression;
37 import com.google.clearsilver.jsilver.syntax.node.AMultiplyExpression;
38 import com.google.clearsilver.jsilver.syntax.node.ANameVariable;
39 import com.google.clearsilver.jsilver.syntax.node.ANeExpression;
40 import com.google.clearsilver.jsilver.syntax.node.ANegativeExpression;
41 import com.google.clearsilver.jsilver.syntax.node.ANotExpression;
42 import com.google.clearsilver.jsilver.syntax.node.ANumericAddExpression;
43 import com.google.clearsilver.jsilver.syntax.node.ANumericEqExpression;
44 import com.google.clearsilver.jsilver.syntax.node.ANumericExpression;
45 import com.google.clearsilver.jsilver.syntax.node.ANumericNeExpression;
46 import com.google.clearsilver.jsilver.syntax.node.AOrExpression;
47 import com.google.clearsilver.jsilver.syntax.node.AStringExpression;
48 import com.google.clearsilver.jsilver.syntax.node.ASubtractExpression;
49 import com.google.clearsilver.jsilver.syntax.node.AVariableExpression;
50 import com.google.clearsilver.jsilver.syntax.node.PExpression;
51 
52 import java.util.LinkedList;
53 
54 /**
55  * Generates a JavaExpression to determine whether a given CS expression should be escaped before
56  * displaying. If propagateEscapeStatus is enabled, string and numeric literals are not escaped, nor
57  * is the output of an escaping function. If not, any expression that contains an escaping function
58  * is not escaped. This maintains compatibility with the way ClearSilver works.
59  */
60 public class EscapingEvaluator extends DepthFirstAdapter {
61 
62   private JavaExpression currentEscapingExpression;
63   private boolean propagateEscapeStatus;
64   private final VariableTranslator variableTranslator;
65 
EscapingEvaluator(VariableTranslator variableTranslator)66   public EscapingEvaluator(VariableTranslator variableTranslator) {
67     super();
68     this.variableTranslator = variableTranslator;
69   }
70 
71   /**
72    * Returns a JavaExpression that can be used to decide whether a given variable should be escaped.
73    *
74    * @param expression variable expression to be evaluated.
75    * @param propagateEscapeStatus Whether to propagate the variable's escape status.
76    *
77    * @return Returns a {@code JavaExpression} representing a boolean expression that evaluates to
78    *         {@code true} if {@code expression} should be exempted from escaping and {@code false}
79    *         otherwise.
80    */
computeIfExemptFromEscaping(PExpression expression, boolean propagateEscapeStatus)81   public JavaExpression computeIfExemptFromEscaping(PExpression expression,
82       boolean propagateEscapeStatus) {
83     if (propagateEscapeStatus) {
84       return computeForPropagateStatus(expression);
85     }
86     return computeEscaping(expression, propagateEscapeStatus);
87   }
88 
computeForPropagateStatus(PExpression expression)89   private JavaExpression computeForPropagateStatus(PExpression expression) {
90     // This function generates a boolean expression that evaluates to true
91     // if the input should be exempt from escaping. As this should only be
92     // called when PropagateStatus is enabled we must check EscapeMode as
93     // well as isPartiallyEscaped.
94     // The interpreter mode equivalent of this boolean expression would be :
95     // ((value.getEscapeMode() != EscapeMode.ESCAPE_NONE) || value.isPartiallyEscaped())
96 
97     JavaExpression escapeMode = computeEscaping(expression, true);
98     JavaExpression partiallyEscaped = computeEscaping(expression, false);
99 
100     JavaExpression escapeModeCheck =
101         JavaExpression.infix(JavaExpression.Type.BOOLEAN, "!=", escapeMode, JavaExpression
102             .symbol("EscapeMode.ESCAPE_NONE"));
103 
104     return JavaExpression.infix(JavaExpression.Type.BOOLEAN, "||", escapeModeCheck,
105         partiallyEscaped);
106   }
107 
108   /**
109    * Compute the escaping applied to the given expression. Uses {@code propagateEscapeStatus} to
110    * determine how to treat constants, and whether escaping is required on a part of the expression
111    * or the whole expression.
112    */
computeEscaping(PExpression expression, boolean propagateEscapeStatus)113   public JavaExpression computeEscaping(PExpression expression, boolean propagateEscapeStatus) {
114     try {
115       assert currentEscapingExpression == null : "Not reentrant";
116       this.propagateEscapeStatus = propagateEscapeStatus;
117       expression.apply(this);
118       assert currentEscapingExpression != null : "No escaping calculated";
119       return currentEscapingExpression;
120     } finally {
121       currentEscapingExpression = null;
122     }
123   }
124 
setEscaping(JavaExpression escaping)125   private void setEscaping(JavaExpression escaping) {
126     currentEscapingExpression = escaping;
127   }
128 
129   /**
130    * String concatenation. Do not escape the combined string, if either of the halves has been
131    * escaped.
