From a8d90aba91ba8788c784e644a6cff2acbcaba4f1 Mon Sep 17 00:00:00 2001 From: PJ Fanning Date: Sun, 9 Aug 2020 21:15:15 +0000 Subject: [PATCH] [github-187] Add length validation for Excel DataValidations that are list literals. Thanks to Leo Webb. This closes #187 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1880727 13f79535-47bb-0310-9956-ffa450edef68 --- .../scratchpad/java9/module-info.class | Bin 2099 -> 2099 bytes .../scratchpad/test9/module-info.class | Bin 2273 -> 2273 bytes .../XSSFDataValidationConstraint.java | 9 ++++++-- .../TestXSSFDataValidationConstraint.java | 21 ++++++++++++++++++ .../DataValidationListTooLong.xlsx | Bin 0 -> 3286 bytes 5 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 test-data/spreadsheet/DataValidationListTooLong.xlsx diff --git a/src/multimodule/scratchpad/java9/module-info.class b/src/multimodule/scratchpad/java9/module-info.class index 879d58efd6ccb9c00dfb67cafd7435dacc773e49..311deebf44d7d5674ba2b8e8a1f321869aa092e5 100644 GIT binary patch literal 2099 zcmaKt*|Oydbf(i$PH*%V`)n==Z`P2rEfGP-$t-L5}yhwX!G>kjwDota*P)#|;jKAWN%^$DU{Oxb|XOtw3wF(l8 zH={O1Gh*A#X;xAl^Y$^Dtk*mpr9Ril!9JUTSE^Q)SSL zhmpLnvZ7;-w1eK1XQnG=e>KrD&yg5FS`TO{W2OVKRXU)ZCQAi{dci;q=V_SUprzp9e1+T+%YwnLCsOwjT0ohaQTeQdOVDtUuoQ-)f4! zQO(Tv#yE&n%y)@1%``)^TI;0Cj}9i=tJZ1|m8-UT8KVw&!bpu~t^*GLpw<2yY~t4i zY?jw9bgi3*Etp_-n@98rXRuZN_X@WO`-Izt{lXo>ox)wh-NFH3PDsK%!o9*l;gE1x zxKFrWI3gSsjtR$w6T$<+N#Q}^A>m=+5#dqcl<=7FxbTGVq;Oi87rMez!WrSLa87ty Oct&_ucusg;DEJFC;XZBv literal 2099 zcmZ{lXCR@OFd@f)30sK%t&Q5AA zWy*^m$@8Dg@!v`M`_Io`05A`x3$_X9iIbof>FKaqP6Tu=&|Lv`2pCGzrJ^#*ujryl z!eZv9%K8*@{g}0r~{=`AHln)vOpR zTbYxvM?e7|_VQ95KIm0qU6!yQ z2PGU9FwDjHm0EQL^`p#uYX;{#&di5GKHmuegRNPen3*(|aEckuseV#j)hYHaVY*F7 z)BIkWkXoiwTuB{Cn8|l=(_*+nb$O0)upxV4B4J*@I5!6+@azwx(W3K=g==xyOSPY* zfrN{k8K?)TT9a^@8w1s*F|KY6Y53qJk)D-sojE2`!ehG091{xpG2PypxZ=b{b_sVG z3tdRv!utXyS`BK*-gmzgT6E|k(?k~4n|RFF=fr>ZEig?wy{XBk%%bNZ{}=svn>0;6 zzhn-|r71$i4(+0;t}F8;uP^D@iehWJVTr%o+X|mULal~ zULjs1-XPv0-XY#2J|I3KJ|Qj=pAlaWUlHFB-w{6$KM}tWzY$BsfLJD0h|9!?SS1qv E0_}Z1ZU6uP diff --git a/src/multimodule/scratchpad/test9/module-info.class b/src/multimodule/scratchpad/test9/module-info.class index 86ad206e1a5518fd0ce1574254d99e2a52958de3..5809da74f2c1a22a93e58626e20a224185af7474 100644 GIT binary patch literal 2273 zcmaKt*LKrD5QcwI5?W{)AR&bidb1#e-h1!8Bg^YpiDfC$+D^F2;jy^j0eC15vttt+ zYmF{GN&D~a)Rlhy{_zvQDSYe4We0ta;!?e;TwHN+)x|Xz*InFjanr>u!fnDG!d=2W z!hOO6!b8F%!ehb{!c)RC!gIn4!b`#{!fV1C!dt>S!h6C8!bidecGzs&B1qbUR@%&g=E5{Co;&i&; zCw@>-g(MCOS&;fVs3d;L!P*(W;TMX2rW|bTn#Xe;Y>){hmCfonaWD|XQ54s*Lgeep zNe8QE>a|d_MYA@FgV|8CMVH^amPLzX~!