jsonc 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/README.md +19 -0
- data/lib/jsonc/parser/comment_remover.rb +7 -2
- data/lib/jsonc/parser/trailing_comma_remover.rb +7 -2
- data/lib/jsonc/version.rb +1 -1
- data/lib/jsonc.rb +16 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e1d2ee7ef746b211de8ddbb7e3f3d59b6c1a88b127f7525dd0f8dfb113e28ec2
|
|
4
|
+
data.tar.gz: a8ea35764e44a8c04edd4597773410779ce06b0e2710c0e7d0932bd503f9ff1f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7d25cdaca0214cb294ae5240c8f1874b7ac37670c656813026c66e44ef9f77ba78f586667074a0ca94ca50ab8a9a0c57fbcdbee1da3fa8dab3a78669ee723b42
|
|
7
|
+
data.tar.gz: d6676e4ffe049525e0530e98215b0f599d12a08652404f1d8ac4e0f95e7c55e69eb800fa75bdd441a266b060ed3c4e5ee1409c0a1e6054023faa28b7892048fb
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,25 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
|
+
|
|
1
8
|
## [Unreleased]
|
|
2
9
|
|
|
10
|
+
## [0.2.0] - 2026-01-09
|
|
11
|
+
|
|
12
|
+
### Security
|
|
13
|
+
|
|
14
|
+
- Fixed out-of-bounds string access vulnerability in parser that caused crashes when processing malformed input with trailing backslash
|
|
15
|
+
- Added `max_bytes` option to `JSONC.parse` and `JSONC.load_file` methods to prevent memory exhaustion DoS attacks (default: 10MB)
|
|
16
|
+
|
|
3
17
|
## [0.1.0] - 2025-08-24
|
|
4
18
|
|
|
19
|
+
### Added
|
|
20
|
+
|
|
5
21
|
- Initial release
|
|
22
|
+
|
|
23
|
+
[unreleased]: https://github.com/ytkg/jsonc/compare/v0.2.0...HEAD
|
|
24
|
+
[0.2.0]: https://github.com/ytkg/jsonc/compare/v0.1.0...v0.2.0
|
|
25
|
+
[0.1.0]: https://github.com/ytkg/jsonc/releases/tag/v0.1.0
|
data/README.md
CHANGED
|
@@ -54,6 +54,25 @@ puts parsed_hash["name"]
|
|
|
54
54
|
# => Jules
|
|
55
55
|
```
|
|
56
56
|
|
|
57
|
+
#### Size Limit
|
|
58
|
+
|
|
59
|
+
To prevent memory exhaustion from malicious or excessively large inputs, you can set a `max_bytes` limit (default: 10MB):
|
|
60
|
+
|
|
61
|
+
```ruby
|
|
62
|
+
# Default 10MB limit
|
|
63
|
+
JSONC.parse(jsonc_string)
|
|
64
|
+
|
|
65
|
+
# Custom size limit (50MB)
|
|
66
|
+
JSONC.parse(large_jsonc_string, max_bytes: 52_428_800)
|
|
67
|
+
|
|
68
|
+
# Also works with load_file (checks file size before reading)
|
|
69
|
+
JSONC.load_file('config.jsonc', max_bytes: 1_048_576) # 1MB
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
Exceeding the size limit raises a `JSON::ParserError`.
|
|
73
|
+
|
|
74
|
+
**Note**: The size limit applies to the raw JSONC input (including comments and whitespace) before sanitization. This means files with extensive comments count toward the limit.
|
|
75
|
+
|
|
57
76
|
### Loading a File
|
|
58
77
|
|
|
59
78
|
Use `JSONC.load_file` in place of `JSON.load_file`.
|
|
@@ -50,8 +50,13 @@ module JSONC
|
|
|
50
50
|
def parse_string
|
|
51
51
|
char = @string[@index]
|
|
52
52
|
if char == "\\"
|
|
53
|
-
@result << char
|
|
54
|
-
@index
|
|
53
|
+
@result << char
|
|
54
|
+
if @index + 1 < @string.length
|
|
55
|
+
@result << @string[@index + 1]
|
|
56
|
+
@index += 2
|
|
57
|
+
else
|
|
58
|
+
@index += 1
|
|
59
|
+
end
|
|
55
60
|
elsif char == '"'
|
|
56
61
|
@state = :normal
|
|
57
62
|
@result << char
|
|
@@ -38,8 +38,13 @@ module JSONC
|
|
|
38
38
|
def parse_string # rubocop:disable Metrics/MethodLength
|
|
39
39
|
char = @string[@index]
|
|
40
40
|
if char == "\\"
|
|
41
|
-
@result << char
|
|
42
|
-
@index
|
|
41
|
+
@result << char
|
|
42
|
+
if @index + 1 < @string.length
|
|
43
|
+
@result << @string[@index + 1]
|
|
44
|
+
@index += 2
|
|
45
|
+
else
|
|
46
|
+
@index += 1
|
|
47
|
+
end
|
|
43
48
|
elsif char == '"'
|
|
44
49
|
@state = :normal
|
|
45
50
|
@result << char
|
data/lib/jsonc/version.rb
CHANGED
data/lib/jsonc.rb
CHANGED
|
@@ -7,12 +7,28 @@ require_relative "jsonc/parser"
|
|
|
7
7
|
module JSONC
|
|
8
8
|
class Error < StandardError; end
|
|
9
9
|
|
|
10
|
+
DEFAULT_MAX_BYTES = 10_485_760 # 10MB
|
|
11
|
+
|
|
10
12
|
def self.parse(string, **opts)
|
|
13
|
+
max_bytes = opts.delete(:max_bytes) || DEFAULT_MAX_BYTES
|
|
14
|
+
if string.bytesize > max_bytes
|
|
15
|
+
raise JSON::ParserError,
|
|
16
|
+
"input string too large (#{string.bytesize} bytes, max #{max_bytes} bytes)"
|
|
17
|
+
end
|
|
18
|
+
|
|
11
19
|
sanitized_string = Parser.parse(string)
|
|
12
20
|
JSON.parse(sanitized_string, **opts)
|
|
13
21
|
end
|
|
14
22
|
|
|
15
23
|
def self.load_file(path, **opts)
|
|
24
|
+
max_bytes = opts.delete(:max_bytes) || DEFAULT_MAX_BYTES
|
|
25
|
+
file_size = File.size(path)
|
|
26
|
+
|
|
27
|
+
if file_size > max_bytes
|
|
28
|
+
raise JSON::ParserError,
|
|
29
|
+
"file too large (#{file_size} bytes, max #{max_bytes} bytes)"
|
|
30
|
+
end
|
|
31
|
+
|
|
16
32
|
parse(File.read(path), **opts)
|
|
17
33
|
end
|
|
18
34
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jsonc
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yoshiki Takagi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2026-01-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: A simple parser for JSONC (JSON with comments).
|
|
14
14
|
email:
|