Merge remote-tracking branch 'origin/candidate-9.10.x' into candidate-9.12.x

Signed-off-by: Gordon Smith <[email protected]>

# Conflicts:
#	helm/hpcc/Chart.yaml
#	helm/hpcc/templates/_helpers.tpl
#	version.cmake

Author: GordonSmith

.github/workflows/build-assets.yml

@@ -99,6 +99,9 @@ jobs:
   build-docker-community:
     name: Build Docker Community
     needs: preamble
+    permissions:
+      contents: write
+      actions: write
     strategy:
       matrix:
         os: [ ubuntu-24.04, ubuntu-22.04, ubuntu-20.04, rockylinux-8 ]
@@ -124,6 +127,9 @@ jobs:
   build-docker-internal:
     name: Build Docker Internal
     needs: preamble
+    permissions:
+      contents: read
+      actions: write
     strategy:
       matrix:
         os: [ ubuntu-24.04, ubuntu-22.04, ubuntu-20.04, rockylinux-8, centos-7 ]
@@ -150,6 +156,9 @@ jobs:
   build-docker-enterprise:
     name: Build Docker Enterprise
     needs: preamble
+    permissions:
+      contents: read
+      actions: write
     strategy:
       matrix:
         os: [ ubuntu-24.04, ubuntu-22.04 ]
@@ -162,6 +171,9 @@ jobs:
 
   build-documentation:
     needs: preamble
+    permissions:
+      contents: write
+      actions: write
     uses: ./.github/workflows/build-documentation.yml
     with:
       community-ref: ${{ needs.preamble.outputs.community_ref }}
@@ -176,6 +188,9 @@ jobs:
 
   build-clienttools-community-macos:
     needs: preamble
+    permissions:
+      contents: write
+      actions: write
     uses: ./.github/workflows/build-clienttools-macos-13.yml
     with:
       community-ref: ${{ needs.preamble.outputs.community_ref }}
@@ -184,6 +199,9 @@ jobs:
 
   build-clienttools-internal-macos:
     needs: preamble
+    permissions:
+      contents: read
+      actions: write
     uses: ./.github/workflows/build-clienttools-macos-13.yml
     with:
       community-ref: ${{ needs.preamble.outputs.community_ref }}
@@ -193,6 +211,9 @@ jobs:
 
   build-clienttools-community-windows:
     needs: preamble
+    permissions:
+      contents: write
+      actions: write
     uses: ./.github/workflows/build-clienttools-windows-2022.yml
     with:
       community-ref: ${{ needs.preamble.outputs.community_ref }}
@@ -203,6 +224,9 @@ jobs:
 
   build-clienttools-internal-windows:
     needs: preamble
+    permissions:
+      contents: read
+      actions: write
     uses: ./.github/workflows/build-clienttools-windows-2022.yml
     with:
       community-ref: ${{ needs.preamble.outputs.community_ref }}
@@ -212,6 +236,9 @@ jobs:
 
   build-bare-metal-eclide:
     needs: [ preamble, build-clienttools-community-windows, build-documentation ]
+    permissions:
+      contents: write
+      actions: write
     uses: ./.github/workflows/build-eclide.yml
     with:
       community-ref: ${{ needs.preamble.outputs.community_ref }}
@@ -223,6 +250,8 @@ jobs:
 
   changelogs:
     needs: preamble
+    permissions:
+      contents: write
     uses: ./.github/workflows/build-changelogs.yml
     with:
       current-version: ${{ needs.preamble.outputs.hpcc_version_full }}

.github/workflows/build-changelogs.yml

@@ -33,6 +33,8 @@ jobs:
     name: Generate Changelogs
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'hpcc-systems' }}
+    permissions:
+      contents: write
     steps:
       - name: Checkout HPCC-Platform
         uses: actions/checkout@v4

.github/workflows/build-clienttools-macos-13.yml

@@ -41,7 +41,7 @@ jobs:
       - name: Dependencies
         shell: "bash"
         run: |
-          brew install bison flex pkg-config autoconf autoconf-archive automake libtool cmake openjdk@11
+          brew install bison flex autoconf-archive automake openjdk@11
 
       - name: Remove builtin vcpkg
         shell: "bash"

.github/workflows/build-vcpkg.yml

@@ -55,6 +55,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+  actions: write
+
 jobs:
 
   build-workflow-dispatch:

.github/workflows/test-documentation.yml

@@ -27,6 +27,10 @@ on:
         required: false
         default: 'Documentation'
 
