Backups/JSON-java
1
0
Fork 0
mirror of https://github.com/stleary/JSON-java.git synced 2025-08-02 11:05:28 -04:00
Code Issues Projects Releases Wiki Activity

feat(#871-strictMode): improved validation, strict mode for quotes implementation

Browse Source
This commit is contained in:
rikkarth 2024-03-15 22:28:31 +00:00
parent c140e91bb8
commit e67abb3842
No known key found for this signature in database
GPG Key ID: 11E5F28B0AED6AC7
4 changed files with 956 additions and 1087 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/org/json/JSONArray.java
View File

@ -109,7 +109,11 @@ public class JSONArray implements Iterable<Object> {
this.myArrayList.add(JSONObject.NULL);
} else {
x.back();
this.myArrayList.add(x.nextValue());
if (jsonParserConfiguration.isStrictMode()) {
this.myArrayList.add(x.nextValue(true));
} else {
this.myArrayList.add(x.nextValue());
}
}
switch (x.nextClean()) {
case 0:
@ -1693,7 +1697,8 @@ public class JSONArray implements Iterable<Object> {
* @throws JSONException If not an array or if an array value is non-finite number.
* @throws NullPointerException Thrown if the array parameter is null.
*/
private void addAll(Object array, boolean wrap, int recursionDepth, JSONParserConfiguration jsonParserConfiguration)
private void addAll(Object array, boolean wrap, int recursionDepth, JSONParserConfiguration
jsonParserConfiguration)
throws JSONException {
if (array.getClass().isArray()) {
int length = Array.getLength(array);

