json 1.0.4 → 1.1.0

data/lib/json/pure/parser.rb

@@ -7,8 +7,9 @@ module JSON
     class Parser < StringScanner
       STRING                = /" ((?:[^\x0-\x1f"\\] |
                                   \\["\\\/bfnrt] |
-                                  \\u[0-9a-fA-F]{4})*)
-                              "/x
+                                  \\u[0-9a-fA-F]{4} |
+                                  \\[\x20-\xff])*)
+                              "/nx
       INTEGER               = /(-?0|-?[1-9]\d*)/
       FLOAT                 = /(-?
                                 (?:0|[1-9]\d*)
@@ -45,8 +46,20 @@ module JSON
       UNPARSED = Object.new
 
       # Creates a new JSON::Pure::Parser instance for the string _source_.
-      def initialize(source)
+      #
+      # It will be configured by the _opts_ hash. _opts_ can have the following
+      # keys:
+      # * *max_nesting*: The maximum depth of nesting allowed in the parsed data
+      #   structures. Disable depth checking with :max_nesting => false.
+      def initialize(source, opts = {})
         super
+        if !opts.key?(:max_nesting) # defaults to 19
+          @max_nesting = 19
+        elsif opts[:max_nesting]
+          @max_nesting = opts[:max_nesting]
+        else
+          @max_nesting = 0
+        end
         @create_id = JSON.create_id
       end
 
@@ -61,9 +74,11 @@ module JSON
           case
           when scan(OBJECT_OPEN)
             obj and raise ParserError, "source '#{peek(20)}' not in JSON!"
+            @current_nesting = 1
             obj = parse_object
           when scan(ARRAY_OPEN)
             obj and raise ParserError, "source '#{peek(20)}' not in JSON!"
+            @current_nesting = 1
             obj = parse_array
           when skip(IGNORE)
             ;
@@ -78,7 +93,8 @@ module JSON
       private
 
       # Unescape characters in strings.
-      UNESCAPE_MAP = {
+      UNESCAPE_MAP = Hash.new { |h, k| h[k] = k.chr }
+      UNESCAPE_MAP.update({
         ?"  => '"',
         ?\\ => '\\',
         ?/  => '/',
@@ -87,12 +103,13 @@ module JSON
         ?n  => "\n",
         ?r  => "\r",
         ?t  => "\t",
-      }
+        ?u  => nil, 
+      })
 
       def parse_string
         if scan(STRING)
           return '' if self[1].empty?
-          self[1].gsub(%r((?:\\[\\bfnrt"/]|(?:\\u(?:[A-Fa-f\d]{4}))+))) do |c|
+          self[1].gsub(%r((?:\\[\\bfnrt"/]|(?:\\u(?:[A-Fa-f\d]{4}))+|\\[\x20-\xff]))n) do |c|
             if u = UNESCAPE_MAP[c[1]]
               u
             else # \uXXXX
@@ -127,15 +144,23 @@ module JSON
         when (string = parse_string) != UNPARSED
           string
         when scan(ARRAY_OPEN)
-          parse_array
+          @current_nesting += 1
+          ary = parse_array
+          @current_nesting -= 1
+          ary
         when scan(OBJECT_OPEN)
-          parse_object
+          @current_nesting += 1
+          obj = parse_object
+          @current_nesting -= 1
+          obj
         else
           UNPARSED
         end
       end
 
       def parse_array
+        raise NestingError, "nesting of #@current_nesting is to deep" if
+          @max_nesting.nonzero? && @current_nesting > @max_nesting
         result = []
         delim = false
         until eos?
@@ -166,6 +191,8 @@ module JSON
       end
 
       def parse_object
+        raise NestingError, "nesting of #@current_nesting is to deep" if
+          @max_nesting.nonzero? && @current_nesting > @max_nesting
         result = {}
         delim = false
         until eos?

