billdavidson / jsonutil Goto Github PK
View Code? Open in Web Editor NEWJSON generation and parsing utility library for Java.
Home Page: http://kopitubruk.org/JSONUtil/
JSON generation and parsing utility library for Java.
Home Page: http://kopitubruk.org/JSONUtil/
The order of arguments to format() does not match the order in the resource bundle for "unrecognizedData".
Exception in thread "main" java.util.IllegalFormatConversionException: d != java.lang.String
at java.util.Formatter$FormatSpecifier.failConversion(Unknown Source)
at java.util.Formatter$FormatSpecifier.printInteger(Unknown Source)
at java.util.Formatter$FormatSpecifier.print(Unknown Source)
at java.util.Formatter.format(Unknown Source)
at java.util.Formatter.format(Unknown Source)
at java.lang.String.format(Unknown Source)
at org.kopitubruk.util.json.JSONParserException.internalGetMessage(JSONParserException.java:133)
at org.kopitubruk.util.json.JSONException.getLocalizedMessage(JSONException.java:80)
Backslashes in string values of a map (e.g. a Windows path) are not correctly escaped if the backslash together with the next char might be an escape sequence.. Example:
map.put( "path", "c:\temp\next\path\realdummy.doc" );
is serialized as
{"path":"c:\temp\next\path\realdummy.doc"}
and after parsing it is printed as
"c: emp
ext\path
ealdummy.doc"
Tested with JSONUtil 1.7.,1 (Java7). See attachment for complete example
JSONTest.zip
Expected: The string value must be returned unchanged.
If it is not possible to change the behavior due to compatibility issues, I would suggest to add a config setting for this.
Using jsonutil to parse untrusted JSON String may be vulnerable to denial of service (DOS) attacks. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Exception in thread "main" java.lang.StackOverflowError
at net.pwall.util.ParseText.skipSpaces(ParseText.java:1072)
at net.pwall.json.JSON.parse(JSON.java:535)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
at net.pwall.json.JSON.parse(JSON.java:567)
<dependency>
<groupId>net.pwall.json</groupId>
<artifactId>jsonutil</artifactId>
<version>5.0</version>
</dependency>
import net.pwall.json.JSON;
public class PoC {
public final static int TOO_DEEP_NESTING = 9999;
public final static String TOO_DEEP_DOC = _nestedDoc(TOO_DEEP_NESTING, "[ ", "] ", "0");
public static String _nestedDoc(int nesting, String open, String close, String content) {
StringBuilder sb = new StringBuilder(nesting * (open.length() + close.length()));
for (int i = 0; i < nesting; ++i) {
sb.append(open);
if ((i & 31) == 0) {
sb.append("\n");
}
}
sb.append("\n").append(content).append("\n");
for (int i = 0; i < nesting; ++i) {
sb.append(close);
if ((i & 31) == 0) {
sb.append("\n");
}
}
return sb.toString();
}
public static void main(String[] args) {
String jsonString = TOO_DEEP_DOC;
JSON.parse(jsonString);
}
}
Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (FasterXML/jackson-databind@fcfc499)
Refer to the GSON solution: Change the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing.((google/gson@2d01d6a20f39881c692977564c1ea591d9f39027))
It would be nice to have support for JavaScript comments in the JSON parser. It is outside the JSON specification, but could be triggered with an additional parser option.
java.lang.NullPointerException
at org.kopitubruk.util.json.JSONUtil.isRecursible(JSONUtil.java:396)
at org.kopitubruk.util.json.JSONUtil.appendObjectPropertyValue(JSONUtil.java:453)
at org.kopitubruk.util.json.JSONUtil.appendRecursiblePropertyValue(JSONUtil.java:422)
at org.kopitubruk.util.json.JSONUtil.appendPropertyValue(JSONUtil.java:382)
isRecursible should just return false if the value is null
JSON parsing fails if the JSON string contains newlines (\r or \n) or tabs (\t) as whitespace, which is allowed according to RFC 4627.
The reason is probably line 462 in JSONParser:
while ((codePoint >= 0) && (Character.isSpaceChar(codePoint)))
I think this should be Character.isWhitespace(codePoint).
The LINE_SEPARATOR mentioned in javadoc of isSpaceChar is not one of the usual ones, but \u2028.
We have to read and write the following JSON snippet from a real world REST service (IBM cloud):
{
"k:{\"foo\":\"bar\"}": {
".": {},
"f:x": {}
}
}
We do not validate the property names, because the names often contain white spaces or dots and the JSON spec does not require the property names to be valid identifiers. However, if we read this snippet and write it again, the resulting JSON is invalid, because the quotes in the property name are no longer escaped:
JSONConfig config = new JSONConfig();
config.setValidatePropertyNames(false);
Object map = JSONParser.parseJSON(jsonIn, config);
String jsonOut = JSONUtil.toJSON(map, config);
jsonOut is now:
{
"k:{"foo":"bar"}": {
".": {},
"f:x": {}
}
}
Even if JSONUtil does not validate the property name, it should nevertheless generate a valid JSON label and escape embedded quotes.
Example: Parsing of [1.1,2.2,-3.134598765,4.0] results in JSONParseException "Unrecognized data starting with: [1.1,2.2,-3.134598765,4.0] and the error marker pointing to the '.' in 4.0.
The reason seems to be in JAVASCRIPT_FLOATING_POINT_PAT, it does not accept ']' as terminator for a number, only comma and whitespace.
I think the last group of the pattern should be "([,\s]}]|$)" instead of "([,\s}]|$)"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.