rollbar 2.18.0 → 2.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +7 -1
  3. data/lib/rollbar/configuration.rb +1 -1
  4. data/lib/rollbar/scrubbers/params.rb +17 -9
  5. data/lib/rollbar/scrubbers/url.rb +18 -13
  6. data/lib/rollbar/version.rb +1 -1
  7. data/spec/rollbar/scrubbers/params_spec.rb +148 -39
  8. data/spec/rollbar/scrubbers/url_spec.rb +53 -24
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e357b034a0d0686c4ff7e2df37e4500b964ff1d8
4
- data.tar.gz: 8af0947410c8afd1a1b8e7d6691cc57651f0906f
3
+ metadata.gz: cc9f32ab8c6d24f72b8c9da57f175524f7942f39
4
+ data.tar.gz: f46f2f866b7a0049ce8a0e2d2e5af6763bed93dc
5
5
  SHA512:
6
- metadata.gz: 1d320a75cf677e32ab3bf635bdff22235b39b44e4dce406b74151a2bbd9e344fb0113a2130061e93c1cd473a1f27964c97ad2b68c8a8b20b69766b9dd951cdb8
7
- data.tar.gz: 371056dcb28f6247fafbd6404e1a39f873660060758393119b588cd15e9c8b67f349407422ca31b5ce163dd48a1b356ad665fcbb8d42a31ebcf81b3701150961
6
+ metadata.gz: 6f7c1ac02748f5b3c669fe694ecb9989c6cc941ab6321cc4a3faa4f6ad9f28ebe9efedf1add9b1fad7ba328561921a0d456c8ed2bdfb3feb2e773baebbece73d
7
+ data.tar.gz: 111635866796fc71e1cb6e261661d6c7094a19afabbb591aec0690bf9927bd00cedca2470fdd8544fd62d9d3a1f35f23a63c6ef904e1a31f089d0f2d5a8fced6
data/Gemfile CHANGED
@@ -12,7 +12,13 @@ gem 'rake'
12
12
  gem 'rspec-rails', '~> 3.4'
13
13
  gem 'sqlite3', :platform => [:ruby, :mswin, :mingw]
14
14
 
15
- gem 'oj', '~> 2.12.14' unless is_jruby
15
+ unless is_jruby
16
+ if RUBY_VERSION >= '2.4.0'
17
+ gem 'oj', '~> 2.16.1'
18
+ else
19
+ gem 'oj', '~> 2.12.14'
20
+ end
21
+ end
16
22
 
17
23
  if RUBY_VERSION > '1.8.7' && RUBY_VERSION < '2.2.2'
18
24
  gem 'sidekiq', '>= 2.13.0', '< 5.0'
data/lib/rollbar/configuration.rb CHANGED
@@ -111,7 +111,7 @@ module Rollbar
111
111
  @scrub_user = true
112
112
  @scrub_password = true
113
113
  @randomize_scrub_length = true
114
- @scrub_whitelist = false
114
+ @scrub_whitelist = []
115
115
  @uncaught_exception_level = 'error'
116
116
  @scrub_headers = ['Authorization']
117
117
  @sidekiq_threshold = 0
data/lib/rollbar/scrubbers/params.rb CHANGED
@@ -6,7 +6,8 @@ module Rollbar
6
6
  # This class contains the logic to scrub the received parameters. It will
7
7
  # scrub the parameters matching Rollbar.configuration.scrub_fields Array.
8
8
  # Also, if that configuration option is set to :scrub_all, it will scrub all
9
- # received parameters
9
+ # received parameters. It will not scrub anything that is in the scrub_whitelist
10
+ # configuration array even if :scrub_all is true.
10
11
  class Params
11
12
  SKIPPED_CLASSES = [::Tempfile]
12
13
  ATTACHMENT_CLASSES = %w(ActionDispatch::Http::UploadedFile Rack::Multipart::UploadedFile).freeze
@@ -22,7 +23,7 @@ module Rollbar
22
23
 