+permissions:
+  contents: read
+  actions: write
+
 jobs:
   build-documentation:
     name: Build Documentation

common/roxiecommlib/roxiecommunicationclient.cpp

@@ -176,13 +176,6 @@ class CRoxieCommunicationClient: implements IRoxieCommunicationClient, public CI
             throw me.getClear();
     }
 
-    unsigned waitMsToSeconds(unsigned wait)
-    {
-        if (wait==0 || wait==(unsigned)-1)
-            return wait;
-        return wait/1000;
-    }
-
     unsigned remainingMsWait(unsigned wait, unsigned start)
     {
         if (wait==0 || wait==(unsigned)-1)
@@ -338,17 +331,16 @@ class CRoxieCommunicationClient: implements IRoxieCommunicationClient, public CI
         sock->write(&len, sizeof(len));
         sock->write(msg, msglen);
 
+        CCycleTimer timer;
         StringBuffer resp;
         for (;;)
         {
-            sock->read(&len, sizeof(len));
+            size32_t size_read;
+            sock->readtms(&len, sizeof(len), sizeof(len), size_read, timer.remainingMs(wait));
             if (!len)
                 break;
             _WINREV(len);
-            size32_t size_read;
-            sock->read(resp.reserveTruncate(len), len, len, size_read, waitMsToSeconds(wait));
-            if (size_read<len)
-                throw MakeStringException(-1, "Error reading roxie control message response");
+            sock->readtms(resp.reserveTruncate(len), len, len, size_read, timer.remainingMs(wait));
         }
 
         Owned<IPropertyTree> ret = createPTreeFromXMLString(resp.str());

esp/services/ws_smc/CMakeLists.txt

@@ -63,6 +63,7 @@ include_directories (
          ${CMAKE_BINARY_DIR}/oss
          ${HPCC_SOURCE_DIR}/common/thorhelper
          ${HPCC_SOURCE_DIR}/esp/espcommon
+         ${HPCC_SOURCE_DIR}/testing/unittests
     )
 
 ADD_DEFINITIONS( -D_USRDLL -DWS_SMC_EXPORTS -DWSSMC_API_LOCAL -DESP_SERVICE_WsSMC)

esp/services/ws_smc/ws_smcService.cpp

@@ -33,6 +33,7 @@
 
 #include "roxiecontrol.hpp"
 #include "workunit.hpp"
+#include "junicode.hpp"
 
 #define STATUS_SERVER_THOR "ThorMaster"
 #define STATUS_SERVER_HTHOR "HThorServer"
@@ -1031,23 +1032,158 @@ bool CWsSMCEx::onIndex(IEspContext &context, IEspSMCIndexRequest &req, IEspSMCIn
     return true;
 }
 
