Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

encoding/json: Unmarshal into struct field or a map does not validate invalid json.Number #14702

Closed
brenol opened this issue Mar 8, 2016 · 9 comments
Assignees
Labels

Comments

@brenol
Copy link

@brenol brenol commented Mar 8, 2016

  1. What version of Go are you using (go version)?
    go1.6 linux/amd64
  2. What operating system and processor architecture are you using (go env)?
    linux/amd64
  3. What did you do?
    (Use play.golang.org to provide a runnable example, if possible.)
    http://play.golang.org/p/8QZq-0vRch
  4. What did you expect to see?
    Unmarshal did not accept a invalid JSON as a json.Number, instead, it should raise an error
  5. What did you see instead?
    Unmarshal accepted a invalid JSON as a json.Number and did not raise an error
    #10281 is the one that actually fixed this issue, however, shouldn't unmarshal should also raise an error? Right now only Marshalling is an raising a error.

@edit
I actually did some further testing and it only happens when Unmarshalling into a struct field, as can be seen in the updated snippet above.

@edit2
It also happens when using map[string]json.Number and I have updated the test case accordingly.

@brenol brenol changed the title encoding/json: Unmarshal does not validate invalid json.Number encoding/json: Unmarshal into struct field does not validate invalid json.Number Mar 11, 2016
@brenol brenol changed the title encoding/json: Unmarshal into struct field does not validate invalid json.Number encoding/json: Unmarshal into struct field or a map does not validate invalid json.Number Mar 14, 2016
@bradfitz bradfitz added this to the Unplanned milestone Apr 9, 2016
@erikdubbelboer

This comment has been minimized.

Copy link
Contributor

@erikdubbelboer erikdubbelboer commented Oct 16, 2016

This could be fixed by adding the following lines after

v.SetString(string(s))

if v.Type() == numberType && !isValidNumber(string(s)) {
    d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item))
}

The question is if we really want this as it would kinda break how it currently works. People who currently abuse json.Number should switch to json.RawMessage. I'm not sure if this is seen as breaking the Go 1 API.

If you think this would be good to patch I can create a change in gerrit.

@erikdubbelboer

This comment has been minimized.

Copy link
Contributor

@erikdubbelboer erikdubbelboer commented Nov 4, 2016

@bradfitz any input? Otherwise you can close the issue I guess.

@bradfitz bradfitz modified the milestones: Go1.8Maybe, Unplanned Nov 4, 2016
@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Nov 4, 2016

Sorry, this was stuck in the "Unplanned" limbo state which we have since stopped using.

I don't believe anybody has looked at this. I'll leave the decision on the bug to @rsc.

@rsc rsc modified the milestones: Go1.9, Go1.8Maybe Nov 11, 2016
@rsc rsc modified the milestones: Go1.10, Go1.9 Jun 12, 2017
@rsc

This comment has been minimized.

Copy link
Contributor

@rsc rsc commented Nov 22, 2017

Leaving for the next round of JSON work.

@rsc rsc modified the milestones: Go1.10, Go1.11 Nov 22, 2017
@bradfitz bradfitz modified the milestones: Go1.11, Go1.12 Jun 13, 2018
@rsc rsc modified the milestones: Go1.12, Go1.13 Nov 14, 2018
@andybons andybons removed this from the Go1.13 milestone Jul 8, 2019
breml added a commit to breml/go that referenced this issue Sep 12, 2019
Unmarshal of invalid values, that is a value that is not a number,
into fields of type json.Number should fail.

Fixes golang#14702
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Sep 12, 2019

Change https://golang.org/cl/195045 mentions this issue: encoding/json: fix unmarshal invalid json.Number

breml added a commit to breml/go that referenced this issue Sep 16, 2019
Unmarshaling a string into a json.Number should first check that
the string is a valid Number.
If not, we should fail without decoding it.

Fixes golang#14702
@gopherbot gopherbot closed this in c1000c5 Sep 16, 2019
@mvrhov

This comment has been minimized.

Copy link

@mvrhov mvrhov commented Feb 18, 2020

This change just broke the decoding of "field":"" which previously worked and the use of json.Number was on purpose. I don't have the option to change the json input I'm getting.

@odeke-em

This comment has been minimized.

Copy link
Member

@odeke-em odeke-em commented Feb 18, 2020

@erikdubbelboer

This comment has been minimized.

Copy link
Contributor

@erikdubbelboer erikdubbelboer commented Feb 18, 2020

@odeke-em I guess this is the code @mvrhov is trying to use: https://play.golang.org/p/glvZxWT2to8

@mvrhov If you want to support broken input like that you'll have to use json.RawMessage like this: https://play.golang.org/p/iL5Q62g0Lkm

@mvdan

This comment has been minimized.

Copy link
Member

@mvdan mvdan commented Feb 20, 2020

Please continue the discussion in #37308. If you have a sample of the real scenario that broke for you, please add it there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

9 participants
You can’t perform that action at this time.