Description: | StringTokenizer.nextToken() is invoked without prior check of hasMoreTokens(). This usage may be safe from context, since the tokenized value is an RBG color value which has a known number of tokens. However, the usage is unsafe against invalid values and we, therefore, consider it a misuse. |
Code with Misuse: |
class SimpleBookmark {
@SuppressWarnings("unchecked")
public static Object[] iterateOutlines(PdfWriter writer, PdfIndirectReference parent, List<HashMap<String, Object>> kids, boolean namedAsNames) throws IOException {
PdfIndirectReference refs[] = new PdfIndirectReference[kids.size()];
for (int k = 0; k < refs.length; ++k)
refs[k] = writer.getPdfIndirectReference();
int ptr = 0;
int count = 0;
for (Iterator<HashMap<String, Object>> it = kids.listIterator(); it.hasNext(); ++ptr) {
HashMap<String, Object> map = it.next();
Object lower[] = null;
List<HashMap<String, Object>> subKid = (List<HashMap<String, Object>>)map.get("Kids");
if (subKid != null && !subKid.isEmpty())
lower = iterateOutlines(writer, refs[ptr], subKid, namedAsNames);
PdfDictionary outline = new PdfDictionary();
++count;
if (lower != null) {
outline.put(PdfName.FIRST, (PdfIndirectReference)lower[0]);
outline.put(PdfName.LAST, (PdfIndirectReference)lower[1]);
int n = ((Integer)lower[2]).intValue();
if ("false".equals(map.get("Open"))) {
outline.put(PdfName.COUNT, new PdfNumber(-n));
}
else {
outline.put(PdfName.COUNT, new PdfNumber(n));
count += n;
}
}
outline.put(PdfName.PARENT, parent);
if (ptr > 0)
outline.put(PdfName.PREV, refs[ptr - 1]);
if (ptr < refs.length - 1)
outline.put(PdfName.NEXT, refs[ptr + 1]);
outline.put(PdfName.TITLE, new PdfString((String)map.get("Title"), PdfObject.TEXT_UNICODE));
String color = (String)map.get("Color");
if (color != null) {
try {
PdfArray arr = new PdfArray();
StringTokenizer tk = new StringTokenizer(color);
for (int k = 0; k < 3; ++k) {
float f = Float.parseFloat(tk.nextToken());
if (f < 0) f = 0;
if (f > 1) f = 1;
arr.add(new PdfNumber(f));
}
outline.put(PdfName.C, arr);
} catch(Exception e){} //in case it's malformed
}
String style = (String)map.get("Style");
if (style != null) {
style = style.toLowerCase();
int bits = 0;
if (style.indexOf("italic") >= 0)
bits |= 1;
if (style.indexOf("bold") >= 0)
bits |= 2;
if (bits != 0)
outline.put(PdfName.F, new PdfNumber(bits));
}
createOutlineAction(outline, map, writer, namedAsNames);
writer.addToBody(outline, refs[ptr]);
}
return new Object[]{refs[0], refs[refs.length - 1], Integer.valueOf(count)};
}
}
|