From b524dee27d9cb02f08f9a8445b916149b5f9df3b Mon Sep 17 00:00:00 2001 From: Anupama Kumari Date: Wed, 5 Jul 2023 18:34:36 +0530 Subject: [PATCH 1/3] nesting of 101 too deep --- lib/jsonpath.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/jsonpath.rb b/lib/jsonpath.rb index 238a7bd..ee2cb3c 100644 --- a/lib/jsonpath.rb +++ b/lib/jsonpath.rb @@ -25,6 +25,7 @@ class JsonPath def initialize(path, opts = {}) @opts = DEFAULT_OPTIONS.merge(opts) + @opts[:max_nesting] = false if @opts[:max_nesting] > 100 scanner = StringScanner.new(path.strip) @path = [] until scanner.eos? From da4e1dc479b3c317eed459d7a6eec9eda21b6e4e Mon Sep 17 00:00:00 2001 From: Anupama Kumari Date: Wed, 5 Jul 2023 19:01:13 +0530 Subject: [PATCH 2/3] test cases --- lib/jsonpath.rb | 5 +++-- test/test_jsonpath.rb | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/jsonpath.rb b/lib/jsonpath.rb index ee2cb3c..b4b6ce4 100644 --- a/lib/jsonpath.rb +++ b/lib/jsonpath.rb @@ -12,20 +12,21 @@ # into a token array. class JsonPath PATH_ALL = '$..*' + MAX_NESTING_ALLOWED = 100 DEFAULT_OPTIONS = { :default_path_leaf_to_null => false, :symbolize_keys => false, :use_symbols => false, :allow_send => true, - :max_nesting => 100 + :max_nesting => MAX_NESTING_ALLOWED } attr_accessor :path def initialize(path, opts = {}) @opts = DEFAULT_OPTIONS.merge(opts) - @opts[:max_nesting] = false if @opts[:max_nesting] > 100 + @opts[:max_nesting] = false if @opts[:max_nesting] > MAX_NESTING_ALLOWED scanner = StringScanner.new(path.strip) @path = [] until scanner.eos? diff --git a/test/test_jsonpath.rb b/test/test_jsonpath.rb index db8a5e4..bbc04a0 100644 --- a/test/test_jsonpath.rb +++ b/test/test_jsonpath.rb @@ -1195,6 +1195,21 @@ def test_with_max_nesting_false assert_equal [{}], JsonPath.new('$.a.b.c', max_nesting: false).on(json) end + def test_initialize_with_max_nesting_exceeding_limit + json = { + a: { + b: { + c: { + } + } + } + }.to_json + + json_obj = JsonPath.new('$.a.b.c', max_nesting: 105) + assert_equal [{}], json_obj.on(json) + assert_equal false, json_obj.instance_variable_get(:@opts)[:max_nesting] + end + def example_object { 'store' => { 'book' => [ From 50d0bbf997442c3e13122d6e76d6b4bb39999472 Mon Sep 17 00:00:00 2001 From: Anupama Kumari Date: Wed, 5 Jul 2023 19:27:04 +0530 Subject: [PATCH 3/3] other test cases --- lib/jsonpath.rb | 7 ++++++- test/test_jsonpath.rb | 10 ++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/jsonpath.rb b/lib/jsonpath.rb index b4b6ce4..914b44f 100644 --- a/lib/jsonpath.rb +++ b/lib/jsonpath.rb @@ -26,7 +26,7 @@ class JsonPath def initialize(path, opts = {}) @opts = DEFAULT_OPTIONS.merge(opts) - @opts[:max_nesting] = false if @opts[:max_nesting] > MAX_NESTING_ALLOWED + set_max_nesting scanner = StringScanner.new(path.strip) @path = [] until scanner.eos? @@ -148,4 +148,9 @@ def self.process_object(obj_or_str, opts = {}) def deep_clone Marshal.load Marshal.dump(self) end + + def set_max_nesting + return unless @opts[:max_nesting].is_a?(Integer) && @opts[:max_nesting] > MAX_NESTING_ALLOWED + @opts[:max_nesting] = false + end end diff --git a/test/test_jsonpath.rb b/test/test_jsonpath.rb index bbc04a0..026cda6 100644 --- a/test/test_jsonpath.rb +++ b/test/test_jsonpath.rb @@ -1210,6 +1210,16 @@ def test_initialize_with_max_nesting_exceeding_limit assert_equal false, json_obj.instance_variable_get(:@opts)[:max_nesting] end + def test_initialize_without_max_nesting_exceeding_limit + json_obj = JsonPath.new('$.a.b.c', max_nesting: 90) + assert_equal 90, json_obj.instance_variable_get(:@opts)[:max_nesting] + end + + def test_initialize_with_max_nesting_false_limit + json_obj = JsonPath.new('$.a.b.c', max_nesting: false) + assert_equal false, json_obj.instance_variable_get(:@opts)[:max_nesting] + end + def example_object { 'store' => { 'book' => [