log error if script path contains illegal characters

Author: brachy84

src/main/java/com/cleanroommc/groovyscript/sandbox/CompiledClass.java

@@ -16,7 +16,7 @@ class CompiledClass {
     public static final String CLASS_SUFFIX = ".clz";
 
     final String path;
-    String name;
+    final String name;
     byte[] data;
     Class<?> clazz;
 

src/main/java/com/cleanroommc/groovyscript/sandbox/CustomGroovyScriptEngine.java

@@ -184,13 +184,13 @@ List<CompiledScript> findScripts(Collection<File> files) {
         List<CompiledScript> scripts = new ArrayList<>(files.size());
         for (File file : files) {
             CompiledScript cs = checkScriptLoadability(file);
-            if (!cs.preprocessorCheckFailed()) scripts.add(cs);
+            if (cs != null && !cs.preprocessorCheckFailed()) scripts.add(cs);
         }
         return scripts;
     }
 
     void loadScript(CompiledScript script) {
-        if (script.requiresReload() && !script.preprocessorCheckFailed()) {
+        if (script != null && script.requiresReload() && !script.preprocessorCheckFailed()) {
             Class<?> clazz = loadScriptClassInternal(new File(script.path), true);
             script.setRequiresReload(false);
             if (script.clazz == null) {
@@ -207,10 +207,13 @@ CompiledScript loadScriptClass(File file) {
         return compiledScript;
     }
 
-    @NotNull
     CompiledScript checkScriptLoadability(File file) {
         String relativeFileName = FileUtil.relativize(this.scriptRoot.getPath(), file.getPath());
-        File relativeFile = new File(relativeFileName);
+        if (!FileUtil.validateScriptPath(relativeFileName)) {
+            // skip
+            return null;
+        }
+        // File relativeFile = new File(relativeFileName);
         long lastModified = file.lastModified();
         CompiledScript comp = this.index.get(relativeFileName);
 
@@ -294,8 +297,11 @@ private File findScriptFile(String scriptName) {
 
     private @Nullable Class<?> parseDynamicScript(File file, boolean isFileRelative) {
         if (isFileRelative) {
-            file = findScriptFile(file.getPath());
-            if (file == null) return null;
+            File absoutefile = findScriptFile(file.getPath());
+            if (absoutefile == null)  {
+                throw new IllegalArgumentException("Now file was found for '" + file.getPath() + "'");
+            }
+            file = absoutefile;
         }
         Class<?> clazz = null;
         try {
@@ -488,14 +494,16 @@ public LookupResult findClassNode(String origName, CompilationUnit compilationUn
                     File scriptFile = CustomGroovyScriptEngine.this.findScriptFileOfClass(name);
                     if (scriptFile != null) {
                         CompiledScript result = checkScriptLoadability(scriptFile);
-                        if (result.requiresReload() || result.clazz == null) {
-                            try {
-                                return new LookupResult(compilationUnit.addSource(scriptFile.toURI().toURL()), null);
-                            } catch (MalformedURLException e) {
-                                throw new RuntimeException(e);
+                        if (result != null) {
+                            if (result.requiresReload() || result.clazz == null) {
+                                try {
+                                    return new LookupResult(compilationUnit.addSource(scriptFile.toURI().toURL()), null);
+                                } catch (MalformedURLException e) {
+                                    throw new RuntimeException(e);
+                                }
+                            } else {
+                                return new LookupResult(null, ClassHelper.make(result.clazz));
                             }
-                        } else {
-                            return new LookupResult(null, ClassHelper.make(result.clazz));
                         }
                     }
                     return super.findClassNode(origName, compilationUnit);

src/main/java/com/cleanroommc/groovyscript/sandbox/FileUtil.java

@@ -1,6 +1,8 @@
 package com.cleanroommc.groovyscript.sandbox;
 
