Context Navigation

← Previous Ticket
Next Ticket →

#534 closed defect (wontfix)

"Illegal group reference" in JdbcResourceDao.replaceInString(JdbcResourceDao.java:143

Reported by:	Olaf Seibert 1	Owned by:
Priority:	minor	Milestone:	DASISH backend
Component:	DASISH backend	Version:
Keywords:		Cc:	olhsha

Description

The error message here is "Illegal group reference" in JdbcResourceDao?.replaceInString(JdbcResourceDao?.java:143)...
although I can't see quickly which string from my input is used here and considered incorrect.

Apparently there must be something that is used as a regex, or replacement for a regex, and looks like it refers back to a group in the regex.
Usually this is done with a syntax like \1, \2, or $1, $2, etc.
It would refer back to something between () in the regex, but the () aren't there.
Could it be the $% that is in the middle of <Recipient> in <xmlBody> ???
I have not experimented further at this time.

POST: https://lux16.mpi.nl/ds/webannotator/api/annotations
POST/PUT body:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<annotation xmlns="http://www.dasish.eu/ns/addit"
ownerRef="https://lux16.mpi.nl/ds/webannotator/api/principals/00000000-0000
-0000-0000-000000000221" URI="">
    <headline>kltyjiotrjoiytyjopurtu</headline>
    <lastModified>2014-02-19T13:47:52Z</lastModified>
    <body>
        <xmlBody>
            <mimeType>text/xml</mimeType>
            <ColTime xmlns:ns2="http://www.dasish.eu/ns/addit" xmlns=""
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ColTimeMessageID="6cc7a441-5394-4f32-ac93-6475addb7191"
noNamespaceSchemaLocation="http://www.mpi.nl/tools/elan/comments.xsd">
                <Metadata>
                    <Initials>C</Initials>
                    <Sender>x@y.zz.y</Sender>
                    <Recipient>a.(dit is een kommentaar)b.&quot;&lt;!@#$%^&amp;*()&gt;&quot;c.d@e.f.g.h &lt;!-- bla! --&gt; &lt;![CDATA[ cdata ..]]&gt;</Recipient>
                    <CreationDate>2014-02-19T13:47:52Z</CreationDate>
                    <ModificationDate>2014-03-10T12:08:58Z</ModificationDate>
                    <Category>unknown</Category>
                    <Status>unknown</Status>
                </Metadata>
                <MediaFile ColTimeID="2bab6456-dd07-4319-9cdd-b8027c882086">unknown so far</MediaFile>
                <AnnotationFile ColTimeID="c14e75d1-de10-4b48-a634-394edd709673"
type="EAF">urn:nl-mpi-tools-elan-eaf:59d08e6a-5cd9-4aed-8aa4-7074c270e635#t
=1.749/3.615;tier=Begripnaam</AnnotationFile>
                <Message>kltyjiotrjoiytyjopurtu</Message>
            </ColTime>
        </xmlBody>
    </body>
    <targets>
        <targetInfo
ref="urn:nl-mpi-tools-elan-eaf:59d08e6a-5cd9-4aed-8aa4-7074c270e635">
            <link></link>
            <version></version>
        </targetInfo>
    </targets>
    <permissions public="read">
        <permission level="write"
principalRef="https://lux16.mpi.nl/ds/webannotator/api/principals/00000000-
0000-0000-0000-000000000221"/>
    </permissions>
</annotation>

response: HTTP/1.1 500 Internal Server Error

From my somewhat unreadable error log:

read: 0x3c '<'
read: 0x68 'h'
read: 0x74 't'
read: 0x6d 'm'
read: 2045 bytes: l><head><title>Apache Tomcat/6.0.36 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;f
ont-size:22px;} H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;f
ont-size:16px;} H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;f
ont-size:14px;} BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size
:12px;}A {color : black;}A.name {color : black;}HR {color :
#525D76;}--></style> </head><body><h1>HTTP Status 500 - Illegal group
reference</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception
report</p><p><b>message</b> <u>Illegal group
reference</u></p><p><b>description</b> <u>The server encountered an
internal error ({0}) that prevented it from fulfilling this
request.</u></p><p><b>exception</b>
<pre>java.lang.IllegalArgumentException: Illegal group reference
	java.util.regex.Matcher.appendReplacement(Matcher.java:808)
	java.util.regex.Matcher.replaceAll(Matcher.java:906)
	java.lang.String.replaceAll(String.java:2162)
	eu.dasish.annotation.backend.dao.impl.JdbcResourceDao.replaceInString(Jdbc
ResourceDao.java:143)
	eu.dasish.annotation.backend.dao.impl.JdbcResourceDao.loggedUpdate(JdbcRes
ourceDao.java:127)
	eu.dasish.annotation.backend.dao.impl.JdbcAnnotationDao.addAnnotation(Jdbc
AnnotationDao.java:472)
	eu.dasish.annotation.backend.dao.impl.DBIntegrityServiceImlp.addPrincipals
Annotation(DBIntegrityServiceImlp.java:673)
	eu.dasish.annotation.backend.rest.AnnotationResource.createAnnotation(Anno
tationResource.java:239)
	sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
57)
	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
pl.java:43)
	java.lang.reflect.Method.invoke(Method.java:606)
	com.sun.jersey.spi.container.JavaMeth

Change History (6)

comment:1 Changed 10 years ago by DefaultCC Plugin

Cc:	olhsha added

comment:2 Changed 10 years ago by olhsha@mpi.nl

The xml is correct. The problem is in the row ""<!@#$%^{&*()>"c.d@e.f.g.h  <![CDATA[ cdata ..]]>". I need to ask our Swedish colleagues to remind me which standard convertion we have to use. We need to add it formally to the spec.}

comment:3 Changed 10 years ago by Olaf Seibert 1

A bit more analysis from my side:

Looking at the stack trace, the error happens inside java.lang.String.replaceAll(...).

String.replaceAll takes a regular expression (regex) as input (and for a replacement) and therefore some characters in it have special meaning.

The intention of the code is probably to do some plain text substitution and the fact that String.replaceAll() does regex replacement is rather annoying in this case. Client input is apparently used as replacement text and to make it safe, the code should escape $ and \ signs. The documentation for java.util.regex.Matcher.appendReplacement(StringBuffer? sb, String replacement) describes the replacement.

I haven't analyzed where either argument to replaceAll() comes from precisely, but if the search string is also derived from client input, the problem is even bigger. Then you need to escape just about anything that looks like punctuation. (Fortunately there is a method Pattern.quote(String) for that.)

I can reproduce the problem if I reduce my weird string to just "$%" and even just "$" will also do it.

Maybe there is some other function that is really just doing plain text replacement, that would be much simpler, safer and efficient.

comment:4 Changed 10 years ago by olhsha@mpi.nl

i think I will use this advice to re-fix another bug you mentioned yesterday: replacing temporary identifiers (they are replaced only if they are composed from letters, numbers, -, and _).

As for this issue, there is a standard way to replace " etc., which I have forgotten. Olof used it and it worked. Let us wait what he will answer.

comment:5 Changed 10 years ago by olhsha@mpi.nl

fixed on localhost. Debugged version of the bug-fix https://trac.clarin.eu/ticket/532#comment:2

comment:6 Changed 9 years ago by Sander Maijers

Resolution:	→ wontfix
Status:	new → closed

The project has ended.

Note: See TracTickets for help on using tickets.

Download in other formats: