validate the length of names #1078
Conversation
pjfanning
commented
Aug 8, 2023
•
pjfanning
commented
- so far just a POC that only works with the UTF8StreamJsonParser and possibly NonBlockingUtf8JsonParsers
- start with 50,000 char limit on names (as a default, that can be adjusted by users)
- if this approach is ok, the other JsonParser implementations can be given the equivalent checks
- I have added some checks to the ReaderBasedJsonParser but we need more checks (while the name is being streamed)
- see Add configurable limit for the maximum length of Object property names to parse before failing (default max: 50,000 chars) #1047
|
@cowtowncoder are these changes on the right track? |
src/main/java/com/fasterxml/jackson/core/StreamReadConstraints.java
Outdated
Show resolved
Hide resolved
| _inputPtr = ptr+1; // to skip the quote | ||
| return _symbols.findSymbol(_inputBuffer, start, ptr - start, hash); | ||
| final int len = ptr - start; | ||
| _streamReadConstraints.validateNameLength(len); |
There was a problem hiding this comment.
Ideally we should only (have to) check length when adding new name in CharsToNameCanonicalizer (and byte-based counterpart); not for every time we decode a name.
But to do that would need to pass constraints... that might be doable in makeChild() method. Maybe adding new variant that takes JsonFactory, instead of flags.
src/main/java/com/fasterxml/jackson/core/json/UTF8StreamJsonParser.java
Outdated
Show resolved
Hide resolved
|
@pjfanning yes, this is pretty much along the lines I was thinking. The main concern would be trying to avoid checks for char-based names on every decoding -- seems like it'd make sense to move check into For byte/quad-based decoding I think checks on array expansion make sense; just need to pass byte-size, not quad size. |
I created #1086 |
|
Should have asked this before but... any chance to get EDIT: I'll merge |
src/main/java/com/fasterxml/jackson/core/json/async/NonBlockingUtf8JsonParserBase.java
Outdated
Show resolved
Hide resolved
|
@pjfanning Actually, I think this is good -- I can make minor changes after merge as I see fit. So if you think this is ready, please change to regular PR from draft? |
pjfanning
changed the title
|
@cowtowncoder should I move some of the UTF8StreamJsonParser parser checks to addName? The code there is a bit different because the ByteQuadsCanonicalizer doesn't validate the name length. |
| } | ||
| quads[qlen++] = currQuad; | ||
| } | ||
| _streamReadConstraints.validateNameLength(qlen << 2); |
There was a problem hiding this comment.
Yes, this could be instead moved to inside addName() which is only called if findName() does not find already canonicalized name.
Yes, I think moving those couple of cases to only validate in |
I moved the check to addName(). |
|
Thank you again @pjfanning ! This time merging to |
