Bugfix: Handle arbitrary UTF-8 characters in strings (before only ASCII characters were recognized).

Author: muukong

src/main/java/com/muukong/burp/BurpWebRpcRequestHandler.java

@@ -84,8 +84,7 @@ public void setRequestResponse(HttpRequestResponse httpRequestResponse) {
             grpcWebRequestResponse = GrpcWebRequestResponse.fromGrpcWebProto(body.getBytes());
         }
 
-        String output = grpcWebRequestResponse.prettyPrint();
-        requestEditor.setContents(ByteArray.byteArray(output.getBytes()));
+        requestEditor.setContents(ByteArray.byteArray(grpcWebRequestResponse.prettyPrint()));
     }
 
     @Override

src/main/java/com/muukong/protobuf/PBDisassembler.java

@@ -3,6 +3,11 @@
 import com.muukong.util.Util;
 
 import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.nio.charset.CharacterCodingException;
+import java.nio.charset.CharsetDecoder;
+import java.nio.charset.CodingErrorAction;
+import java.nio.charset.StandardCharsets;
 
 /**
  * A disassembler for protobuf messages that on input a protobuf message attempts to disassemble it
@@ -215,35 +220,46 @@ private ISerializable disassembleLen(int fieldNumber) {
 
         final int length = disassembleVarInt().toInt();   // We can (rather) safely assume that the length fits into an int
 
-        int printableTokens = 0;
-        for ( int i = 0; i < length; ++i ) {
-            byte token = input[cursor + i];
-            if ( Util.isPrintable(token) )
-                ++printableTokens;
+        // An empty LEN field is unambiguously an empty string — skip all heuristics.
+        if ( length == 0 ) {
+            return new PBString("");
         }
 
         /*
          The following heuristic is employed:
-         (1) If all characters are printable, disassemble it as a string and exit.
+         (1) If all characters are printable UTF-8 characters, disassemble it as a string and exit.
          (2) Otherwise, attempt to parse bytes as sub-message. Exit on success.
          (3) Otherwise, attempt to parse message as packed repeated fields. Exit on success.
          (4) Otherwise, consume `length` bytes (this should always succeed) and continue
         */
 
-        final boolean isString = printableTokens == length; // TODO: can this heuristic be improved?
-
-        // Case (1)
-        if ( isString ) {
-
-            StringBuilder sb = new StringBuilder();
-            for ( int i = 0; i < length; ++i ) {
-                byte b = input[cursor + i];
-                sb.append((char) b);
+        // Case (1): try to decode as UTF-8 and verify all characters are printable
+        boolean isString = false;
+        String stringValue = null;
+        {
+            CharsetDecoder decoder = StandardCharsets.UTF_8.newDecoder()
+                                                     .onMalformedInput(CodingErrorAction.REPORT)
+                                                     .onUnmappableCharacter(CodingErrorAction.REPORT);
+            try {
+                stringValue = decoder.decode(ByteBuffer.wrap(input, cursor, length)).toString();
+                // Reject strings that contain non-printable control characters
+                // (allow common whitespace: tab=0x09, LF=0x0A, CR=0x0D)
+                isString = true;
+                for ( int i = 0; i < stringValue.length(); ++i ) {
+                    char c = stringValue.charAt(i);
+                    if ( c < 0x09 || (c > 0x0D && c < 0x20) || c == 0x7F ) {
+                        isString = false;
+                        break;
+                    }
+                }
+            } catch ( CharacterCodingException e ) {
+                isString = false;
             }
+        }
 
+        if ( isString ) {
             cursor += length;
-
-            return new PBString( sb.toString() );
+            return new PBString( stringValue );
         }
 
         // Case (2)

src/main/java/com/muukong/protobuf/PBString.java

@@ -3,6 +3,7 @@
 import com.muukong.parsing.IParseable;
 import com.muukong.util.Util;
 
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -34,13 +35,7 @@ public String prettyPrint(String indent) {
 
     @Override
     public byte[] serializeValue() {
-
-        byte[] valueBytes = new byte[value.length()];
-
-        for ( int i = 0; i < value.length(); ++i )
-            valueBytes[i] = (byte) value.charAt(i);
-
-        return valueBytes;
+        return value.getBytes(StandardCharsets.UTF_8);
     }
 
     @Override
@@ -53,12 +48,12 @@ public byte[] serializeValueWithFieldNumber(int fieldNumber) {
         byte[] tagBytes = new PBVarInt(tag).serializeValue();
         result.addAll( Util.convertToList(tagBytes) );
 
-        // Append string length encoded in VARINT format (without prefix)
-        byte[] lengthBytes = new PBVarInt(value.length()).serializeValue();
+        // Append string byte length encoded in VARINT format (use byte count, not char count)
+        byte[] stringBytes = serializeValue();
+        byte[] lengthBytes = new PBVarInt(stringBytes.length).serializeValue();
         result.addAll(Util.convertToList(lengthBytes));
 
         // Append string value itself
-        byte[] stringBytes = serializeValue();
         result.addAll(Util.convertToList(stringBytes));
 
         return Util.convertToArray(result);