Backups/JSON-java
1
0
Fork 0
mirror of https://github.com/stleary/JSON-java.git synced 2025-08-03 03:15:32 -04:00
Code Issues Projects Releases Wiki Activity

fix(#887): double array breaking JSONTokener.nextValue

Browse Source 
change(#887): input validation
This commit is contained in:
rikkarth 2024-04-21 11:03:15 +01:00
parent ce074e9f9a
commit 3dcd5b2fab
No known key found for this signature in database
GPG Key ID: 11E5F28B0AED6AC7
3 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/main/java/org/json/JSONArray.java
View File

@ -133,6 +133,17 @@ public class JSONArray implements Iterable<Object> {
case ']': case ']':
if (jsonParserConfiguration.isStrictMode()) { if (jsonParserConfiguration.isStrictMode()) {
nextChar = x.nextClean(); nextChar = x.nextClean();
if (nextChar == ','){
x.back();
return;
}
if (nextChar == ']'){
x.back();
return;
}
if (nextChar != 0) { if (nextChar != 0) {
throw x.syntaxError("invalid character found after end of array: " + nextChar); throw x.syntaxError("invalid character found after end of array: " + nextChar);
} }
@ -161,27 +172,14 @@ public class JSONArray implements Iterable<Object> {
char cursor = x.getPrevious(); char cursor = x.getPrevious();
boolean isEndOfArray = cursor == ']'; boolean isEndOfArray = cursor == ']';
boolean nextCharacterIsNotEoF = x.nextClean() != 0; char nextChar = x.nextClean();
boolean nextCharacterIsNotEoF = nextChar != 0;
if (isEndOfArray && nextCharacterIsNotEoF) { if (isEndOfArray && nextCharacterIsNotEoF) {
String completeInput = collectCompleteInput(x); throw x.syntaxError(String.format("Provided Array is not compliant with strict mode guidelines: '%s'", nextChar));
throw new JSONException("Provided Array is not compliant with strict mode guidelines: " + completeInput);
} }
} }
private String collectCompleteInput(JSONTokener x) {
String nonCompliantStringAfterArray = collectNonCompliantStringAfterArray(x);
return myArrayList + nonCompliantStringAfterArray;
}
private String collectNonCompliantStringAfterArray(JSONTokener x) {
StringBuilder sb = new StringBuilder().append(x.getPrevious());
while(x.nextClean() != 0){
sb.append(x.getPrevious());
}
return sb.toString();
}
/** /**
* Construct a JSONArray from a source JSON text. * Construct a JSONArray from a source JSON text.
* *

9
src/main/java/org/json/JSONTokener.java
View File

@ -440,7 +440,7 @@ public class JSONTokener {
case '[': case '[':
this.back(); this.back();
try { try {
return new JSONArray(this); return new JSONArray(this, jsonParserConfiguration);
} catch (StackOverflowError e) { } catch (StackOverflowError e) {
throw new JSONException("JSON Array or Object depth too large to process.", e); throw new JSONException("JSON Array or Object depth too large to process.", e);
} }
@ -516,6 +516,10 @@ public class JSONTokener {
String string = sb.toString().trim(); String string = sb.toString().trim();
if (string.isEmpty()) {
throw this.syntaxError("Missing value");
}
if (strictMode) { if (strictMode) {
boolean isBooleanOrNumeric = checkIfValueIsBooleanOrNumeric(string); boolean isBooleanOrNumeric = checkIfValueIsBooleanOrNumeric(string);
@ -526,9 +530,6 @@ public class JSONTokener {
throw new JSONException(String.format("Value is not surrounded by quotes: %s", string)); throw new JSONException(String.format("Value is not surrounded by quotes: %s", string));
} }
if (string.isEmpty()) {
throw this.syntaxError("Missing value");
}
return JSONObject.stringToValue(string); return JSONObject.stringToValue(string);
} }

1
src/test/java/org/json/junit/JSONParserConfigurationTest.java
View File

@ -218,6 +218,7 @@ public class JSONParserConfigurationTest {
*/ */
private List<String> getNonCompliantJSONList() { private List<String> getNonCompliantJSONList() {
return Arrays.asList( return Arrays.asList(
"[[a]]",
"[]asdf", "[]asdf",
"[]]", "[]]",
"[]}", "[]}",