data/lib/json/version.rb

@@ -1,6 +1,6 @@
 module JSON
   # JSON version
-  VERSION         = '1.0.4'
+  VERSION         = '1.1.0'
   VERSION_ARRAY   = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
   VERSION_MAJOR   = VERSION_ARRAY[0] # :nodoc:
   VERSION_MINOR   = VERSION_ARRAY[1] # :nodoc:

data/tests/test_json.rb

@@ -213,6 +213,10 @@ EOT
     data = JSON.parse(json)
     assert_equal ['"'], data
     assert_equal json, JSON.unparse(data)
+    json = '["\\\'"]'
+    data = JSON.parse(json)
+    assert_equal ["'"], data
+    assert_equal '["\'"]', JSON.unparse(data)
   end
 
   def test_wrong_inputs
@@ -232,5 +236,20 @@ EOT
     assert_raises(ParserError) { JSON.parse('[1.]') }
     assert_raises(ParserError) { JSON.parse('     ') }
   end
+
+  def test_nesting
+    to_deep = '[[[[[[[[[[[[[[[[[[[["Too deep"]]]]]]]]]]]]]]]]]]]]'
+    assert_raises(JSON::NestingError) { JSON.parse to_deep }
+    assert_raises(JSON::NestingError) { JSON.parser.new(to_deep).parse }
+    assert_raises(JSON::NestingError) { JSON.parse to_deep, :max_nesting => 19 }
+    ok = JSON.parse to_deep, :max_nesting => 20
+    assert_kind_of Array, ok
+    ok = JSON.parse to_deep, :max_nesting => nil
+    assert_kind_of Array, ok
+    ok = JSON.parse to_deep, :max_nesting => false
+    assert_kind_of Array, ok
+    ok = JSON.parse to_deep, :max_nesting => 0
+    assert_kind_of Array, ok
+  end
 end
   # vim: set et sw=2 ts=2:

data/tests/test_json_fixtures.rb

@@ -21,7 +21,7 @@ class TC_JSONFixtures < Test::Unit::TestCase
 
   def test_failing
     for (name, source) in @failed
-      assert_raises(JSON::ParserError,
+      assert_raises(JSON::ParserError, JSON::NestingError,
         "Did not fail for fixture '#{name}'") do
         JSON.parse(source)
       end

data/tools/fuzz.rb

@@ -116,7 +116,7 @@ loop do
     puts json.size
   end
   begin
-    o2 = JSON.parse(json)
+    o2 = JSON.parse(json, :max_nesting => false)
   rescue JSON::ParserError => e
     puts "Caught #{e.class}: #{e.message}\n#{e.backtrace * "\n"}"
     puts "o1 = #{o1.inspect}", "json = #{json}", "json_str = #{json.inspect}"

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.8.11
 specification_version: 1
 name: json
 version: !ruby/object:Gem::Version 
-  version: 1.0.4
-date: 2007-05-10 00:00:00 +02:00
+  version: 1.1.0
+date: 2007-06-04 00:00:00 +02:00
 summary: A JSON implementation as a Ruby extension
 require_paths: 
 - ext/json/ext
@@ -34,6 +34,7 @@ files:
 - VERSION
 - TODO
 - tests
+- RUBY
 - GPL
 - install.rb
 - ext
@@ -55,12 +56,11 @@ files:
 - tests/test_json_generate.rb
 - tests/test_json_addition.rb
 - tests/fixtures/fail27.json
+- tests/fixtures/pass26.json
 - tests/fixtures/fail22.json
-- tests/fixtures/fail26.json
-- tests/fixtures/fail16.json
+- tests/fixtures/pass17.json
 - tests/fixtures/fail28.json
 - tests/fixtures/fail25.json
-- tests/fixtures/pass18.json
 - tests/fixtures/fail9.json
 - tests/fixtures/fail20.json
 - tests/fixtures/fail24.json
@@ -68,6 +68,8 @@ files:
 - tests/fixtures/fail4.json
 - tests/fixtures/fail7.json
 - tests/fixtures/fail10.json
+- tests/fixtures/pass15.json
+- tests/fixtures/fail18.json
 - tests/fixtures/fail13.json
 - tests/fixtures/fail6.json
 - tests/fixtures/fail21.json
@@ -78,11 +80,10 @@ files:
 - tests/fixtures/fail5.json
 - tests/fixtures/pass1.json
 - tests/fixtures/fail12.json
-- tests/fixtures/fail15.json
 - tests/fixtures/pass3.json
 - tests/fixtures/fail8.json
-- tests/fixtures/fail17.json
 - tests/fixtures/fail19.json
+- tests/fixtures/pass16.json
 - tests/fixtures/pass2.json
 - tests/fixtures/fail2.json
 - ext/json