Fix some edge cases. (VirusTotal#66)

If both range expressions are literal integers, ensure the lower bound is less than the upper bound. Also, check for negative integers in either lower or upper bound. For expressions which are negative intgers, literal strings, literal regexp or literal float are all now errors in gyp.
wxsBSD · Dec 29, 2022 · e38a366 · e38a366
1 parent afd8794
commit e38a366
Show file tree

Hide file tree

Showing 4 changed files with 243 additions and 54 deletions.
diff --git a/error/error.go b/error/error.go
@@ -32,6 +32,7 @@ const (
 	InvalidUTF8Error
 	UndefinedStringIdentifierError
 	UndefinedRuleIdentifierError
+	InvalidValueError
 )
 
 type Error struct {

diff --git a/parser/grammar.y b/parser/grammar.y
@@ -1061,6 +1061,35 @@ integer_set
 range
     : '(' primary_expression _DOT_DOT_  primary_expression ')'
       {
+        if start, ok := $2.(*ast.LiteralInteger); ok {
+          if end, ok := $4.(*ast.LiteralInteger); ok {
+            if (start.Value >= end.Value) {
+              lexer := asLexer(yrlex)
+              return lexer.setError(
+                gyperror.InvalidValueError,
+                "lower bound must be less than upper bound")
+            }
+          }
+        }
+
+        if v, ok := $2.(*ast.Minus); ok {
+          if _, ok := v.Expression.(*ast.LiteralInteger); ok {
+            lexer := asLexer(yrlex)
+            return lexer.setError(
+              gyperror.InvalidValueError,
+              "lower bound can not be negative")
+          }
+        }
+
+        if v, ok := $4.(*ast.Minus); ok {
+          if _, ok := v.Expression.(*ast.LiteralInteger); ok {
+            lexer := asLexer(yrlex)
+            return lexer.setError(
+              gyperror.InvalidValueError,
+              "upper bound can not be negative")
+          }
+        }
+
         $$ = &ast.Range{
           Start: $2,
           End: $4,
@@ -1255,6 +1284,30 @@ text_string_enumeration_item
 for_expression
     : primary_expression
       {
+        switch v := $1.(type) {
+        case *ast.Minus:
+          if i, ok := v.Expression.(*ast.LiteralInteger); ok {
+            lexer := asLexer(yrlex)
+              return lexer.setError(
+                gyperror.InvalidValueError,
+                `invalid value in condition: -%d`, i.Value)
+          }
+        case *ast.LiteralString:
+          lexer := asLexer(yrlex)
+            return lexer.setError(
+              gyperror.InvalidValueError,
+              `invalid value in condition: "%s"`, v.Value)
+        case *ast.LiteralRegexp:
+          lexer := asLexer(yrlex)
+            return lexer.setError(
+              gyperror.InvalidValueError,
+              `invalid value in condition: /%s/`, v.Value)
+        case *ast.LiteralFloat:
+          lexer := asLexer(yrlex)
+            return lexer.setError(
+              gyperror.InvalidValueError,
+              `invalid value in condition: %f`, v.Value)
+        }
         $$ = $1
       }
     | _ALL_
@@ -1503,4 +1556,4 @@ func operation(operator ast.OperatorType, left, right ast.Expression) (n ast.Exp
     }
   }
   return n
-}
+}