From 9d6dbbccf07fa5f30cb82a79757320fd9221f048 Mon Sep 17 00:00:00 2001
From: Luis Majano <lmajano@gmail.com>
Date: Tue, 21 May 2024 15:38:35 +0200
Subject: [PATCH] small defensive programming

---
 .../bifs/global/math/PrecisionEvaluate.java   | 27 +++++++++++++------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/main/java/ortus/boxlang/runtime/bifs/global/math/PrecisionEvaluate.java b/src/main/java/ortus/boxlang/runtime/bifs/global/math/PrecisionEvaluate.java
index 5c5b28ee4..586b5ca92 100644
--- a/src/main/java/ortus/boxlang/runtime/bifs/global/math/PrecisionEvaluate.java
+++ b/src/main/java/ortus/boxlang/runtime/bifs/global/math/PrecisionEvaluate.java
@@ -17,6 +17,10 @@
  */
 package ortus.boxlang.runtime.bifs.global.math;
 
+import java.math.BigDecimal;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import ortus.boxlang.runtime.bifs.BIF;
 import ortus.boxlang.runtime.bifs.BoxBIF;
 import ortus.boxlang.runtime.context.IBoxContext;
@@ -24,13 +28,15 @@
 import ortus.boxlang.runtime.scopes.Key;
 import ortus.boxlang.runtime.types.Argument;
 import ortus.boxlang.runtime.types.exceptions.BoxRuntimeException;
-import java.math.BigDecimal;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 @BoxBIF
 public class PrecisionEvaluate extends BIF {
 
+	/**
+	 * Our expression regex parser
+	 */
+	private static final Pattern pattern = Pattern.compile( "^[0-9+\\-*/^%\\\\()\\s]*(MOD\\s*)?[0-9+\\-*/^%\\\\()\\s]*$" );
+
 	/**
 	 * Constructor
 	 */
@@ -55,14 +61,19 @@ public PrecisionEvaluate() {
 	 */
 	public Object _invoke( IBoxContext context, ArgumentsScope arguments ) {
 		String	expressions	= arguments.getAsString( Key.expressions );
-		String	regex		= "^[0-9+\\-*/^%\\\\()\\s]*(MOD\\s*)?[0-9+\\-*/^%\\\\()\\s]*$";
-		Pattern	pattern		= Pattern.compile( regex );
 		Matcher	matcher		= pattern.matcher( expressions );
 		// make sure we are maths before we execute to stop any bad actors
 		if ( matcher.matches() ) {
-			Double		results			= ( double ) runtime.executeStatement( expressions, context );
-			BigDecimal	finalResults	= BigDecimal.valueOf( results );
-			return finalResults;
+			Double results;
+			try {
+				results = ( double ) runtime.executeStatement( expressions, context );
+			} catch ( Exception e ) {
+				throw new BoxRuntimeException(
+				    "Error evaluating expression: " + e.getMessage(),
+				    e
+				);
+			}
+			return BigDecimal.valueOf( results );
 		} else {
 			throw new BoxRuntimeException( "The expressions provided are not valid" );
 		}