1587
src/main/java/org/json/JSONObject.java
View File

File diff suppressed because it is too large Load Diff

428
src/main/java/org/json/JSONTokener.java
View File

@ -8,40 +8,57 @@ Public Domain.
*/
/**
* A JSONTokener takes a source string and extracts characters and tokens from
* it. It is used by the JSONObject and JSONArray constructors to parse
* JSON source strings.
* A JSONTokener takes a source string and extracts characters and tokens from it. It is used by the JSONObject and
* JSONArray constructors to parse JSON source strings.
*
* @author JSON.org
* @version 2014-05-03
*/
public class JSONTokener {
/** current read character position on the current line. */
/**
* current read character position on the current line.
*/
private long character;
/** flag to indicate if the end of the input has been found. */
/**
* flag to indicate if the end of the input has been found.
*/
private boolean eof;
/** current read index of the input. */
/**
* current read index of the input.
*/
private long index;
/** current line of the input. */
/**
* current line of the input.
*/
private long line;
/** previous character read from the input. */
/**
* previous character read from the input.
*/
private char previous;
/** Reader for the input. */
/**
* Reader for the input.
*/
private final Reader reader;
/** flag to indicate that a previous character was requested. */
/**
* flag to indicate that a previous character was requested.
*/
private boolean usePrevious;
/** the number of characters read in the previous line. */
/**
* the number of characters read in the previous line.
*/
private long characterPreviousLine;
/**
* Construct a JSONTokener from a Reader. The caller must close the Reader.
*
* @param reader A reader.
* @param reader A reader.
*/
public JSONTokener(Reader reader) {
this.reader = reader.markSupported()
? reader
: new BufferedReader(reader);
? reader
: new BufferedReader(reader);
this.eof = false;
this.usePrevious = false;
this.previous = 0;
@ -54,6 +71,7 @@ public class JSONTokener {
/**
* Construct a JSONTokener from an InputStream. The caller must close the input stream.
*
* @param inputStream The source.
*/
public JSONTokener(InputStream inputStream) {
@ -64,7 +82,7 @@ public class JSONTokener {
/**
* Construct a JSONTokener from a string.
*
* @param s A source string.
* @param s A source string.
*/
public JSONTokener(String s) {
this(new StringReader(s));
@ -72,11 +90,10 @@ public class JSONTokener {
/**
* Back up one character. This provides a sort of lookahead capability,
* so that you can test for a digit or letter before attempting to parse
* the next number or identifier.
* @throws JSONException Thrown if trying to step back more than 1 step
* or if already at the start of the string
* Back up one character. This provides a sort of lookahead capability, so that you can test for a digit or letter
* before attempting to parse the next number or identifier.
*
* @throws JSONException Thrown if trying to step back more than 1 step or if already at the start of the string
*/
public void back() throws JSONException {
if (this.usePrevious || this.index <= 0) {
@ -92,19 +109,19 @@ public class JSONTokener {
*/
private void decrementIndexes() {
this.index--;
if(this.previous=='\r' || this.previous == '\n') {
if (this.previous == '\r' || this.previous == '\n') {
this.line--;
this.character=this.characterPreviousLine ;
} else if(this.character > 0){
this.character = this.characterPreviousLine;
} else if (this.character > 0) {
this.character--;
}
}
/**
* Get the hex value of a character (base16).
* @param c A character between '0' and '9' or between 'A' and 'F' or
* between 'a' and 'f'.
* @return An int between 0 and 15, or -1 if c was not a hex digit.
*
* @param c A character between '0' and '9' or between 'A' and 'F' or between 'a' and 'f'.
* @return An int between 0 and 15, or -1 if c was not a hex digit.
*/
public static int dehexchar(char c) {
if (c >= '0' && c <= '9') {
@ -130,14 +147,13 @@ public class JSONTokener {
/**
* Determine if the source string still contains characters that next()
* can consume.
* Determine if the source string still contains characters that next() can consume.
*
* @return true if not yet at the end of the source.
* @throws JSONException thrown if there is an error stepping forward
* or backward while checking for more data.
* @throws JSONException thrown if there is an error stepping forward or backward while checking for more data.
*/
public boolean more() throws JSONException {
if(this.usePrevious) {
if (this.usePrevious) {
return true;
}
try {
@ -147,7 +163,7 @@ public class JSONTokener {
}
try {
// -1 is EOF, but next() can not consume the null character '\0'
if(this.reader.read() <= 0) {
if (this.reader.read() <= 0) {
this.eof = true;
return false;
}
@ -188,28 +204,32 @@ public class JSONTokener {
/**
* Get the last character read from the input or '\0' if nothing has been read yet.
*
* @return the last character read from the input.
*/
protected char getPrevious() { return this.previous;}
protected char getPrevious() {
return this.previous;
}
/**
* Increments the internal indexes according to the previous character
* read and the character passed as the current character.
* Increments the internal indexes according to the previous character read and the character passed as the current
* character.
*
* @param c the current character read.
*/
private void incrementIndexes(int c) {
if(c > 0) {
if (c > 0) {
this.index++;
if(c=='\r') {
if (c == '\r') {
this.line++;
this.characterPreviousLine = this.character;
this.character=0;
}else if (c=='\n') {
if(this.previous != '\r') {
this.character = 0;
} else if (c == '\n') {
if (this.previous != '\r') {
this.line++;
this.characterPreviousLine = this.character;
}
this.character=0;
this.character = 0;
} else {
this.character++;
}
@ -217,8 +237,8 @@ public class JSONTokener {
}
/**
* Consume the next character, and check that it matches a specified
* character.
* Consume the next character, and check that it matches a specified character.
*
* @param c The character to match.
* @return The character.
* @throws JSONException if the character does not match.
@ -226,9 +246,9 @@ public class JSONTokener {
public char next(char c) throws JSONException {
char n = this.next();
if (n != c) {
if(n > 0) {
if (n > 0) {
throw this.syntaxError("Expected '" + c + "' and instead saw '" +