23
24
  config = options[:config]
24
25
  extra_fields = options[:extra_fields]
25
- whitelist = options[:whitelist] | false
26
+ whitelist = options[:whitelist] || []
26
27
 
27
28
  scrub(params, build_scrub_options(config, extra_fields, whitelist))
28
29
  end
@@ -35,7 +36,7 @@ module Rollbar
35
36
  {
36
37
  :fields_regex => build_fields_regex(ary_config, extra_fields),
37
38
  :scrub_all => ary_config.include?(SCRUB_ALL),
38
- :whitelist => whitelist
39
+ :whitelist => build_whitelist_regex(whitelist)
39
40
  }
40
41
  end
41
42
 
@@ -48,26 +49,33 @@ module Rollbar
48
49
  Regexp.new(fields.map { |val| Regexp.escape(val.to_s).to_s }.join('|'), true)
49
50
  end
50
51
 
52
+ def build_whitelist_regex(whitelist)
53
+ fields = whitelist.find_all { |f| f.is_a?(String) || f.is_a?(Symbol) }
54
+ return unless fields.any?
55
+ Regexp.new(fields.map { |val| /\A#{Regexp.escape(val.to_s)}\z/ }.join('|'))
56
+ end
57
+
51
58
  def scrub(params, options)
52
59
  fields_regex = options[:fields_regex]
53
60
  scrub_all = options[:scrub_all]
54
- whitelist = options[:whitelist]
61
+ whitelist_regex = options[:whitelist]
55
62
 
56
63
  return scrub_array(params, options) if params.is_a?(Array)
57
64
 
58
65
  params.to_hash.inject({}) do |result, (key, value)|
59
- if fields_regex === Rollbar::Encoding.encode(key).to_s
60
- result[key] = whitelist ? rollbar_filtered_param_value(value) : scrub_value(value)
66
+ encoded_key = Rollbar::Encoding.encode(key).to_s
67
+ if (fields_regex === encoded_key) && !(whitelist_regex === encoded_key)
68
+ result[key] = scrub_value(value)
61
69
  elsif value.is_a?(Hash)
62
70
  result[key] = scrub(value, options)
71
+ elsif scrub_all && !(whitelist_regex === encoded_key)
72
+ result[key] = scrub_value(value)
63
73
  elsif value.is_a?(Array)
64
74
  result[key] = scrub_array(value, options)
65
75
  elsif skip_value?(value)
66
76
  result[key] = "Skipped value of class '#{value.class.name}'"
67
- elsif scrub_all
68
- result[key] = scrub_value(value)
69
77
  else
70
- result[key] = whitelist ? scrub_value(value) : rollbar_filtered_param_value(value)
78
+ result[key] = rollbar_filtered_param_value(value)
71
79
  end
72
80
 
73
81
  result
data/lib/rollbar/scrubbers/url.rb CHANGED
@@ -6,6 +6,8 @@ require 'rollbar/language_support'
6
6
  module Rollbar
7
7
  module Scrubbers
8
8
  class URL
9
+ SCRUB_ALL = :scrub_all
10
+
9
11
  def self.call(*args)
10
12
  new.call(*args)
11
13
  end
@@ -19,7 +21,8 @@ module Rollbar
19
21
  options[:scrub_user],
20
22
  options[:scrub_password],
21
23
  options.fetch(:randomize_scrub_length, true),
22
- options[:whitelist])
24
+ options[:scrub_fields].include?(SCRUB_ALL),
25
+ build_whitelist_regex(options[:whitelist] || []))
23
26
  rescue => e
24
27
  Rollbar.logger.error("[Rollbar] There was an error scrubbing the url: #{e}, options: #{options.inspect}")
25
28
  url
@@ -27,12 +30,18 @@ module Rollbar
27
30
 
28
31
  private
29
32
 
30
- def filter(url, regex, scrub_user, scrub_password, randomize_scrub_length, whitelist)
33
+ def build_whitelist_regex(whitelist)
34
+ fields = whitelist.find_all { |f| f.is_a?(String) || f.is_a?(Symbol) }
35
+ return unless fields.any?
36
+ Regexp.new(fields.map { |val| /\A#{Regexp.escape(val.to_s)}\z/ }.join('|'))
37
+ end
38
+
39
+ def filter(url, regex, scrub_user, scrub_password, randomize_scrub_length, scrub_all, whitelist)
31
40
  uri = URI.parse(url)
32
41
 
