From dd1db2ec6b75a95bfab5e73a8f71fdb69bd54534 Mon Sep 17 00:00:00 2001
From: Miguel Grinberg <miguel.grinberg@gmail.com>
Date: Tue, 13 Apr 2021 00:33:52 +0100
Subject: [PATCH] Configure the JSON decoder for safer parsing

---
 engineio/client.py |  2 +-
 engineio/json.py   | 16 ++++++++++++++++
 engineio/packet.py |  2 +-
 3 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 engineio/json.py

diff --git a/engineio/client.py b/engineio/client.py
index d307a5d6..5cbcb75b 100644
--- a/engineio/client.py
+++ b/engineio/client.py
@@ -1,5 +1,5 @@
 from base64 import b64encode
-from json import JSONDecodeError
+from engineio.json import JSONDecodeError
 import logging
 try:
     import queue
diff --git a/engineio/json.py b/engineio/json.py
new file mode 100644
index 00000000..b97b3ccb
--- /dev/null
+++ b/engineio/json.py
@@ -0,0 +1,16 @@
+"""JSON-compatible module with sane defaults."""
+
+from json import *  # noqa: F401, F403
+from json import loads as original_loads
+
+
+def _safe_int(s):
+    if len(s) > 100:
+        raise ValueError('Integer is too large')
+    return int(s)
+
+
+def loads(*args, **kwargs):
+    if 'parse_int' not in kwargs:
+        kwargs['parse_int'] = _safe_int
+    return original_loads(*args, **kwargs)
diff --git a/engineio/packet.py b/engineio/packet.py
index 9dbd6c68..db6f9fb2 100644
--- a/engineio/packet.py
+++ b/engineio/packet.py
@@ -1,5 +1,5 @@
 import base64
-import json as _json
+from engineio import json as _json
 
 (OPEN, CLOSE, PING, PONG, MESSAGE, UPGRADE, NOOP) = (0, 1, 2, 3, 4, 5, 6)
 packet_names = ['OPEN', 'CLOSE', 'PING', 'PONG', 'MESSAGE', 'UPGRADE', 'NOOP']