n + "'");
n + "'");
}
throw this.syntaxError("Expected '" + c + "' and instead saw ''");
}
@ -239,11 +259,9 @@ public class JSONTokener {
/**
* Get the next n characters.
*
* @param n The number of characters to take.
* @return A string of n characters.
* @throws JSONException
* Substring bounds error if there are not
* n characters remaining in the source string.
* @param n The number of characters to take.
* @return A string of n characters.
* @throws JSONException Substring bounds error if there are not n characters remaining in the source string.
*/
public String next(int n) throws JSONException {
if (n == 0) {
@ -266,11 +284,12 @@ public class JSONTokener {
/**
* Get the next char in the string, skipping whitespace.
*
* @return A character, or 0 if there are no more characters.
* @throws JSONException Thrown if there is an error reading the source string.
* @return A character, or 0 if there are no more characters.
*/
public char nextClean() throws JSONException {
for (;;) {
for (; ; ) {
char c = this.next();
if (c == 0 || c > ' ') {
return c;
@ -280,82 +299,80 @@ public class JSONTokener {
/**
* Return the characters up to the next close quote character.
* Backslash processing is done. The formal JSON format does not
* allow strings in single quotes, but an implementation is allowed to
* accept them.
* Return the characters up to the next close quote character. Backslash processing is done. The formal JSON format
* does not allow strings in single quotes, but an implementation is allowed to accept them.
*
* @param quote The quoting character, either
* <code>"</code>&nbsp;<small>(double quote)</small> or
* <code>'</code>&nbsp;<small>(single quote)</small>.
* @return A String.
* <code>"</code>&nbsp;<small>(double quote)</small> or
* <code>'</code>&nbsp;<small>(single quote)</small>.
* @return A String.
* @throws JSONException Unterminated string.
*/
public String nextString(char quote) throws JSONException {
char c;
StringBuilder sb = new StringBuilder();
for (;;) {
for (; ; ) {
c = this.next();
switch (c) {
case 0:
case '\n':
case '\r':
throw this.syntaxError("Unterminated string");
case '\\':
c = this.next();
switch (c) {
case 'b':
sb.append('\b');
break;
case 't':
sb.append('\t');
break;
case 'n':
sb.append('\n');
break;
case 'f':
sb.append('\f');
break;
case 'r':
sb.append('\r');
break;
case 'u':
try {
sb.append((char)Integer.parseInt(this.next(4), 16));
} catch (NumberFormatException e) {
throw this.syntaxError("Illegal escape.", e);
case 0:
case '\n':
case '\r':
throw this.syntaxError("Unterminated string");
case '\\':
c = this.next();
switch (c) {
case 'b':
sb.append('\b');
break;
case 't':
sb.append('\t');
break;
case 'n':
sb.append('\n');
break;
case 'f':
sb.append('\f');
break;
case 'r':
sb.append('\r');
break;
case 'u':
try {
sb.append((char) Integer.parseInt(this.next(4), 16));
} catch (NumberFormatException e) {
throw this.syntaxError("Illegal escape.", e);
}
break;
case '"':
case '\'':
case '\\':
case '/':
sb.append(c);
break;
default:
throw this.syntaxError("Illegal escape.");
}
break;
case '"':
case '\'':
case '\\':
case '/':
sb.append(c);
break;
default:
throw this.syntaxError("Illegal escape.");
}
break;
default:
if (c == quote) {
return sb.toString();
}
sb.append(c);
if (c == quote) {
return sb.toString();
}
sb.append(c);
}
}
}
/**
* Get the text up but not including the specified character or the
* end of line, whichever comes first.
* @param delimiter A delimiter character.
* @return A string.
* @throws JSONException Thrown if there is an error while searching
* for the delimiter
* Get the text up but not including the specified character or the end of line, whichever comes first.
*
* @param delimiter A delimiter character.
* @return A string.
* @throws JSONException Thrown if there is an error while searching for the delimiter
*/
public String nextTo(char delimiter) throws JSONException {
StringBuilder sb = new StringBuilder();
for (;;) {
for (; ; ) {
char c = this.next();
if (c == delimiter || c == 0 || c == '\n' || c == '\r') {
if (c != 0) {
@ -369,12 +386,12 @@ public class JSONTokener {
/**
* Get the text up but not including one of the specified delimiter
* characters or the end of line, whichever comes first.
* Get the text up but not including one of the specified delimiter characters or the end of line, whichever comes
* first.
*
* @param delimiters A set of delimiter characters.
* @return A string, trimmed.
* @throws JSONException Thrown if there is an error while searching
* for the delimiter
* @throws JSONException Thrown if there is an error while searching for the delimiter
*/
public String nextTo(String delimiters) throws JSONException {
char c;
@ -382,7 +399,7 @@ public class JSONTokener {
for (;;) {
c = this.next();
if (delimiters.indexOf(c) >= 0 || c == 0 ||
c == '\n' || c == '\r') {
c == '\n' || c == '\r') {
if (c != 0) {
this.back();
}
@ -394,51 +411,149 @@ public class JSONTokener {
/**
* Get the next value. The value can be a Boolean, Double, Integer,
* JSONArray, JSONObject, Long, or String, or the JSONObject.NULL object.
* @throws JSONException If syntax error.
* Get the next value. The value can be a Boolean, Double, Integer, JSONArray, JSONObject, Long, or String, or the
* JSONObject.NULL object.
*
* @return An object.
* @throws JSONException If syntax error.
*/
public Object nextValue() throws JSONException {
return nextValue(false);
}
/**
* Get the next value. The value can be a Boolean, Double, Integer, JSONArray, JSONObject, Long, or String, or the
* JSONObject.NULL object. The strictMode parameter controls the behavior of the method when parsing the value.
*
* @param strictMode If true, the method will strictly adhere to the JSON syntax, throwing a JSONException for any
* deviations.
* @return An object.
* @throws JSONException If syntax error.
*/
public Object nextValue(boolean strictMode) throws JSONException {
char c = this.nextClean();
switch (c) {
case '{':
this.back();
try {
return new JSONObject(this);
} catch (StackOverflowError e) {
throw new JSONException("JSON Array or Object depth too large to process.", e);
}
case '[':
this.back();
try {
return new JSONArray(this);
} catch (StackOverflowError e) {
throw new JSONException("JSON Array or Object depth too large to process.", e);
}
case '{':
this.back();
return getJsonObject(strictMode);
case '[':
this.back();
return getJsonArray();
default:
return getValue(c, strictMode);
}
}
/**
* This method is used to get the next value.
*
* @param c The next character in the JSONTokener.
* @param strictMode If true, the method will strictly adhere to the JSON syntax, throwing a JSONException if the
* value is not surrounded by quotes.
* @return An object which is the next value in the JSONTokener.
* @throws JSONException If the value is not surrounded by quotes when strictMode is true.
*/
private Object getValue(char c, boolean strictMode) {
if (strictMode) {
Object valueToValidate = nextSimpleValue(c, true);
boolean isNumeric = valueToValidate.toString().chars().allMatch( Character::isDigit );
if(isNumeric){
return valueToValidate;
}
boolean hasQuotes = valueIsWrappedByQuotes(valueToValidate);
if (!hasQuotes) {
throw new JSONException("Value is not surrounded by quotes: " + valueToValidate);
}
return valueToValidate;
}
return nextSimpleValue(c);
}
Object nextSimpleValue(char c) {
String string;
/**
* This method is used to get a JSONObject from the JSONTokener. The strictMode parameter controls the behavior of
* the method when parsing the JSONObject.
*
* @param strictMode If true, the method will strictly adhere to the JSON syntax, throwing a JSONException for any
* deviations.
* @return A JSONObject which is the next value in the JSONTokener.
* @throws JSONException If the JSONObject or JSONArray depth is too large to process.
*/
private JSONObject getJsonObject(boolean strictMode) {
try {
if (strictMode) {
return new JSONObject(this, new JSONParserConfiguration().withStrictMode(true));
}
switch (c) {
case '"':
case '\'':
return this.nextString(c);
return new JSONObject(this);
} catch (StackOverflowError e) {
throw new JSONException("JSON Array or Object depth too large to process.", e);
}
}
/**
* This method is used to get a JSONArray from the JSONTokener.
*
* @return A JSONArray which is the next value in the JSONTokener.
* @throws JSONException If the JSONArray depth is too large to process.
*/
private JSONArray getJsonArray() {
try {
return new JSONArray(this);
} catch (StackOverflowError e) {
throw new JSONException("JSON Array or Object depth too large to process.", e);
}
}
/**
* This method checks if the provided value is wrapped by quotes.
*
* @param valueToValidate The value to be checked. It is converted to a string before checking.
* @return A boolean indicating whether the value is wrapped by quotes. It returns true if the value is wrapped by
* either single or double quotes.
*/
private boolean valueIsWrappedByQuotes(Object valueToValidate) {
String stringToValidate = valueToValidate.toString();
boolean isWrappedByDoubleQuotes = isWrappedByQuotes(stringToValidate, "\"");
boolean isWrappedBySingleQuotes = isWrappedByQuotes(stringToValidate, "'");
return isWrappedByDoubleQuotes || isWrappedBySingleQuotes;
}
private boolean isWrappedByQuotes(String valueToValidate, String quoteType) {
return valueToValidate.startsWith(quoteType) && valueToValidate.endsWith(quoteType);
}
Object nextSimpleValue(char c) {
return nextSimpleValue(c, false);
}
Object nextSimpleValue(char c, boolean strictMode) {
if (c == '"' || c == '\'') {
String str = this.nextString(c);
if (strictMode) {
return String.format("\"%s\"", str);
}
return str;
}
/*
* Handle unquoted text. This could be the values true, false, or
* null, or it can be a number. An implementation (such as this one)
* is allowed to also accept non-standard forms.
*
* Accumulate characters until we reach the end of the text or a
* formatting character.
*/
return parsedUnquotedText(c);
}
/**
* Parses unquoted text from the JSON input. This could be the values true, false, or null, or it can be a number.
* Non-standard forms are also accepted. Characters are accumulated until the end of the text or a formatting
* character is reached.
*
* @param c The starting character.
* @return The parsed object.
* @throws JSONException If the parsed string is empty.
*/
private Object parsedUnquotedText(char c) {
StringBuilder sb = new StringBuilder();
while (c >= ' ' && ",:]}/\\\"[{;=#".indexOf(c) < 0) {
sb.append(c);
@ -448,8 +563,8 @@ public class JSONTokener {
this.back();
}
string = sb.toString().trim();
if ("".equals(string)) {
String string = sb.toString().trim();
if (string.isEmpty()) {
throw this.syntaxError("Missing value");
}
return JSONObject.stringToValue(string);
@ -457,13 +572,12 @@ public class JSONTokener {
/**
* Skip characters until the next character is the requested character.
* If the requested character is not found, no characters are skipped.
* Skip characters until the next character is the requested character. If the requested character is not found, no
* characters are skipped.
*
* @param to A character to skip to.
* @return The requested character, or zero if the requested character
* is not found.
* @throws JSONException Thrown if there is an error while searching
* for the to character
* @return The requested character, or zero if the requested character is not found.
* @throws JSONException Thrown if there is an error while searching for the to character
*/
public char skipTo(char to) throws JSONException {
char c;
@ -497,7 +611,7 @@ public class JSONTokener {
* Make a JSONException to signal a syntax error.
*
* @param message The error message.
* @return A JSONException object, suitable for throwing
* @return A JSONException object, suitable for throwing
*/
public JSONException syntaxError(String message) {
return new JSONException(message + this.toString());
@ -506,9 +620,9 @@ public class JSONTokener {
/**
* Make a JSONException to signal a syntax error.
*
* @param message The error message.
* @param message The error message.
* @param causedBy The throwable that caused the error.
* @return A JSONException object, suitable for throwing
* @return A JSONException object, suitable for throwing
*/
public JSONException syntaxError(String message, Throwable causedBy) {
return new JSONException(message + this.toString(), causedBy);
@ -522,7 +636,7 @@ public class JSONTokener {
@Override
public String toString() {
return " at " + this.index + " [character " + this.character + " line " +
this.line + "]";
this.line + "]";
}
/**
@ -531,7 +645,7 @@ public class JSONTokener {
* @throws IOException If an I/O error occurs while closing the reader.
*/
public void close() throws IOException {
if(reader!=null){
if (reader != null) {
reader.close();
}
}