*(*)k?D1&J-f*`)qhvZ&ew10P8MVWk5!-4Gv!+$b%g1c8nh#W>L(ZIoowf-< zrCyt5F&9cRv4z5;txyKLH#16>q>&{KBL#7-p;Gp=hu#rqt}14IJyR)nm#VhuFVI{Vkz~TwxC$*aJoCFrFgx#swOS@ zPl~qu^JtIOHOkVamLwUyouu*ZEG%i>Tu=-(ry+M{vTECKu8WNFH$mM|R*cx;Rjx-{ z`oA8vZqSj&Tm{Sq#cIf(2=lpF))q!;M|`lS=4o~>N#lf@Gc*lgwNTd~H(uVkY*}OH z&QKQFYRIEKYAA}Y{dOfTk+01=!jDf^Y`7Cjyxnd|*Tb1^4f=0i{@c9 z#+iNQ5&gn7!nMLFtdskC;RfM=aHDXOaIQ=5 zt)WbN@h0UPX8Fz}{r%_XF92AA@14*lpxX}$NmEW0}5L&@Ny&h*ok==(r`7 z3j;3~yOE>aQs@*c=oHYk>QtRv-ieh3T>=K0qVYd0=oZjJVFeYh=^(VAS3s{D_}tYGbNrZx&`?MVTn&9#jf>qt3%Ea4DS*#u;o zJ1k&~%Yoxpw2CmvQ2`TNgxYXbs6BL7!Z86OT#Q>vDr=}8XXdMgINwQTJ`~dV<^&8i zXEkCRM!p1_8P2F~P^qd2dzWygMM!4;g%%-6tRh@jRhF=n?&r3}Foo*!ImW?;YvgghF~u_jV>O8L^RF!UM)a6H>SEk$|aYgBr5E?&dv>4lOfH#N~PuPZ|4+ z_|LxQOp`{>H2IQQ^fcuEqQ7pDCgby4=AcZPeAx>nyl0#+YTb#C0%n_?Xvnt4Zo?=D zalJjWGoM?OO0mvZ+q}{uBxAS7*^ODU z@0B&?4Tt^Np%dZri4OQo5`_WjvD7k>Q#yXk8ObZnWMJurpbYi^;3*hlOq zF2Vp^CGj9}h&VzVBTf*fh||O)#2Ml&@dWV{F-JU2oF^_4&l1lQFA^^kuM)2lZxU}4 z?-K759}*uEpAerBUl3mr-w@vsKM+3=zYxC>^TYzNNGuUoiDhDi7!o6*MhfVIYW=!V RzqWyyOh7-Fsmv8We*rgOXl?)i diff --git a/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFDataValidationConstraint.java b/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFDataValidationConstraint.java index d42641eb86..b62a38e0a5 100644 --- a/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFDataValidationConstraint.java +++ b/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFDataValidationConstraint.java @@ -30,12 +30,14 @@ import org.openxmlformats.schemas.spreadsheetml.x2006.main.STDataValidationOpera public class XSSFDataValidationConstraint implements DataValidationConstraint { /** * Excel validation constraints with static lists are delimited with optional whitespace and the Windows List Separator, - * which is typically comma, but can be changed by users. POI will just assume comma. + * which is typically comma, but can be changed by users. POI will just assume comma. + * In addition, Excel validation with static lists has a maximum size of 255 characters, including separators and excluding quotes. */ private static final String LIST_SEPARATOR = ","; private static final Pattern LIST_SPLIT_REGEX = Pattern.compile("\\s*" + LIST_SEPARATOR + "\\s*"); private static final String QUOTE = "\""; - + private static final int MAX_EXPLICIT_LIST_LENGTH = 257; + private String formula1; private String formula2; private int validationType = -1; @@ -204,6 +206,9 @@ public class XSSFDataValidationConstraint implements DataValidationConstraint { if (isFormulaEmpty(formula1)) { throw new IllegalArgumentException("A valid formula or a list of values must be specified for list validation."); } + if(formula1.length() > MAX_EXPLICIT_LIST_LENGTH) { + throw new IllegalArgumentException("A valid formula or a list of values must be less than or equal to 255 characters (including separators)."); + } } else { if( isFormulaEmpty(formula1) ) { throw new IllegalArgumentException("Formula is not specified. Formula is required for all validation types except explicit list validation."); diff --git a/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFDataValidationConstraint.java b/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFDataValidationConstraint.java index c48a135750..2409829384 100644 --- a/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFDataValidationConstraint.java +++ b/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFDataValidationConstraint.java @@ -18,11 +18,18 @@ package org.apache.poi.xssf.usermodel; import static org.junit.Assert.*; +import org.apache.poi.ss.formula.DataValidationEvaluator; import org.apache.poi.ss.usermodel.DataValidationConstraint; import org.apache.poi.ss.usermodel.DataValidationConstraint.ValidationType; +import org.apache.poi.xssf.XSSFTestDataSamples; import org.apache.poi.ss.usermodel.DataValidationConstraint.OperatorType; +import org.apache.poi.ss.util.CellReference; import org.junit.Test; +import java.util.Collections; +import java.util.stream.Collectors; +import java.util.stream.IntStream; + public class TestXSSFDataValidationConstraint { static final int listType = ValidationType.LIST; static final int ignoredType = OperatorType.IGNORED; @@ -51,6 +58,20 @@ public class TestXSSFDataValidationConstraint { assertEquals(literal.replace(" ", ""), constraint.getFormula1()); } + @Test + public void listLiteralsGreaterThan255CharactersThrows() { + String[] literal = IntStream.range(0, 129).mapToObj(i -> "a").toArray(String[]::new); + assertThrows(IllegalArgumentException.class, () -> new XSSFDataValidationConstraint(literal)); + } + + @Test + public void dataValidationListLiteralTooLongFromFile() { + XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("DataValidationListTooLong.xlsx"); + XSSFFormulaEvaluator fEval = wb.getCreationHelper().createFormulaEvaluator(); + DataValidationEvaluator dvEval = new DataValidationEvaluator(wb, fEval); + assertThrows(IllegalArgumentException.class, () -> dvEval.getValidationValuesForCell(new CellReference("Sheet0!A1"))); + } + @Test public void rangeReference() { // (unnamed range) reference list diff --git a/test-data/spreadsheet/DataValidationListTooLong.xlsx b/test-data/spreadsheet/DataValidationListTooLong.