33
42
  uri.user = filter_user(uri.user, scrub_user, randomize_scrub_length)
34
43
  uri.password = filter_password(uri.password, scrub_password, randomize_scrub_length)
35
- uri.query = filter_query(uri.query, regex, randomize_scrub_length, whitelist)
44
+ uri.query = filter_query(uri.query, regex, randomize_scrub_length, scrub_all, whitelist)
36
45
 
37
46
  uri.to_s
38
47
  end
@@ -53,12 +62,12 @@ module Rollbar
53
62
  scrub_password && password ? filtered_value(password, randomize_scrub_length) : password
54
63
  end
55
64
 
56
- def filter_query(query, regex, randomize_scrub_length, whitelist)
65
+ def filter_query(query, regex, randomize_scrub_length, scrub_all, whitelist)
57
66
  return query unless query
58
67
 
59
68
  params = decode_www_form(query)
60
69
 
61
- encoded_query = encode_www_form(filter_query_params(params, regex, randomize_scrub_length, whitelist))
70
+ encoded_query = encode_www_form(filter_query_params(params, regex, randomize_scrub_length, scrub_all, whitelist))
62
71
 
63
72
  # We want this to rebuild array params like foo[]=1&foo[]=2
64
73
  URI.escape(CGI.unescape(encoded_query))
@@ -72,18 +81,14 @@ module Rollbar
72
81
  URI.encode_www_form(params)
73
82
  end
74
83
 
75
- def filter_query_params(params, regex, randomize_scrub_length, whitelist)
84
+ def filter_query_params(params, regex, randomize_scrub_length, scrub_all, whitelist)
76
85
  params.map do |key, value|
77
- if whitelist
78
- [key, filter_key?(key, regex) ? value : filtered_value(value, randomize_scrub_length)]
79
- else
80
- [key, filter_key?(key, regex) ? filtered_value(value, randomize_scrub_length) : value]
81
- end
86
+ [key, filter_key?(key, regex, scrub_all, whitelist) ? filtered_value(value, randomize_scrub_length) : value]
82
87
  end
83
88
  end
84
89
 
85
- def filter_key?(key, regex)
86
- !!(key =~ regex)
90
+ def filter_key?(key, regex, scrub_all, whitelist)
91
+ !(whitelist === key) && (scrub_all || regex === key)
87
92
  end
88
93
 
89
94
  def filtered_value(value, randomize_scrub_length)
data/lib/rollbar/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Rollbar
2
- VERSION = '2.18.0'
2
+ VERSION = '2.18.2'
3
3
  end
data/spec/rollbar/scrubbers/params_spec.rb CHANGED
@@ -278,31 +278,140 @@ describe Rollbar::Scrubbers::Params do
278
278
  context 'with :scrub_all option' do
279
279
  let(:scrub_config) { :scrub_all }
280
280
 