-void CWsSMCEx::readBannerAndChatRequest(IEspContext& context, IEspActivityRequest &req, IEspActivityResponse& resp)
+// Output encoding to include in a Javascript block.
+// Follows OWASP guidance: keep [A-Za-z0-9], escape other printable ASCII as \uXXXX,
+// properly escape non-ASCII by decoding UTF-8 first. Also drop ASCII control chars
+// to maintain existing behavior.
+StringBuffer& encodeJavascript(const char* value, StringBuffer& encoded)
 {
-    StringBuffer chatURLStr, bannerStr;
-    const char* chatURL = req.getChatURL();
-    const char* banner = req.getBannerContent();
-    //Filter out invalid chars
-    if (chatURL && *chatURL)
+    if (isEmptyString(value))
+        return encoded;
+
+    const byte *p = reinterpret_cast<const byte *>(value);
+    const byte *end = p + strlen(value);
+
+    while (p < end)
     {
-        const char* pStr = chatURL;
-        unsigned len = strlen(chatURL);
-        for (unsigned i = 0; i < len; i++)
+        UTF32 cp = readUtf8Character((unsigned)(end - p), p); // advances p safely
+
+        if (cp == sourceIllegal)
         {
-            if (isprint(*pStr))
-                chatURLStr.append(*pStr);
-            pStr++;
+            encoded.append("\\uFFFD");
+            p++;
+            continue;
+        }
+
+        if (cp < 0x80)
+        {
+            // ASCII branch: preserve alnum, escape other printable ASCII, drop controls
+            unsigned char ch = static_cast<unsigned char>(cp);
+            if (isalnum(ch))
+                encoded.append(ch);
+            else if (isprint(ch))
+                encoded.appendf("\\u%04X", ch);
+            // else: non-printable ASCII -> omit
+        }
+        else if (cp <= 0xFFFF)
+        {
+            // BMP: escape as \uXXXX, but avoid lone surrogates
+            if (cp >= 0xD800 && cp <= 0xDFFF)
+                encoded.append("\\uFFFD");
+            else
+                encoded.appendf("\\u%04X", static_cast<unsigned>(cp));
         }
+        else if (cp <= 0x10FFFF)
+        {
+            // Supplementary planes: escape as UTF-16 surrogate pair
+            unsigned u = static_cast<unsigned>(cp - 0x10000);
+            unsigned high = 0xD800 + (u >> 10);
+            unsigned low  = 0xDC00 + (u & 0x3FF);
+            encoded.appendf("\\u%04X\\u%04X", high, low);
+        }
+        else
+        {
+            // Out of Unicode range
+            encoded.append("\\uFFFD");
+        }
+
+        if (cp == sourceExhausted)
+            break;
+    }
+
+    return encoded;
+}
+
+
+#ifdef _USE_CPPUNIT
+
+#include "unittests.hpp"
+
+class EncodeJavascriptTest : public CppUnit::TestFixture
+{
+    CPPUNIT_TEST_SUITE( EncodeJavascriptTest );
+        CPPUNIT_TEST(testAsciiAlnum);
+        CPPUNIT_TEST(testAsciiPrintableEscaped);
+        CPPUNIT_TEST(testAsciiControlDropped);
+        CPPUNIT_TEST(testUtf8Bmp);
+        CPPUNIT_TEST(testUtf8Supplementary);
+        CPPUNIT_TEST(testInvalidUtf8);
+        CPPUNIT_TEST(testOutOfRange);
+    CPPUNIT_TEST_SUITE_END();
+
+    static void assertEncoded(const char *input, const char *expected)
+    {
+        StringBuffer out;
+        encodeJavascript(input, out);
+        ASSERT_EQUAL(std::string(out.str()), std::string(expected));
+    }
+
+    void testAsciiAlnum()
+    {
+        assertEncoded("Az09", "Az09");
+    }
+
+    void testAsciiPrintableEscaped()
+    {
+        // space, dash, underscore, dot should be escaped
+        assertEncoded(" -_.", "\\u0020\\u002D\\u005F\\u002E");
+    }
+
+    void testAsciiControlDropped()
+    {
+        StringBuffer in;
+        in.append('A').append((char)0x0A).append('B').append((char)0x09).append('C'); // A\nB\tC
+        assertEncoded(in.str(), "ABC");
+    }
+
+    void testUtf8Bmp()
+    {
+        // U+00E9 (é) -> \u00E9; U+4E2D (中) -> \u4E2D
+        StringBuffer in;
+        in.append(" "); // leading space to ensure escaping of ASCII printable
+        in.append((char)0xC3).append((char)0xA9); // é
+        in.append(" ");
+        in.append((char)0xE4).append((char)0xB8).append((char)0xAD); // 中
+        assertEncoded(in.str(), "\\u0020\\u00E9\\u0020\\u4E2D");
+    }
+
+    void testUtf8Supplementary()
+    {
+        // U+1F600 GRINNING FACE -> surrogate pair \uD83D\uDE00
+        StringBuffer in;
+        in.append((char)0xF0).append((char)0x9F).append((char)0x98).append((char)0x80);
+        assertEncoded(in.str(), "\\uD83D\\uDE00");
     }
+
+    void testInvalidUtf8()
+    {
+        // Lone continuation byte 0x80 and truncated sequence 0xC2 at end -> each becomes \uFFFD
+        StringBuffer in;
+        in.append((char)0x80).append('X').append((char)0xC2);
+        assertEncoded(in.str(), "\\uFFFDX\\uFFFD");
+    }
+
+    void testOutOfRange()
+    {
+        // U+10FFFF is the highest Unicode code point
+        StringBuffer in;
+        in.append((char)0xF4).append((char)0x90).append((char)0x80).append((char)0x80); // U+110000
+        assertEncoded(in.str(), "\\uFFFD\\uFFFD\\uFFFD\\uFFFD");
+    }
+};
+
+CPPUNIT_TEST_SUITE_REGISTRATION( EncodeJavascriptTest );
+CPPUNIT_TEST_SUITE_NAMED_REGISTRATION( EncodeJavascriptTest, "EncodeJavascriptTest" );
+
+#endif // _USE_CPPUNIT
+
+void CWsSMCEx::readBannerAndChatRequest(IEspContext& context, IEspActivityRequest &req, IEspActivityResponse& resp)
+{
+    StringBuffer chatURLStr, bannerStr;
+    const char* chatURL = req.getChatURL();
+    const char* banner = req.getBannerContent();
+    //Filter out invalid chars and encode for safe assignment to javascript variable
+    encodeJavascript(chatURL, chatURLStr);
     if (banner && *banner)
     {
         const char* pStr = banner;