Protect from unsafe JSON parsing behavior.

[trestletech]

I believe the only way that this could have been exploited would be if the API used encrypted cookies and an attacker knew the encryption key.

We were already sniffing for JSON by reading the first char and matching against '{', so we wouldn't have been vulnerable to any attack in standard usage.

[codecov-io]

Codecov Report

Merging #325 into master will increase coverage by 0.02%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #325      +/-   ##
==========================================
+ Coverage   90.01%   90.04%   +0.02%     
==========================================
  Files          25       26       +1     
  Lines        1142     1145       +3     
==========================================
+ Hits         1028     1031       +3     
  Misses        114      114

Impacted Files	Coverage Δ
R/session-cookie.R	93.02% <100%> (ø)	⬆️
R/post-body.R	100% <100%> (ø)	⬆️
R/json.R	100% <100%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8c25b8b...b2aea33. Read the comment docs.

[trestletech]

Oh, look at you! One step ahead of me :) Thanks

[r2evans]

I know it's late in the game (congrats on 1.0.0!), is there an advantage to using this over jsonlite::parse_json()? It is safer than fromJSON and does mostly the same think (lacking jsonlite::validate). (Note, it defaults to not simplifying ... other than that, they are identical to fromJSON.) (Companion function: jsonlite::read_json for explicit file paths.

[schloerke]

@r2evans

plumber/R/json.R

Line 4 in 47100cd

parse_json(txt, simplifyVector = simplifyVector, ...)

now uses parse_json and defaults simply to FALSE. I believe this should have the same behavior as before.

Never too late to bring up discussion and to double check things! Thank you! 😊😊

[r2evans]

Thanks @schloerke. I have been bitten (local-code only, not within plumber) by the flexibility of fromJSON before, so I happened to see those functions. I've been shying away from polymorphism that includes filenames, as it can definitely be more problematic, especially cases like these.

But mostly ... I should have realized that even though I read the new-release NEWS today, that doesn't mean that this PR was at all recent (vice almost 2y ago). Oops, I see your safeFromJSON now, sorry for the noise. :-)