19
src/test/java/org/json/junit/JSONParserConfigurationTest.java
View File

@ -2,6 +2,7 @@ package org.json.junit;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
@ -31,25 +32,23 @@ public class JSONParserConfigurationTest {
@Test
public void givenInvalidInputArrays_testStrictModeTrue_shouldThrowJsonException() {
List<String> strictModeInputTestCases = Arrays.asList("[1,2];[3,4]", "", "[1, 2,3]:[4,5]", "[{test: implied}]");
List<String> strictModeInputTestCases = getNonCompliantJSONList();
JSONParserConfiguration jsonParserConfiguration = new JSONParserConfiguration()
.withStrictMode(true);
strictModeInputTestCases.forEach(testCase -> {
System.out.println("Test case: " + testCase);
assertThrows("expected non-compliant array but got instead: " + testCase, JSONException.class,
() -> new JSONArray(testCase, jsonParserConfiguration));
System.out.println("Passed");
});
}
@Test
public void givenInvalidInputArrays_testStrictModeFalse_shouldNotThrowAnyException() {
List<String> strictModeInputTestCases = Arrays.asList("[1,2];[3,4]", "[1, 2,3]:[4,5]", "[{test: implied}]");
List<String> strictModeInputTestCases = getNonCompliantJSONList();
JSONParserConfiguration jsonParserConfiguration = new JSONParserConfiguration()
.withStrictMode(false);
strictModeInputTestCases.stream().peek(System.out::println).forEach(testCase -> new JSONArray(testCase, jsonParserConfiguration));
strictModeInputTestCases.forEach(testCase -> new JSONArray(testCase, jsonParserConfiguration));
}
@Test
@ -71,4 +70,14 @@ public class JSONParserConfigurationTest {
assertTrue(jsonParserConfiguration.isOverwriteDuplicateKey());
assertEquals(42, jsonParserConfiguration.getMaxNestingDepth());
}
private List<String> getNonCompliantJSONList() {
return Arrays.asList(
"[1,2];[3,4]",
"[1, 2,3]:[4,5]",
"[{test: implied}]",
"[{\"test\": implied}]",
"[{\"number\":\"7990154836330\",\"color\":'c'},{\"number\":8784148854580,\"color\":RosyBrown},{\"number\":\"5875770107113\",\"color\":\"DarkSeaGreen\"}]",
"[{test: \"implied\"}]");
}
}