| OLD | NEW |
|---|
| 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "platform/json/JSONParser.h" | 5 #include "platform/json/JSONParser.h" |
| 6 | 6 |
| 7 #include "platform/json/JSONValues.h" | 7 #include "platform/json/JSONValues.h" |
| 8 #include "testing/gtest/include/gtest/gtest.h" | 8 #include "testing/gtest/include/gtest/gtest.h" |
| 9 #include "wtf/text/StringBuilder.h" | 9 #include "wtf/text/StringBuilder.h" |
| 10 | 10 |
| (...skipping 469 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 480 const char* const invalidJson[] = { | 480 const char* const invalidJson[] = { |
| 481 "/* test *", "{\"foo\"", "{\"foo\":", " [", "\"\\u123g\"", "{\n\"eh:\n}", | 481 "/* test *", "{\"foo\"", "{\"foo\":", " [", "\"\\u123g\"", "{\n\"eh:\n}", |
| 482 "////", "*/**/", "/**/", "/*/", "//**/", "\"\\"}; | 482 "////", "*/**/", "/**/", "/*/", "//**/", "\"\\"}; |
| 483 | 483 |
| 484 for (size_t i = 0; i < WTF_ARRAY_LENGTH(invalidJson); ++i) { | 484 for (size_t i = 0; i < WTF_ARRAY_LENGTH(invalidJson); ++i) { |
| 485 std::unique_ptr<JSONValue> result = parseJSON(invalidJson[i]); | 485 std::unique_ptr<JSONValue> result = parseJSON(invalidJson[i]); |
| 486 EXPECT_FALSE(result.get()); | 486 EXPECT_FALSE(result.get()); |
| 487 } | 487 } |
| 488 } | 488 } |
| 489 | 489 |
| 490 // Test that the nesting depth can be limited to values less than 1000, but |
| 491 // cannot be extended past that maximum. |
| 492 TEST(JSONParserTest, LimitedDepth) { |
| 493 std::unique_ptr<JSONValue> root; |
| 494 |
| 495 // Test cases. Each pair is a JSON string, and the minimum depth required |
| 496 // to successfully parse that string. |
| 497 std::vector<std::pair<const char*, int>> test_cases = { |
| 498 {"[[[[[]]]]]", 5}, |
| 499 {"[[[[[\"a\"]]]]]", 6}, |
| 500 {"[[],[],[],[],[]]", 2}, |
| 501 {"{\"a\":{\"a\":{\"a\":{\"a\":{\"a\": \"a\"}}}}}", 6}, |
| 502 {"\"root\"", 1}}; |
| 503 |
| 504 for (const auto& test_case : test_cases) { |
| 505 // Each test case should parse successfully at the default depth |
| 506 root = parseJSON(test_case.first); |
| 507 EXPECT_TRUE(root.get()); |
| 508 |
| 509 // ... and should parse successfully at the minimum depth |
| 510 root = parseJSON(test_case.first, test_case.second); |
| 511 EXPECT_TRUE(root.get()); |
| 512 |
| 513 // ... but should fail to parse at a shallower depth. |
| 514 root = parseJSON(test_case.first, test_case.second - 1); |
| 515 EXPECT_FALSE(root.get()); |
| 516 } |
| 517 |
| 518 // Test that everything fails to parse with depth 0 |
| 519 root = parseJSON("", 0); |
| 520 EXPECT_FALSE(root.get()); |
| 521 root = parseJSON("", -1); |
| 522 EXPECT_FALSE(root.get()); |
| 523 root = parseJSON("true", 0); |
| 524 EXPECT_FALSE(root.get()); |
| 525 |
| 526 // Test that the limit can be set to the constant maximum. |
| 527 StringBuilder evil; |
| 528 evil.reserveCapacity(2002); |
| 529 for (int i = 0; i < 1000; ++i) |
| 530 evil.append('['); |
| 531 for (int i = 0; i < 1000; ++i) |
| 532 evil.append(']'); |
| 533 root = parseJSON(evil.toString()); |
| 534 EXPECT_TRUE(root.get()); |
| 535 root = parseJSON(evil.toString(), 1000); |
| 536 EXPECT_TRUE(root.get()); |
| 537 |
| 538 // Test that the limit cannot be set higher than the constant maximum. |
| 539 evil.clear(); |
| 540 for (int i = 0; i < 1001; ++i) |
| 541 evil.append('['); |
| 542 for (int i = 0; i < 1001; ++i) |
| 543 evil.append(']'); |
| 544 root = parseJSON(evil.toString()); |
| 545 EXPECT_FALSE(root.get()); |
| 546 root = parseJSON(evil.toString(), 1001); |
| 547 EXPECT_FALSE(root.get()); |
| 548 } |
| 549 |
| 490 } // namespace blink | 550 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2517183002:
Add a configurable maximum parse depth for the blink JSON parser. (Closed)
