From 43b2569978ca806a174502609aa5e8e1f4d73ec4 Mon Sep 17 00:00:00 2001 From: Madjosz <28844868+Madjosz@users.noreply.github.com> Date: Wed, 4 Oct 2023 12:00:47 +0200 Subject: [PATCH] add validity check for JSONObject constructors * fixes #713 * document JSONException in JavaDoc * remove unused Comparable boundary to reuse GenericBean in test --- src/main/java/org/json/JSONObject.java | 6 +++++ .../java/org/json/junit/JSONObjectTest.java | 26 +++++++++++++++++-- .../java/org/json/junit/data/GenericBean.java | 2 +- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/json/JSONObject.java b/src/main/java/org/json/JSONObject.java index 72cdff253..ed44cdda0 100644 --- a/src/main/java/org/json/JSONObject.java +++ b/src/main/java/org/json/JSONObject.java @@ -283,6 +283,7 @@ public JSONObject(Map m) { } final Object value = e.getValue(); if (value != null) { + testValidity(value); this.map.put(String.valueOf(e.getKey()), wrap(value)); } } @@ -346,6 +347,8 @@ public JSONObject(Map m) { * @param bean * An object that has getter methods that should be used to make * a JSONObject. + * @throws JSONException + * If a getter returned a non-finite number. */ public JSONObject(Object bean) { this(); @@ -1691,6 +1694,8 @@ public String optString(String key, String defaultValue) { * * @param bean * the bean + * @throws JSONException + * If a getter returned a non-finite number. */ private void populateMap(Object bean) { populateMap(bean, Collections.newSetFromMap(new IdentityHashMap())); @@ -1726,6 +1731,7 @@ && isValidMethodName(method.getName())) { objectsRecord.add(result); + testValidity(result); this.map.put(key, wrap(result, objectsRecord)); objectsRecord.remove(result); diff --git a/src/test/java/org/json/junit/JSONObjectTest.java b/src/test/java/org/json/junit/JSONObjectTest.java index 01889d54b..0503dbb4f 100644 --- a/src/test/java/org/json/junit/JSONObjectTest.java +++ b/src/test/java/org/json/junit/JSONObjectTest.java @@ -9,6 +9,7 @@ import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; @@ -1972,7 +1973,7 @@ public void jsonObjectToStringIndent() { @Test public void jsonObjectToStringSuppressWarningOnCastToMap() { JSONObject jsonObject = new JSONObject(); - Map map = new HashMap(); + Map map = new HashMap<>(); map.put("abc", "def"); jsonObject.put("key", map); @@ -3283,7 +3284,7 @@ public void testSingletonEnumBean() { @SuppressWarnings("boxing") @Test public void testGenericBean() { - GenericBean bean = new GenericBean(42); + GenericBean bean = new GenericBean<>(42); final JSONObject jo = new JSONObject(bean); assertEquals(jo.keySet().toString(), 8, jo.length()); assertEquals(42, jo.get("genericValue")); @@ -3627,4 +3628,25 @@ public String toJSONString() { .put("b", 2); assertFalse(jo1.similar(jo3)); } + + private static final Number[] NON_FINITE_NUMBERS = { Double.POSITIVE_INFINITY, Double.NEGATIVE_INFINITY, Double.NaN, + Float.POSITIVE_INFINITY, Float.NEGATIVE_INFINITY, Float.NaN }; + + @Test + public void issue713MapConstructorWithNonFiniteNumbers() { + for (Number nonFinite : NON_FINITE_NUMBERS) { + Map map = new HashMap<>(); + map.put("a", nonFinite); + + assertThrows(JSONException.class, () -> new JSONObject(map)); + } + } + + @Test + public void issue713BeanConstructorWithNonFiniteNumbers() { + for (Number nonFinite : NON_FINITE_NUMBERS) { + GenericBean bean = new GenericBean<>(nonFinite); + assertThrows(JSONException.class, () -> new JSONObject(bean)); + } + } } diff --git a/src/test/java/org/json/junit/data/GenericBean.java b/src/test/java/org/json/junit/data/GenericBean.java index da6370d48..dd46b88e6 100644 --- a/src/test/java/org/json/junit/data/GenericBean.java +++ b/src/test/java/org/json/junit/data/GenericBean.java @@ -9,7 +9,7 @@ * @param * generic number value */ -public class GenericBean> implements MyBean { +public class GenericBean implements MyBean { /** * @param genericValue * value to initiate with