281
- let(:params) do
282
- {
283
- :foo => 'bar',
284
- :password => 'the-password',
285
- :bar => 'foo',
286
- :extra => {
287
- :foo => 'more-foo',
288
- :bar => 'more-bar'
281
+ context 'with simple hash' do
282
+ let(:params) do
283
+ {
284
+ :foo => 'bar',
285
+ :password => 'the-password',
286
+ :bar => 'foo',
287
+ :extra => {
288
+ :foo => 'more-foo',
289
+ :bar => 'more-bar'
290
+ }
289
291
  }
290
- }
292
+ end
293
+ let(:result) do
294
+ {
295
+ :foo => /\*+/,
296
+ :password => /\*+/,
297
+ :bar => /\*+/,
298
+ :extra => {
299
+ :foo => /\*+/,
300
+ :bar => /\*+/
301
+ }
302
+ }
303
+ end
304
+
305
+ it 'scrubs the required parameters' do
306
+ expect(subject.call(options)).to be_eql_hash_with_regexes(result)
307
+ end
291
308
  end
292
- let(:result) do
293
- {
294
- :foo => /\*+/,
295
- :password => /\*+/,
296
- :bar => /\*+/,
297
- :extra => {
309
+
310
+ context 'with nested arrays' do
311
+ let(:params) do
312
+ {
313
+ :foo => 'bar',
314
+ :password => 'the-password',
315
+ :bar => 'foo',
316
+ :extra => [
317
+ 'hello world',
318
+ {
319
+ :foo => 'more-foo',
320
+ :bar => 'more-bar'
321
+ }
322
+ ]
323
+ }
324
+ end
325
+ let(:result) do
326
+ {
298
327
  :foo => /\*+/,
299
- :bar => /\*+/
328
+ :password => /\*+/,
329
+ :bar => /\*+/,
330
+ :extra => /\*+/,
300
331
  }
301
- }
332
+ end
333
+
334
+ it 'scrubs the required parameters' do
335
+ expect(subject.call(options)).to be_eql_hash_with_regexes(result)
336
+ end
302
337
  end
303
338
 
304
- it 'scrubs the required parameters' do
305
- expect(subject.call(options)).to be_eql_hash_with_regexes(result)
339
+ context 'and with :whitelist option' do
340
+ let (:whitelist) { [:foo, :buzz] }
341
+
342
+ context 'with simple hash' do
343
+ let(:params) do
344
+ {
345
+ :foo => 'bar',
346
+ :password => 'the-password',
347
+ :bar => 'foo',
348
+ :extra => {
349
+ :foo => 'more-foo',
350
+ :bar => 'more-bar'
351
+ }
352
+ }
353
+ end
354
+ let(:result) do
355
+ {
356
+ :foo => 'bar',
357
+ :password => /\*+/,
358
+ :bar => /\*+/,
359
+ :extra => {
360
+ :foo => 'more-foo',
361
+ :bar => /\*+/
362
+ }
363
+ }
364
+ end
365
+
366
+ it 'scrubs the required parameters' do
367
+ expect(subject.call(options)).to be_eql_hash_with_regexes(result)
368
+ end
369
+ end
370
+
371
+ context 'with nested arrays' do
372
+ let(:params) do
373
+ {
374
+ :foo => 'bar',
375
+ :password => 'the-password',
376
+ :bar => 'foo',
377
+ :extra => [
378
+ 'hello world',
379
+ {
380
+ :foo => 'more-foo',
381
+ :bar => 'more-bar'
382
+ }
383
+ ],
384
+ :buzz => [
385
+ 'fizzbuzz',
386
+ {
387
+ :a => 42,
388
+ :foo => 'another-foo',
389
+ :b => 'this should be scrubbed'
390
+ }
391
+ ]
392
+ }
393
+ end
394
+ let(:result) do
395
+ {
396
+ :foo => 'bar',
397
+ :password => /\*+/,
398
+ :bar => /\*+/,
399
+ :extra => /\*+/,
400
+ :buzz => [
401
+ 'fizzbuzz',
402
+ {
403
+ :a => /\*+/,
404
+ :foo => 'another-foo',
405
+ :b => /\*+/
406
+ }
407
+ ]
408
+ }
409
+ end
410
+
411
+ it 'scrubs the required parameters' do
412
+ expect(subject.call(options)).to be_eql_hash_with_regexes(result)
413
+ end
414
+ end
306
415
  end
307
416
  end
308
417
 
@@ -311,7 +420,7 @@ describe Rollbar::Scrubbers::Params do
311
420
  [:secret, :password]
312
421
  end
313
422
 
