From bf1e1444a188615088b125079b7b6876cb81efba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Standa=20Luke=C5=A1?= Date: Sun, 22 Oct 2023 12:07:54 +0200 Subject: [PATCH] Validate static command argument type before deserialization --- .../Framework/Hosting/StaticCommandExecutor.cs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/Framework/Framework/Hosting/StaticCommandExecutor.cs b/src/Framework/Framework/Hosting/StaticCommandExecutor.cs index d9a4d51727..b35cfce72b 100644 --- a/src/Framework/Framework/Hosting/StaticCommandExecutor.cs +++ b/src/Framework/Framework/Hosting/StaticCommandExecutor.cs @@ -60,13 +60,26 @@ IDotvvmRequestContext context IDotvvmRequestContext context ) { + var parameters = plan.Method.GetParameters(); + object? DeserializeArgument(Type type, int index) + { + var parameterType = + plan.Method.IsStatic ? parameters[index].ParameterType : + index == 0 ? plan.Method.DeclaringType : + parameters[index - 1].ParameterType; + if (!parameterType.IsAssignableFrom(type)) + throw new Exception($"Argument {index} has an invalid type"); + var arg = arguments.Dequeue(); + return arg.ToObject(type, this.jsonDeserializer); + } var methodArgs = new List(); var methodArgsPaths = argumentValidationPaths is null ? null : new List(); foreach (var a in plan.Arguments) { + var index = methodArgs.Count; var (value, path) = a.Type switch { StaticCommandParameterType.Argument => - ((object?)arguments.Dequeue().ToObject((Type)a.Arg!, this.jsonDeserializer), argumentValidationPaths?.Dequeue()), + (DeserializeArgument((Type)a.Arg!, index), argumentValidationPaths?.Dequeue()), StaticCommandParameterType.Constant or StaticCommandParameterType.DefaultValue => (a.Arg, null), StaticCommandParameterType.Inject =>