132    */
133   @Override
caseAAddExpression(AAddExpression node)134   public void caseAAddExpression(AAddExpression node) {
135     node.getLeft().apply(this);
136     JavaExpression left = currentEscapingExpression;
137     node.getRight().apply(this);
138     JavaExpression right = currentEscapingExpression;
139 
140     setEscaping(or(left, right));
141   }
142 
143   /**
144    * Process AST node for a function (e.g. dosomething(...)).
145    */
146   @Override
caseAFunctionExpression(AFunctionExpression node)147   public void caseAFunctionExpression(AFunctionExpression node) {
148     LinkedList<PExpression> argsList = node.getArgs();
149     PExpression[] args = argsList.toArray(new PExpression[argsList.size()]);
150 
151     // Because the function name may have dots in, the parser would have broken
152     // it into a little node tree which we need to walk to reconstruct the
153     // full name.
154     final StringBuilder fullFunctionName = new StringBuilder();
155     node.getName().apply(new DepthFirstAdapter() {
156 
157       @Override
158       public void caseANameVariable(ANameVariable node11) {
159         fullFunctionName.append(node11.getWord().getText());
160       }
161 
162       @Override
163       public void caseADescendVariable(ADescendVariable node12) {
164         node12.getParent().apply(this);
165         fullFunctionName.append('.');
166         node12.getChild().apply(this);
167       }
168     });
169 
170     setEscaping(function(fullFunctionName.toString(), args));
171   }
172 
173   /**
174    * Do not escape the output of a function if either the function is an escaping function, or any
175    * of its parameters have been escaped.
176    */
function(String name, PExpression... csExpressions)177   private JavaExpression function(String name, PExpression... csExpressions) {
178     if (propagateEscapeStatus) {
179       // context.isEscapingFunction("name") ? EscapeMode.ESCAPE_IS_CONSTANT : EscapeMode.ESCAPE_NONE
180       return JavaExpression.inlineIf(JavaExpression.Type.UNKNOWN, callOn(
181           JavaExpression.Type.BOOLEAN, TemplateTranslator.CONTEXT, "isEscapingFunction",
182           string(name)), JavaExpression.symbol("EscapeMode.ESCAPE_IS_CONSTANT"), JavaExpression
183           .symbol("EscapeMode.ESCAPE_NONE"));
184     }
185     JavaExpression finalExpression = BooleanLiteralExpression.FALSE;
186     for (int i = 0; i < csExpressions.length; i++) {
187       // Will put result in currentEscapingExpression.
188       csExpressions[i].apply(this);
189       finalExpression = or(finalExpression, currentEscapingExpression);
190     }
191     JavaExpression funcExpr =
192         callOn(JavaExpression.Type.BOOLEAN, TemplateTranslator.CONTEXT, "isEscapingFunction",
193             string(name));
194     return or(finalExpression, funcExpr);
195   }
196 
197   /*
198    * This function tries to optimize the output expression where possible: instead of
199    * "(false || context.isEscapingFunction())" it returns "context.isEscapingFunction()".
200    */
or(JavaExpression first, JavaExpression second)201   private JavaExpression or(JavaExpression first, JavaExpression second) {
202     if (propagateEscapeStatus) {
203       return JavaExpression.callOn(JavaExpression.symbol("EscapeMode"), "combineModes", first,
204           second);
205     }
206 
207     if (first instanceof BooleanLiteralExpression) {
208       BooleanLiteralExpression expr = (BooleanLiteralExpression) first;
209       if (expr.getValue()) {
210         return expr;
211       } else {
212         return second;
213       }
214     }
215     if (second instanceof BooleanLiteralExpression) {
216       BooleanLiteralExpression expr = (BooleanLiteralExpression) second;
217       if (expr.getValue()) {
218         return expr;
219       } else {
220         return first;
221       }
222     }
223     return JavaExpression.infix(JavaExpression.Type.BOOLEAN, "||", first, second);
224   }
225 
226   /*
227    * All the following operators have no effect on escaping, so just default to 'false'.
228    */
229 
230   /**
231    * Process AST node for a variable (e.g. a.b.c).