314
- let(:whitelist) { true }
423
+ let(:whitelist) { [:password] }
315
424
 
316
425
  context 'with Array object' do
317
426
  let(:params) do
@@ -327,10 +436,10 @@ describe Rollbar::Scrubbers::Params do
327
436
  let(:result) do
328
437
  [
329
438
  {
330
- :foo => /\*+/,
331
- :secret => 'the-secret',
439
+ :foo => 'bar',
440
+ :secret => /\*+/,
332
441
  :password => 'the-password',
333
- :password_confirmation => 'the-password'
442
+ :password_confirmation => /\*+/
334
443
  }
335
444
  ]
336
445
  end
@@ -351,10 +460,10 @@ describe Rollbar::Scrubbers::Params do
351
460
  end
352
461
  let(:result) do
353
462
  {
354
- :foo => /\*+/,
355
- :secret => 'the-secret',
463
+ :foo => 'bar',
464
+ :secret => /\*+/,
356
465
  :password => 'the-password',
357
- :password_confirmation => 'the-password'
466
+ :password_confirmation => /\*+/
358
467
  }
359
468
  end
360
469
 
@@ -384,15 +493,15 @@ describe Rollbar::Scrubbers::Params do
384
493
  end
385
494
  let(:result) do
386
495
  {
387
- :foo => /\*+/,
496
+ :foo => 'bar',
388
497
  :extra => {
389
- :secret => 'the-secret',
498
+ :secret => /\*+/,
390
499
  :password => 'the-password',
391
- :password_confirmation => 'the-password'
500
+ :password_confirmation => /\*+/
392
501
  },
393
502
  :other => {
394
- :param => 'filtered',
395
- :to_scrub => /\*+/
503
+ :param => /\*+/,
504
+ :to_scrub => 'to_scrub'
396
505
  }
397
506
  }
398
507
  end
@@ -423,15 +532,15 @@ describe Rollbar::Scrubbers::Params do
423
532
  end
424
533
  let(:result) do
425
534
  {
426
- :foo => /\*+/,
535
+ :foo => 'bar',
427
536
  :extra => [{
428
- :secret => 'the-secret',
537
+ :secret => /\*+/,
429
538
  :password => 'the-password',
430
- :password_confirmation => 'the-password'
539
+ :password_confirmation => /\*+/
431
540
  }],
432
541
  :other => [{
433
- :param => 'filtered',
434
- :to_scrub => /\*+/
542
+ :param => /\*+/,
543
+ :to_scrub => 'to_scrub'
435
544
  }]
436
545
  }
437
546
  end
@@ -456,11 +565,11 @@ describe Rollbar::Scrubbers::Params do
456
565
  end
457
566
  let(:result) do
458
567
  {
459
- :foo => /\*+/,
568
+ :foo => 'bar',
460
569
  :extra => [{
461
- :secret => 'the-secret',
570
+ :secret => /\*+/,
462
571
  :password => 'the-password',
463
- :password_confirmation => 'the-password',
572
+ :password_confirmation => /\*+/,
464
573
  :skipped => "Skipped value of class 'Tempfile'"
465
574
  }]
466
575
  }
data/spec/rollbar/scrubbers/url_spec.rb CHANGED
@@ -11,11 +11,11 @@ describe Rollbar::Scrubbers::URL do
11
11
  :scrub_password => false,
12
12
  :randomize_scrub_length => true
13
13
  }
14
-
14
+
15
15
  if defined? whitelist
16
16
  options[:whitelist] = whitelist
17
17
  end
18
-
18
+
19
19
  options
20
20
  end
21
21
 
