Merge pull request #156 from netplex/add-flag

add flag to drop the limit of json depth
netplex · Jul 9, 2023 · 54eb6f0 · 54eb6f0
2 parents 2a7ba6e + 0a35821
commit 54eb6f0
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 10 deletions.
diff --git a/accessors-smart/pom.xml b/accessors-smart/pom.xml
@@ -17,7 +17,7 @@ limitations under the License.
     <modelVersion>4.0.0</modelVersion>
     <groupId>net.minidev</groupId>
     <artifactId>accessors-smart</artifactId>
-    <version>2.4.11</version>
+    <version>2.5.0</version>
     <name>ASM based accessors helper used by json-smart</name>
     <description>Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.</description>
     <packaging>bundle</packaging>

diff --git a/json-smart-action/pom.xml b/json-smart-action/pom.xml
@@ -2,7 +2,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>net.minidev</groupId>
     <artifactId>json-smart-action</artifactId>
-    <version>2.4.11</version>
+    <version>2.5.0</version>
     <name>JSON-smart-action Small and Fast Parser</name>
     <description>JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.</description>
     <packaging>bundle</packaging>
@@ -245,7 +245,7 @@
         <dependency>
             <groupId>net.minidev</groupId>
             <artifactId>json-smart</artifactId>
-            <version>2.4.11</version>
+            <version>2.5.0</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/json-smart/pom.xml b/json-smart/pom.xml
@@ -17,7 +17,7 @@ limitations under the License.
 	<modelVersion>4.0.0</modelVersion>
     <groupId>net.minidev</groupId>
 	<artifactId>json-smart</artifactId>
-	<version>2.4.11</version>
+	<version>2.5.0</version>
 	<name>JSON Small and Fast Parser</name>
 	<description>JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.</description>
 	<packaging>bundle</packaging>
@@ -260,7 +260,7 @@ limitations under the License.
 		<dependency>
 			<groupId>net.minidev</groupId>
 			<artifactId>accessors-smart</artifactId>
-            <version>2.4.11</version>
+            <version>2.5.0</version>
 		</dependency>
 	</dependencies>
 </project>
diff --git a/json-smart/src/main/java/net/minidev/json/parser/JSONParser.java b/json-smart/src/main/java/net/minidev/json/parser/JSONParser.java
@@ -93,6 +93,13 @@ public class JSONParser {
 	 * @since 2.4
 	 */
 	public final static int BIG_DIGIT_UNRESTRICTED = 2048;
+
+	/**
+	 * If limit the max depth of json size
+	 *
+	 * @since 2.5
+	 */
+	public static final int LIMIT_JSON_DEPTH = 4096;
 
 
 	/**
@@ -132,7 +139,7 @@ public class JSONParser {
 	/*
 	 * internal fields
 	 */
-	private int mode;
+	private final int mode;
 
 	private JSONParserInputStream pBinStream;
 	private JSONParserByteArray pBytes;

diff --git a/json-smart/src/main/java/net/minidev/json/parser/JSONParserBase.java b/json-smart/src/main/java/net/minidev/json/parser/JSONParserBase.java
@@ -91,6 +91,7 @@ abstract class JSONParserBase {
 	protected final boolean useIntegerStorage;
 	protected final boolean reject127;
 	protected final boolean unrestictBigDigit;
+	protected final boolean limitJsonDepth;
 
 	public JSONParserBase(int permissiveMode) {
 		this.acceptNaN = (permissiveMode & JSONParser.ACCEPT_NAN) > 0;
@@ -107,6 +108,7 @@ public JSONParserBase(int permissiveMode) {
 		this.checkTaillingSpace = (permissiveMode & JSONParser.ACCEPT_TAILLING_SPACE) == 0;
 		this.reject127 = (permissiveMode & JSONParser.REJECT_127_CHAR) > 0;
 		this.unrestictBigDigit = (permissiveMode & JSONParser.BIG_DIGIT_UNRESTRICTED) > 0;
+		this.limitJsonDepth = (permissiveMode & JSONParser.LIMIT_JSON_DEPTH) > 0;
 	}
 
 	public void checkControleChar() throws ParseException {
@@ -296,7 +298,7 @@ protected Number parseNumber(String s) throws ParseException {
 	protected <T> T readArray(JsonReaderI<T> mapper) throws ParseException, IOException {
 		if (c != '[')
 			throw new RuntimeException("Internal Error");
-		if (++this.depth > MAX_DEPTH) {
+		if (limitJsonDepth && ++this.depth > MAX_DEPTH) {
 			throw new ParseException(pos, ERROR_UNEXPECTED_JSON_DEPTH, c);
 		}
 		Object current = mapper.createArray();
@@ -553,7 +555,7 @@ protected <T> T readObject(JsonReaderI<T> mapper) throws ParseException, IOExcep
 		//
 		if (c != '{')
 			throw new RuntimeException("Internal Error");
-		if (++this.depth > MAX_DEPTH) {
+		if (limitJsonDepth && ++this.depth > MAX_DEPTH) {
 			throw new ParseException(pos, ERROR_UNEXPECTED_JSON_DEPTH, c);
 		}
 		Object current = mapper.createObject();

diff --git a/json-smart/src/test/java/net/minidev/json/test/TestOverflow.java b/json-smart/src/test/java/net/minidev/json/test/TestOverflow.java
@@ -2,10 +2,12 @@
 
 import net.minidev.json.JSONArray;
 import net.minidev.json.JSONValue;
+import net.minidev.json.parser.JSONParser;
 import net.minidev.json.parser.ParseException;
 
+import static net.minidev.json.parser.JSONParser.DEFAULT_PERMISSIVE_MODE;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
 
 import org.junit.jupiter.api.Test;
 
@@ -28,7 +30,27 @@ public void stressTest() throws Exception {
 			assertEquals(e.getErrorType(), ParseException.ERROR_UNEXPECTED_JSON_DEPTH);
 			return;
 		}
-		assertTrue(false);
+		fail();
+	}
+
+	@Test
+	public void shouldNotFailWhenInfiniteJsonDepth() throws Exception {
+		int size = 500;
+		StringBuilder sb = new StringBuilder(10 + size*4);
+		for (int i=0; i < size; i++) {
+			sb.append("{a:");
+		}
+		sb.append("true");
+		for (int i=0; i < size; i++) {
+			sb.append("}");
+		}
+		String s = sb.toString();
+		try {
+			JSONParser parser = new JSONParser(DEFAULT_PERMISSIVE_MODE & ~JSONParser.LIMIT_JSON_DEPTH);
+			parser.parse(s,  JSONValue.defaultReader.DEFAULT);
+		} catch (ParseException e) {
+			fail();
+		}
 	}
 
 	@Test