232    */
233   @Override
caseAVariableExpression(AVariableExpression node)234   public void caseAVariableExpression(AVariableExpression node) {
235     if (propagateEscapeStatus) {
236       JavaExpression varName = variableTranslator.translate(node.getVariable());
237       setEscaping(callOn(TemplateTranslator.DATA_CONTEXT, "findVariableEscapeMode", varName));
238     } else {
239       setDefaultEscaping();
240     }
241   }
242 
setDefaultEscaping()243   private void setDefaultEscaping() {
244     if (propagateEscapeStatus) {
245       setEscaping(JavaExpression.symbol("EscapeMode.ESCAPE_IS_CONSTANT"));
246     } else {
247       setEscaping(BooleanLiteralExpression.FALSE);
248     }
249   }
250 
251   /**
252    * Process AST node for a string (e.g. "hello").
253    */
254   @Override
caseAStringExpression(AStringExpression node)255   public void caseAStringExpression(AStringExpression node) {
256     setDefaultEscaping();
257   }
258 
259   /**
260    * Process AST node for a decimal integer (e.g. 123).
261    */
262   @Override
caseADecimalExpression(ADecimalExpression node)263   public void caseADecimalExpression(ADecimalExpression node) {
264     setDefaultEscaping();
265   }
266 
267   /**
268    * Process AST node for a hex integer (e.g. 0x1AB).
269    */
270   @Override
caseAHexExpression(AHexExpression node)271   public void caseAHexExpression(AHexExpression node) {
272     setDefaultEscaping();
273   }
274 
275   @Override
caseANumericExpression(ANumericExpression node)276   public void caseANumericExpression(ANumericExpression node) {
277     setDefaultEscaping();
278   }
279 
280   @Override
caseANotExpression(ANotExpression node)281   public void caseANotExpression(ANotExpression node) {
282     setDefaultEscaping();
283   }
284 
285   @Override
caseAExistsExpression(AExistsExpression node)286   public void caseAExistsExpression(AExistsExpression node) {
287     setDefaultEscaping();
288   }
289 
290   @Override
caseAEqExpression(AEqExpression node)291   public void caseAEqExpression(AEqExpression node) {
292     setDefaultEscaping();
293   }
294 
295   @Override
caseANumericEqExpression(ANumericEqExpression node)296   public void caseANumericEqExpression(ANumericEqExpression node) {
297     setDefaultEscaping();
298   }
299 
300   @Override
caseANeExpression(ANeExpression node)301   public void caseANeExpression(ANeExpression node) {
302     setDefaultEscaping();
303   }
304 
305   @Override
caseANumericNeExpression(ANumericNeExpression node)306   public void caseANumericNeExpression(ANumericNeExpression node) {
307     setDefaultEscaping();
308   }
309 
310   @Override
caseALtExpression(ALtExpression node)311   public void caseALtExpression(ALtExpression node) {
312     setDefaultEscaping();
313   }
314 
315   @Override
caseAGtExpression(AGtExpression node)316   public void caseAGtExpression(AGtExpression node) {
317     setDefaultEscaping();
318   }
319 
320   @Override
caseALteExpression(ALteExpression node)321   public void caseALteExpression(ALteExpression node) {
322     setDefaultEscaping();
323   }
324 
325   @Override
caseAGteExpression(AGteExpression node)326   public void caseAGteExpression(AGteExpression node) {
327     setDefaultEscaping();
328   }
329 
330   @Override
caseAAndExpression(AAndExpression node)331   public void caseAAndExpression(AAndExpression node) {
332     setDefaultEscaping();
333   }
334 
335   @Override
caseAOrExpression(AOrExpression node)336   public void caseAOrExpression(AOrExpression node) {
337     setDefaultEscaping();
338   }
339 
340   @Override
caseANumericAddExpression(ANumericAddExpression node)341   public void caseANumericAddExpression(ANumericAddExpression node) {
342     setDefaultEscaping();
343   }
344 
345   @Override
caseASubtractExpression(ASubtractExpression node)346   public void caseASubtractExpression(ASubtractExpression node) {
347     setDefaultEscaping();
348   }
349 
350   @Override
caseAMultiplyExpression(AMultiplyExpression node)351   public void caseAMultiplyExpression(AMultiplyExpression node) {
352     setDefaultEscaping();
353   }
354 
355   @Override
caseADivideExpression(ADivideExpression node)356   public void caseADivideExpression(ADivideExpression node) {
357     setDefaultEscaping();
358   }
359 
360   @Override
caseAModuloExpression(AModuloExpression node)361   public void caseAModuloExpression(AModuloExpression node) {
362     setDefaultEscaping();
363   }
364 
365   @Override
caseANegativeExpression(ANegativeExpression node)366   public void caseANegativeExpression(ANegativeExpression node) {
367     setDefaultEscaping();
368   }
369 
370 }
371