@@ -138,25 +138,25 @@ describe Rollbar::Scrubbers::URL do
138
138
  end
139
139
  end
140
140
  end
141
-
141
+
142
142
  context 'in whitelist mode' do
143
-
144
- let(:whitelist) { true }
145
-
143
+
144
+ let(:whitelist) { [:user, :secret] }
145
+
146
146
  context 'with ruby different from 1.8' do
147
147
  next unless Rollbar::LanguageSupport.can_scrub_url?
148
-
148
+
149
149
  context 'cannot scrub URLs' do
150
-
150
+
151
151
  let(:url) { 'http://user:password@foo.com/some-interesting-path#fragment' }
152
-
152
+
153
153
  it 'returns the URL without any change' do
154
154
  expect(subject.call(options)).to be_eql(url)
155
155
  end
156
156
  end
157
-
157
+
158
158
  context 'scrubbing user and password' do
159
-
159
+
160
160
  let(:options) do
161
161
  {
162
162
  :url => url,
@@ -166,41 +166,70 @@ describe Rollbar::Scrubbers::URL do
166
166
  :whitelist => whitelist
167
167
  }
168
168
  end
169
-
169
+
170
170
  let(:url) { 'http://user:password@foo.com/some-interesting-path#fragment' }
171
-
171
+
172
172
  it 'returns the URL without any change' do
173
173
  expected_url = /http:\/\/\*{3,8}:\*{3,8}@foo.com\/some-interesting\-path#fragment/
174
-
174
+
175
175
  expect(subject.call(options)).to match(expected_url)
176
176
  end
177
177
  end
178
-
178
+
179
+ context 'with scrub_all' do
180
+ let(:options) do
181
+ {
182
+ :url => url,
183
+ :scrub_fields => [:scrub_all],
184
+ :scrub_password => false,
185
+ :scrub_user => false,
186
+ :whitelist => whitelist
187
+ }
188
+ end
189
+ let(:url) { 'http://foo.com/some-interesting-path?foo=bar&password=mypassword&secret=somevalue&dont_scrub=foo#fragment' }
190
+
191
+ it 'returns the URL with some params filtered' do
192
+ expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password=\*{3,8}&secret=somevalue&dont_scrub=\*{3,8}#fragment/
193
+
194
+ expect(subject.call(options)).to match(expected_url)
195
+ end
196
+
197
+ context 'having array params' do
198
+ let(:url) { 'http://foo.com/some-interesting-path?foo=bar&password[]=mypassword&password[]=otherpassword&secret=somevalue&dont_scrub=foo#fragment' }
199
+
200
+ it 'returns the URL with some params filtered' do
201
+ expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password\[\]=\*{3,8}&password\[\]=\*{3,8}&secret=somevalue&dont_scrub=\*{3,8}#fragment/
202
+
203
+ expect(subject.call(options)).to match(expected_url)
204
+ end
205
+ end
206
+ end
207
+
179
208
  context 'with params to be filtered' do
180
209
  let(:options) do
181
210
  {
182
211
  :url => url,
183
- :scrub_fields => [:dont_scrub],
212
+ :scrub_fields => [:dont_scrub, :secret, :password, :foo],
184
213
  :scrub_password => false,
185
214
  :scrub_user => false,
186
215
  :whitelist => whitelist
187
216
  }
188
217
  end
189
-
218
+
190
219
  let(:url) { 'http://foo.com/some-interesting-path?foo=bar&password=mypassword&secret=somevalue&dont_scrub=foo#fragment' }
191
-
220
+
192
221
  it 'returns the URL with some params filtered' do
193
- expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password=\*{3,8}&secret=\*{3,8}&dont_scrub=foo#fragment/
194
-
222
+ expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password=\*{3,8}&secret=somevalue&dont_scrub=\*{3,8}#fragment/
223
+
195
224
  expect(subject.call(options)).to match(expected_url)
196
225
  end
197
-
226
+
198
227
  context 'having array params' do
199
228
  let(:url) { 'http://foo.com/some-interesting-path?foo=bar&password[]=mypassword&password[]=otherpassword&secret=somevalue&dont_scrub=foo#fragment' }
200
-
229
+
201
230
  it 'returns the URL with some params filtered' do
202
- expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password\[\]=\*{3,8}&password\[\]=\*{3,8}&secret=\*{3,8}&dont_scrub=foo#fragment/
203
-
231
+ expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password\[\]=\*{3,8}&password\[\]=\*{3,8}&secret=somevalue&dont_scrub=\*{3,8}#fragment/
232
+
204
233
  expect(subject.call(options)).to match(expected_url)
205
234
  end
206
235
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rollbar
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.18.0
4
+ version: 2.18.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rollbar, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-09-26 00:00:00.000000000 Z
11
+ date: 2018-12-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: multi_json