From 11643744e63291208637c94a8029fbf32c8a69e8 Mon Sep 17 00:00:00 2001
From: Billy Zhou <zhoujiexiong@foxmail.com>
Date: Tue, 9 Jul 2024 18:13:15 +0800
Subject: [PATCH] fix(grpc-transcode): filter out illegal INT(string) formats
 (#11367)

---
 apisix-master-0.rockspec   |  2 +-
 t/plugin/grpc-transcode3.t | 51 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/apisix-master-0.rockspec b/apisix-master-0.rockspec
index ddd0d41e191f..75b90d9497e3 100644
--- a/apisix-master-0.rockspec
+++ b/apisix-master-0.rockspec
@@ -48,7 +48,7 @@ dependencies = {
     "lua-resty-session = 3.10",
     "opentracing-openresty = 0.1",
     "lua-resty-radixtree = 2.9.1",
-    "lua-protobuf = 0.5.0-1",
+    "lua-protobuf = 0.5.2-1",
     "lua-resty-openidc = 1.7.6-3",
     "luafilesystem = 1.7.0-2",
     "nginx-lua-prometheus-api7 = 0.20240201-1",
diff --git a/t/plugin/grpc-transcode3.t b/t/plugin/grpc-transcode3.t
index bd4164d3b5ae..0a8ddf54ded6 100644
--- a/t/plugin/grpc-transcode3.t
+++ b/t/plugin/grpc-transcode3.t
@@ -525,3 +525,54 @@ location /t {
         end
     }
 }
+
+
+
+=== TEST 13: bugfix - filter out illegal INT(string) formats
+--- config
+location /t {
+    content_by_lua_block {
+        local pcall = pcall
+        local require = require
+        local protoc = require("protoc")
+        local pb = require("pb")
+        local pb_encode = pb.encode
+
+        assert(protoc:load [[
+        syntax = "proto3";
+        message IntStringPattern {
+            int64 value = 1;
+        }]])
+
+        local patterns
+        do
+            local function G(pattern)
+                return {pattern, true}
+            end
+
+            local function B(pattern)
+                return {pattern, [[bad argument #2 to '?' (number/'#number' expected for field 'value', got string)]]}
+            end
+
+            patterns = {
+                G(1), G(2), G(-3), G("#123"), G("0xabF"), G("#-0x123abcdef"), G("-#0x123abcdef"), G("#0x123abcdef"), G("123"),
+                B("#a"), B("+aaa"), B("#aaaa"), B("#-aa"),
+            }
+        end
+
+        for _, p in pairs(patterns) do
+            local pattern = {
+                value = p[1],
+            }
+            local status, err = pcall(pb_encode, "IntStringPattern", pattern)
+            local res = status
+            if not res then
+                res = err
+            end
+            assert(res == p[2])
+        end
+        ngx.say("passed")
+    }
+}
+--- response_body
+passed