prosody
53e0ae770917
util/human/units.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

util/human/units.lua @ 12180:53e0ae770917

util.xml: Do not allow doctypes, comments or processing instructions Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
author Jonas Schäfer <jonas@wielicki.name>
date Mon, 10 Jan 2022 18:23:54 +0100
parent 10903:c5f26f9adb31
child 12573:0f4feaf9ca64
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
10889
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
1 local math_abs = math.abs;
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
2 local math_ceil = math.ceil;
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
3 local math_floor = math.floor;
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
4 local math_log = math.log;
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
5 local math_max = math.max;
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
6 local math_min = math.min;
10888
42a0d9089de9 util.human.units: Handle location of unpack() in Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10886
diff changeset
7 local unpack = table.unpack or unpack; --luacheck: ignore 113
42a0d9089de9 util.human.units: Handle location of unpack() in Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10886
diff changeset
8
10890
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
9 if math_log(10, 10) ~= 1 then
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
10 -- Lua 5.1 COMPAT
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
11 local log10 = math.log10;
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
12 function math_log(n, base)
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
13 return log10(n) / log10(base);
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
14 end
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
15 end
a451f80d1cea util.human.units: Handle lack of math.log(n, base) on Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10889
diff changeset
16
10886
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local large = {
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 "k", 1000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 "M", 1000000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 "G", 1000000000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 "T", 1000000000000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 "P", 1000000000000000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 "E", 1000000000000000000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 "Z", 1000000000000000000000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 "Y", 1000000000000000000000000,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 }
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 local small = {
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 "m", 0.001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 "μ", 0.000001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 "n", 0.000000001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 "p", 0.000000000001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 "f", 0.000000000000001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 "a", 0.000000000000000001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 "z", 0.000000000000000000001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 "y", 0.000000000000000000000001,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 }
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 local binary = {
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 "Ki", 2^10,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 "Mi", 2^20,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 "Gi", 2^30,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 "Ti", 2^40,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 "Pi", 2^50,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 "Ei", 2^60,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 "Zi", 2^70,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 "Yi", 2^80,
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 }
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
10903
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
49 local function adjusted_unit(n, b)
10889
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
50 local round = math_floor;
10886
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 local prefixes = large;
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 local logbase = 1000;
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 if b == 'b' then
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 prefixes = binary;
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 logbase = 1024;
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 elseif n < 1 then
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 prefixes = small;
10889
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
58 round = math_ceil;
10886
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 end
10889
25e0ec11b4e4 util.human.units: Put math functions into locals
Kim Alvefur <zash@zash.se>
parents: 10888
diff changeset
60 local m = math_max(0, math_min(8, round(math_abs(math_log(math_abs(n), logbase)))));
10888
42a0d9089de9 util.human.units: Handle location of unpack() in Lua 5.1
Kim Alvefur <zash@zash.se>
parents: 10886
diff changeset
61 local prefix, multiplier = unpack(prefixes, m * 2-1, m*2);
10903
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
62 return multiplier or 1, prefix;
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
63 end
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
64
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
65 -- n: number, the number to format
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
66 -- unit: string, the base unit
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
67 -- b: optional enum 'b', thousands base
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
68 local function format(n, unit, b) --> string
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
69 local fmt = "%.3g %s%s";
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
70 if n == 0 then
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
71 return fmt:format(n, "", unit);
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
72 end
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
73 local multiplier, prefix = adjusted_unit(n, b);
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
74 return fmt:format(n / multiplier, prefix or "", unit);
10886
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 end
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 return {
10903
c5f26f9adb31 util.human.units: Factor out function for getting multiplier
Kim Alvefur <zash@zash.se>
parents: 10890
diff changeset
78 adjust = adjusted_unit;
10886
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 format = format;
994c4a333199 util.human.units: A library for formatting numbers with SI units
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 };