From 3dcd5b2fabe34af5b9f669198504c9335483bcb8 Mon Sep 17 00:00:00 2001 From: rikkarth Date: Sun, 21 Apr 2024 11:03:15 +0100 Subject: [PATCH] fix(#887): double array breaking JSONTokener.nextValue change(#887): input validation --- src/main/java/org/json/JSONArray.java | 30 +++++++++---------- src/main/java/org/json/JSONTokener.java | 9 +++--- .../junit/JSONParserConfigurationTest.java | 1 + 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/main/java/org/json/JSONArray.java b/src/main/java/org/json/JSONArray.java index 3cb18bc..8cbc4d2 100644 --- a/src/main/java/org/json/JSONArray.java +++ b/src/main/java/org/json/JSONArray.java @@ -133,6 +133,17 @@ public class JSONArray implements Iterable { case ']': if (jsonParserConfiguration.isStrictMode()) { nextChar = x.nextClean(); + + if (nextChar == ','){ + x.back(); + return; + } + + if (nextChar == ']'){ + x.back(); + return; + } + if (nextChar != 0) { throw x.syntaxError("invalid character found after end of array: " + nextChar); } @@ -161,27 +172,14 @@ public class JSONArray implements Iterable { char cursor = x.getPrevious(); boolean isEndOfArray = cursor == ']'; - boolean nextCharacterIsNotEoF = x.nextClean() != 0; + char nextChar = x.nextClean(); + boolean nextCharacterIsNotEoF = nextChar != 0; if (isEndOfArray && nextCharacterIsNotEoF) { - String completeInput = collectCompleteInput(x); - throw new JSONException("Provided Array is not compliant with strict mode guidelines: " + completeInput); + throw x.syntaxError(String.format("Provided Array is not compliant with strict mode guidelines: '%s'", nextChar)); } } - private String collectCompleteInput(JSONTokener x) { - String nonCompliantStringAfterArray = collectNonCompliantStringAfterArray(x); - return myArrayList + nonCompliantStringAfterArray; - } - - private String collectNonCompliantStringAfterArray(JSONTokener x) { - StringBuilder sb = new StringBuilder().append(x.getPrevious()); - while(x.nextClean() != 0){ - sb.append(x.getPrevious()); - } - return sb.toString(); - } - /** * Construct a JSONArray from a source JSON text. * diff --git a/src/main/java/org/json/JSONTokener.java b/src/main/java/org/json/JSONTokener.java index 078e016..2722092 100644 --- a/src/main/java/org/json/JSONTokener.java +++ b/src/main/java/org/json/JSONTokener.java @@ -440,7 +440,7 @@ public class JSONTokener { case '[': this.back(); try { - return new JSONArray(this); + return new JSONArray(this, jsonParserConfiguration); } catch (StackOverflowError e) { throw new JSONException("JSON Array or Object depth too large to process.", e); } @@ -516,6 +516,10 @@ public class JSONTokener { String string = sb.toString().trim(); + if (string.isEmpty()) { + throw this.syntaxError("Missing value"); + } + if (strictMode) { boolean isBooleanOrNumeric = checkIfValueIsBooleanOrNumeric(string); @@ -526,9 +530,6 @@ public class JSONTokener { throw new JSONException(String.format("Value is not surrounded by quotes: %s", string)); } - if (string.isEmpty()) { - throw this.syntaxError("Missing value"); - } return JSONObject.stringToValue(string); } diff --git a/src/test/java/org/json/junit/JSONParserConfigurationTest.java b/src/test/java/org/json/junit/JSONParserConfigurationTest.java index b4f0c4d..f36f4cf 100644 --- a/src/test/java/org/json/junit/JSONParserConfigurationTest.java +++ b/src/test/java/org/json/junit/JSONParserConfigurationTest.java @@ -218,6 +218,7 @@ public class JSONParserConfigurationTest { */ private List getNonCompliantJSONList() { return Arrays.asList( + "[[a]]", "[]asdf", "[]]", "[]}",