From e5ddb114ed5d45ee0a605da06a280207bf9f9f58 Mon Sep 17 00:00:00 2001
From: Nathaniel Fischer <nathan@nrktkt.tk>
Date: Wed, 15 Dec 2021 17:30:37 -0800
Subject: [PATCH 1/2] Use TreeMap in SimpleFacade to solve DoS vuln

---
 parser/shared/src/main/scala/jawn/Facade.scala | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/parser/shared/src/main/scala/jawn/Facade.scala b/parser/shared/src/main/scala/jawn/Facade.scala
index af33b263..ffdb39db 100644
--- a/parser/shared/src/main/scala/jawn/Facade.scala
+++ b/parser/shared/src/main/scala/jawn/Facade.scala
@@ -1,6 +1,7 @@
 package org.typelevel.jawn
 
 import scala.collection.mutable
+import scala.collection.immutable.TreeMap
 
 /**
  * [[Facade]] is a type class that describes how Jawn should construct
@@ -79,7 +80,7 @@ object Facade {
     final def objectContext(): FContext[J] =
       new FContext.NoIndexFContext[J] {
         private[this] var key: String = null
-        private[this] var vs = Map.empty[String, J]
+        private[this] var vs = TreeMap.empty[String, J]
         def add(s: CharSequence): Unit =
           if (key == null)
             key = s.toString

From 0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 Mon Sep 17 00:00:00 2001
From: Nathan Fischer <nfischer@tubi.tv>
Date: Fri, 17 Dec 2021 12:13:37 -0800
Subject: [PATCH 2/2] the MutableFacade IS also vulnerable

---
 parser/shared/src/main/scala/jawn/Facade.scala | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/parser/shared/src/main/scala/jawn/Facade.scala b/parser/shared/src/main/scala/jawn/Facade.scala
index ffdb39db..928d2f02 100644
--- a/parser/shared/src/main/scala/jawn/Facade.scala
+++ b/parser/shared/src/main/scala/jawn/Facade.scala
@@ -2,6 +2,8 @@ package org.typelevel.jawn
 
 import scala.collection.mutable
 import scala.collection.immutable.TreeMap
+import scala.collection.JavaConverters._
+import java.util.HashMap
 
 /**
  * [[Facade]] is a type class that describes how Jawn should construct
@@ -122,7 +124,7 @@ object Facade {
     final def objectContext(): FContext[J] =
       new FContext.NoIndexFContext[J] {
         private[this] var key: String = null
-        private[this] val vs = mutable.Map.empty[String, J]
+        private[this] val vs = (new HashMap[String, J]).asScala
         def add(s: CharSequence): Unit =
           if (key == null)
             key = s.toString