+import com.cleanroommc.groovyscript.api.GroovyLog;
 import it.unimi.dsi.fastutil.chars.Char2ObjectOpenHashMap;
+import it.unimi.dsi.fastutil.objects.ObjectOpenHashSet;
 import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.Contract;
 import org.jetbrains.annotations.NotNull;
@@ -12,10 +14,14 @@
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.util.Set;
+import java.util.regex.Pattern;
 
 public class FileUtil {
 
     private static final Char2ObjectOpenHashMap<String> encodings = new Char2ObjectOpenHashMap<>();
+    private static final Set<String> warnedAboutPackage = new ObjectOpenHashSet<>();
+    private static final Pattern pathPattern = Pattern.compile("^[a-zA-Z][a-zA-Z0-9_]*$");
 
     static {
         encodings.put(' ', "%20");
@@ -47,6 +53,48 @@ public class FileUtil {
         }
     }
 
+    public static void cleanScriptPathWarnedCache() {
+        warnedAboutPackage.clear();
+    }
+
+    /**
+     * Logs an error for every directory in the path if it contains illegal characters.
+     *
+     * @param path relative script path to check for
+     * @return if script path is valid
+     */
+    public static boolean validateScriptPath(String path) {
+        int index = path.lastIndexOf('.');
+        if (index < 0) {
+            GroovyLog.get().errorMC("Script path '{}' doesn't have a file ending.", decodeURI(path));
+            return false;
+        }
+        String[] parts = path.substring(0, index).split("/");
+        boolean errorInFile = false;
+        boolean errorInPath = false;
+        for (int i = 0; i < parts.length; i++) {
+            String part = parts[i];
+            if (!pathPattern.matcher(part).matches()) {
+                String fullPath = StringUtils.join(parts, '/', 0, i + 1);
+                if (i == parts.length - 1) {
+                    errorInFile = true;
+                } else {
+                    errorInPath = true;
+                    if (!warnedAboutPackage.contains(fullPath)) {
+                        warnedAboutPackage.add(fullPath);
+                        GroovyLog.get().errorMC("Script path '{}' contains illegal characters. Only letters, numbers and underscores are allowed for folder and file names. Folders and files must start with a letter!", decodeURI(fullPath));
+                    }
+                }
+            }
+        }
+        if (errorInFile) {
+            GroovyLog.get().errorMC("Skipping script '{}', because path contains illegal characters. Only letters, numbers and underscores are allowed for folder and file names. Folders and files must start with a letter!", decodeURI(path));
+        } else if (errorInPath) {
+            GroovyLog.get().error("Skipping script '{}' because of illegal characters", decodeURI(path));
+        }
+        return !errorInFile && !errorInPath;
+    }
+
     public static @NotNull String relativize(String rootPath, String longerThanRootPath) {
         longerThanRootPath = encodeURI(fixPath(decodeURI(longerThanRootPath)));
         rootPath = encodeURI(rootPath);

src/main/java/com/cleanroommc/groovyscript/sandbox/GroovyScriptSandbox.java

@@ -234,6 +234,7 @@ protected void load(Binding binding, Set<String> executedClasses, boolean run) {
     }
 
     protected void loadScripts(Binding binding, Set<String> executedClasses, boolean run) {
+        FileUtil.cleanScriptPathWarnedCache();
         for (CompiledScript compiledScript : this.engine.findScripts(getScriptFiles())) {
             if (!executedClasses.contains(compiledScript.path)) {
                 long t = System.currentTimeMillis();

src/main/java/com/cleanroommc/groovyscript/sandbox/RunConfig.java

@@ -259,7 +259,7 @@ public boolean isLoaderConfigured(String loader) {
     public Collection<File> getSortedFiles(File root, String loader) {
         List<String> paths = loaderPaths.get(loader);
         if (paths == null || paths.isEmpty()) return Collections.emptyList();
-        return SandboxData.getSortedFilesOf(root, paths);
+        return SandboxData.getSortedFilesOf(root, paths, isDebug());
     }
 
     private static String sanitizePath(String path) {