add flag to drop the limit of json depth

netplex · Jul 7, 2023 · da2e833 · da2e833
1 parent 2a7ba6e
commit da2e833
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 5 deletions.
diff --git a/json-smart/src/main/java/net/minidev/json/parser/JSONParser.java b/json-smart/src/main/java/net/minidev/json/parser/JSONParser.java
@@ -93,6 +93,13 @@ public class JSONParser {
 	 * @since 2.4
 	 */
 	public final static int BIG_DIGIT_UNRESTRICTED = 2048;
+
+	/**
+	 * If limit the max depth of json size
+	 *
+	 * @since 2.5
+	 */
+	public static final int FINITE_JSON_DEPTH = 4096;
 
 
 	/**
@@ -132,7 +139,7 @@ public class JSONParser {
 	/*
 	 * internal fields
 	 */
-	private int mode;
+	private final int mode;
 
 	private JSONParserInputStream pBinStream;
 	private JSONParserByteArray pBytes;

diff --git a/json-smart/src/main/java/net/minidev/json/parser/JSONParserBase.java b/json-smart/src/main/java/net/minidev/json/parser/JSONParserBase.java
@@ -92,6 +92,8 @@ abstract class JSONParserBase {
 	protected final boolean reject127;
 	protected final boolean unrestictBigDigit;
 
+	protected final boolean finiteJsonDepth;
+
 	public JSONParserBase(int permissiveMode) {
 		this.acceptNaN = (permissiveMode & JSONParser.ACCEPT_NAN) > 0;
 		this.acceptNonQuote = (permissiveMode & JSONParser.ACCEPT_NON_QUOTE) > 0;
@@ -107,6 +109,7 @@ public JSONParserBase(int permissiveMode) {
 		this.checkTaillingSpace = (permissiveMode & JSONParser.ACCEPT_TAILLING_SPACE) == 0;
 		this.reject127 = (permissiveMode & JSONParser.REJECT_127_CHAR) > 0;
 		this.unrestictBigDigit = (permissiveMode & JSONParser.BIG_DIGIT_UNRESTRICTED) > 0;
+		this.finiteJsonDepth = (permissiveMode & JSONParser.FINITE_JSON_DEPTH) > 0;
 	}
 
 	public void checkControleChar() throws ParseException {
@@ -296,7 +299,7 @@ protected Number parseNumber(String s) throws ParseException {
 	protected <T> T readArray(JsonReaderI<T> mapper) throws ParseException, IOException {
 		if (c != '[')
 			throw new RuntimeException("Internal Error");
-		if (++this.depth > MAX_DEPTH) {
+		if (finiteJsonDepth && ++this.depth > MAX_DEPTH) {
 			throw new ParseException(pos, ERROR_UNEXPECTED_JSON_DEPTH, c);
 		}
 		Object current = mapper.createArray();
@@ -553,7 +556,7 @@ protected <T> T readObject(JsonReaderI<T> mapper) throws ParseException, IOExcep
 		//
 		if (c != '{')
 			throw new RuntimeException("Internal Error");
-		if (++this.depth > MAX_DEPTH) {
+		if (finiteJsonDepth && ++this.depth > MAX_DEPTH) {
 			throw new ParseException(pos, ERROR_UNEXPECTED_JSON_DEPTH, c);
 		}
 		Object current = mapper.createObject();

diff --git a/json-smart/src/test/java/net/minidev/json/test/TestOverflow.java b/json-smart/src/test/java/net/minidev/json/test/TestOverflow.java
@@ -2,10 +2,12 @@
 
 import net.minidev.json.JSONArray;
 import net.minidev.json.JSONValue;
+import net.minidev.json.parser.JSONParser;
 import net.minidev.json.parser.ParseException;
 
+import static net.minidev.json.parser.JSONParser.DEFAULT_PERMISSIVE_MODE;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
 
 import org.junit.jupiter.api.Test;
 
@@ -28,7 +30,27 @@ public void stressTest() throws Exception {
 			assertEquals(e.getErrorType(), ParseException.ERROR_UNEXPECTED_JSON_DEPTH);
 			return;
 		}
-		assertTrue(false);
+		fail();
+	}
+
+	@Test
+	public void shouldNotFailWhenInfiniteJsonDepth() throws Exception {
+		int size = 500;
+		StringBuilder sb = new StringBuilder(10 + size*4);
+		for (int i=0; i < size; i++) {
+			sb.append("{a:");
+		}
+		sb.append("true");
+		for (int i=0; i < size; i++) {
+			sb.append("}");
+		}
+		String s = sb.toString();
+		try {
+			JSONParser parser = new JSONParser(DEFAULT_PERMISSIVE_MODE & ~JSONParser.FINITE_JSON_DEPTH);
+			parser.parse(s,  JSONValue.defaultReader.DEFAULT);
+		} catch (ParseException e) {
+			fail();
+		}
 	}
 
 	@Test