Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add flag to drop the limit of json depth #156

Merged
merged 3 commits into from
Jul 9, 2023
Merged

add flag to drop the limit of json depth #156

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
da2e833
add flag to drop the limit of json depth
hezhangjian Jul 7, 2023
b50106e
remove extra new line
hezhangjian Jul 8, 2023
0a35821
bump the version
hezhangjian Jul 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion accessors-smart/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ limitations under the License.
<modelVersion>4.0.0</modelVersion>
<groupId>net.minidev</groupId>
<artifactId>accessors-smart</artifactId>
<version>2.4.11</version>
<version>2.5.0</version>
<name>ASM based accessors helper used by json-smart</name>
<description>Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.</description>
<packaging>bundle</packaging>
Expand Down
4 changes: 2 additions & 2 deletions json-smart-action/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>net.minidev</groupId>
<artifactId>json-smart-action</artifactId>
<version>2.4.11</version>
<version>2.5.0</version>
<name>JSON-smart-action Small and Fast Parser</name>
<description>JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.</description>
<packaging>bundle</packaging>
Expand Down Expand Up @@ -245,7 +245,7 @@
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>2.4.11</version>
<version>2.5.0</version>
</dependency>
</dependencies>
</project>
4 changes: 2 additions & 2 deletions json-smart/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ limitations under the License.
<modelVersion>4.0.0</modelVersion>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>2.4.11</version>
<version>2.5.0</version>
<name>JSON Small and Fast Parser</name>
<description>JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.</description>
<packaging>bundle</packaging>
Expand Down Expand Up @@ -260,7 +260,7 @@ limitations under the License.
<dependency>
<groupId>net.minidev</groupId>
<artifactId>accessors-smart</artifactId>
<version>2.4.11</version>
<version>2.5.0</version>
</dependency>
</dependencies>
</project>
9 changes: 8 additions & 1 deletion json-smart/src/main/java/net/minidev/json/parser/JSONParser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,13 @@ public class JSONParser {
* @since 2.4
*/
public final static int BIG_DIGIT_UNRESTRICTED = 2048;

/**
* If limit the max depth of json size
*
* @since 2.5
*/
public static final int LIMIT_JSON_DEPTH = 4096;


/**
Expand Down Expand Up @@ -132,7 +139,7 @@ public class JSONParser {
/*
* internal fields
*/
private int mode;
private final int mode;

private JSONParserInputStream pBinStream;
private JSONParserByteArray pBytes;
Expand Down
6 changes: 4 additions & 2 deletions json-smart/src/main/java/net/minidev/json/parser/JSONParserBase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ abstract class JSONParserBase {
protected final boolean useIntegerStorage;
protected final boolean reject127;
protected final boolean unrestictBigDigit;
protected final boolean limitJsonDepth;

public JSONParserBase(int permissiveMode) {
this.acceptNaN = (permissiveMode & JSONParser.ACCEPT_NAN) > 0;
Expand All @@ -107,6 +108,7 @@ public JSONParserBase(int permissiveMode) {
this.checkTaillingSpace = (permissiveMode & JSONParser.ACCEPT_TAILLING_SPACE) == 0;
this.reject127 = (permissiveMode & JSONParser.REJECT_127_CHAR) > 0;
this.unrestictBigDigit = (permissiveMode & JSONParser.BIG_DIGIT_UNRESTRICTED) > 0;
this.limitJsonDepth = (permissiveMode & JSONParser.LIMIT_JSON_DEPTH) > 0;
}

public void checkControleChar() throws ParseException {
Expand Down Expand Up @@ -296,7 +298,7 @@ protected Number parseNumber(String s) throws ParseException {
protected <T> T readArray(JsonReaderI<T> mapper) throws ParseException, IOException {
if (c != '[')
throw new RuntimeException("Internal Error");
if (++this.depth > MAX_DEPTH) {
if (limitJsonDepth && ++this.depth > MAX_DEPTH) {
throw new ParseException(pos, ERROR_UNEXPECTED_JSON_DEPTH, c);
}
Object current = mapper.createArray();
Expand Down Expand Up @@ -553,7 +555,7 @@ protected <T> T readObject(JsonReaderI<T> mapper) throws ParseException, IOExcep
//
if (c != '{')
throw new RuntimeException("Internal Error");
if (++this.depth > MAX_DEPTH) {
if (limitJsonDepth && ++this.depth > MAX_DEPTH) {
throw new ParseException(pos, ERROR_UNEXPECTED_JSON_DEPTH, c);
}
Object current = mapper.createObject();
Expand Down
26 changes: 24 additions & 2 deletions json-smart/src/test/java/net/minidev/json/test/TestOverflow.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@

import net.minidev.json.JSONArray;
import net.minidev.json.JSONValue;
import net.minidev.json.parser.JSONParser;
import net.minidev.json.parser.ParseException;

import static net.minidev.json.parser.JSONParser.DEFAULT_PERMISSIVE_MODE;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;

import org.junit.jupiter.api.Test;

Expand All @@ -28,7 +30,27 @@ public void stressTest() throws Exception {
assertEquals(e.getErrorType(), ParseException.ERROR_UNEXPECTED_JSON_DEPTH);
return;
}
assertTrue(false);
fail();
}

@Test
public void shouldNotFailWhenInfiniteJsonDepth() throws Exception {
int size = 500;
StringBuilder sb = new StringBuilder(10 + size*4);
for (int i=0; i < size; i++) {
sb.append("{a:");
}
sb.append("true");
for (int i=0; i < size; i++) {
sb.append("}");
}
String s = sb.toString();
try {
JSONParser parser = new JSONParser(DEFAULT_PERMISSIVE_MODE & ~JSONParser.LIMIT_JSON_DEPTH);
parser.parse(s, JSONValue.defaultReader.DEFAULT);
} catch (ParseException e) {
fail();
}
}

@Test
Expand Down