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..7eab4adf15ffa598e110e467706c4186d891987f GIT binary patch literal 3286 zcmZ`*c|4R07aqnoc9&|p_PyE_*~ z%iupE(p^>+@7-KnapTs`u)E9~yoB`j@pk@lraHLV)es>{XnIcg^T6T(--&uscMI{O>K)vg*Q|FB^0?TRHj_T&O;5~hnXNRwxZkh4Y^{`=v=H3i+* zZRkFW4?B%xt&~r6wOx79JF)QCRLk|?YWc;y!}BIWI4imIhz>Abom$?^h^RDaKiE?2b2UK$7bvx5FhY9 zjYFYBR8_W~WodN(ro;TC)6b@dwcmS?ZELcQOb3z|*wjy%S$efIUuQO~cc`4Q;1!?W zrx3Zx%{Z$cXVze=l2;HD)^maCJFvzS57#?(XTe|>eL85|luNFOSQANw6k;;y#nc0G zyTP%hb^UeB81_t(=(E=|+T0ng@7$Fu<-gFh0wZpJI>D6->+Rm#a=eBs?CDTCG+TMS z6HoAzx|UFulw#Bfd3*O$rXcz>*!X12<7`mFeEHhhV6-%>-^y~P5#_r(A$jOPFGt&W z=^wDVlZVT5XRzk|DO4~-SL_?rooA*(niE;ORtTz@3@)kMePl;XM<_r{a< z*Bg`#^(Tp$YLb)RIq6CF&nmzh>d0>>VDO){)$etjeojN%@wSnx%M_k_5a;Rg- z|4-$@wA+k^ufZbw%se;*l(_6BIoD9~;gTDYE@@Yek~|BG{Mw3fV+<2c{Nwsam&})3 zuqZcn%&qjR7D93t5N1y%iY=19DV%uQ8&=;eP(bz$y=L3TNUPxM)KuNI2Gi$jeA%a! zRZ5ZS8r$%G*Ef}r+dD*Hk^lUgw7_J5t8yTK0R#$1tA_Y`;!tPoLvel>pO7uujwS!T z)pp~RJh_fx>-Pwwv{2b__G1RV&6*xc8n9g{Sh3)hkNc`*e1J_lppL<@a=3-z7^qUIUSKz<(hvLzw z?}ZnpJ-{@{2$NRyIK8kzM;vS~wc6}=oTAw|dv$6akl0OWS?JkA?xESoS)W@8*=!zz zjU@F^_*U~J`$8LT?PEjdGMK%~>$OosjO*c}vesOJ#|#u&qi+^PlAB=2n=|yb`#7+N zuHW^VBSnmJhxnyvyaQ(h1|51uE9~TVNxVFZMam?>k$3!zb4JUWu9X)V3m+wiwphOiocQ>w7DS%!Q>~kj)wJ5 zLEk)C@+5Z_8Tk$9WGKnsOI9>va*=f=dm}3wnMjK^!C{AuZwmUGSBqjYD?Q9p*H$W@ zZfIqa-(xq(-Zdju1Qv&(HBkMp0hZkW#)Y=oK8M8xcww;tTS7^q(5;)c<^$nU)j9uS zV;-t@L%w-~tZgm!y%kcUx}eH$jgafWmYmyHfQQ3z73)i}wZh7KVoCmm1~!Mg>w*}I zMCKcPdUZp<-PD)O(3jLvS- zL)kD8jZJ0wv)5tEzq}|ereI|)!SC!eKVvMrHq;|fo@(}=??|bKYAdi0Xr_M}o4!h< zoAIg-xJ^eN7w{jSlnz>WWGT{>PO6!4+aLw_XeYMruxZ%qRI=)#>K0Ow&kPK(Cynvwl$_cF%52Ito`f4}9UQA5iOKp6a zzCzMTOJj<*>8&-oD+J=BD&Rw_n|avbK3Bo7`88+}{MvDFcmUTKt=Kb9jV(`<%x+Kx z-vXOG_8@fIwbM#R>vX-prDT33@~^gx1)4DU&eliAHb_+HCU#F;?7z2Kv{Bf&-WwI9 zV~TiXkC%K?WkKX9hSt}9dB?ZIMR5$ft*)<>U;rQocQ6P91xaiTkS!KMd{L;-5MY)7 zFSRXgI66Q;U{@*S(_0Z1&Ie-Sme+aHi%>Du?F`pBaZq`e_jg4|ub`qu<-)Nl)m*ZSzx0su=BodEacW)mg z&?5K~nIMYC*@Y zC>{)r5+>&)1W$+eSMJg?R1pfA^cHDXcjQGG&UWSAJL*-e^l#7x*;`7oy3;bT{ z8t9yd*6Z%Nuos0oYf~w&{6_@J1S6s<>4uD8X&`u>;1HYMgyw& z;hJIvvK|{dz;M7;tfvPnnswLjptS&1{f++L=4XYouDu<20C02v(-LIOz`A&LG92XG z&hYmdVui9!(H&?G*LUcTV}upVI(v4&`P|>Z|1ycT@<@TV8~^{lg?>*1Gz>(Gxx@2! f5&z&~&TSX7IM~L56DS=7f&gD