jsonparse: Add max_depth, max_size and offset options

This completes all the functionality that I wanted from the JSON parser.
2025-02-01 11:01:43 +01:00 · 2025-02-01 11:01:43 +01:00 · 13eaeb1d4a
commit 13eaeb1d4a
parent abfbba3c10
3 changed files with 105 additions and 9 deletions
--- a/FU/Util.pm
+++ b/FU/Util.pm
@ -18,9 +18,9 @@ doesn't believe in the concept of a "batteries included" standard library.
 =head1 SYNOPSIS
-    use FU::Util qw/json_format/;
+  use FU::Util qw/json_format/;
-    my $data = json_format [1, 2, 3];
+  my $data = json_format [1, 2, 3];
 =head1 DESCRIPTION
@ -51,7 +51,12 @@ to format a floating point C<NaN> or C<Inf> results in an error.
 Parse a JSON string and return a Perl value. With the default options, this
 function is roughly similar to:
-    JSON::PP->new->allow_nonref->core_bools-decode($string);
+  JSON::PP->new->allow_nonref->core_bools-decode($string);
 Croaks on invalid JSON, but the error messages are not super useful.  This
 function also throws an error on JSON objects with duplicate keys, which is
 consistent with the default behavior of L<Cpanel::JSON::XS> but inconsistent
 with other modules.
 Supported C<%options>:
@ -62,6 +67,31 @@ Supported C<%options>:
 Boolean, interpret the input C<$string> as a UTF-8 encoded byte string instead
 of a Perl Unicode string.
 =item max_depth
 Maximum permitted nesting depth of arrays and objects. Defaults to 512.
 =item max_size
 Throw an error if the JSON data is larger than the given size in bytes.
 Defaults to 1 GiB.
 =item offset
 Takes a reference to a scalar that indicates from which byte offset in
 C<$string> to start parsing. On success, the offset is updated to point to the
 next non-whitespace character or C<undef> if the string has been fully
 consumed.
 This option can be used to parse a stream of JSON values:
  my $data = '{"obj":1}{"obj":2}';
  my $offset = 0;
  my $obj1 = json_parse($data, offset => \$offset);
  # $obj1 = {obj=>1};  $offset = 9;
  my $obj2 = json_parse($data, offset => \$offset);
  # $obj2 = {obj=>2};  $offset = undef;
 =back
@ -70,14 +100,14 @@ of a Perl Unicode string.
 Format a Perl value as JSON. With the default options, this function behaves
 roughly similar to:
-    JSON::PP->new->allow_nonref->core_bools->convert_blessed->encode($scalar);
+  JSON::PP->new->allow_nonref->core_bools->convert_blessed->encode($scalar);
 Some modules escape the slash character in encoded strings to prevent a
 potential XSS vulnerability when embedding JSON inside C<< <script> ..
 </script> >> tags.  This function does I<not> do that because it might not even
 be sufficient. The following is probably an improvement:
-    json_format($data) =~ s{</}{<\\/}rg =~ s/<!--/<\\u0021--/rg;
+  json_format($data) =~ s{</}{<\\/}rg =~ s/<!--/<\\u0021--/rg;
 The following C<%options> are supported:
--- a/c/jsonparse.c
+++ b/c/jsonparse.c
@ -1,6 +1,7 @@
 typedef struct {
    const unsigned char *buf;
    const unsigned char *end;
    UV depth;
 } fujson_parse_ctx;
 static SV *fujson_parse(pTHX_ fujson_parse_ctx *);
@ -153,6 +154,7 @@ static SV *fujson_parse_number(pTHX_ fujson_parse_ctx *ctx) {
 static SV *fujson_parse_array(pTHX_ fujson_parse_ctx *ctx) {
    AV *av = newAV();
    SV *r;
    if (--ctx->depth == 0) return NULL;
    ctx->buf++; /* '[' */
    fujson_parse_ws(aTHX_ ctx);
    if (ctx->buf == ctx->end) goto err;
@ -168,6 +170,7 @@ static SV *fujson_parse_array(pTHX_ fujson_parse_ctx *ctx) {
    }
 done:
    ctx->buf++; /* ']' */
    ctx->depth++;
    return newRV_noinc((SV *)av);
 err:
    SvREFCNT_dec((SV *)av);
@ -182,6 +185,7 @@ static SV *fujson_parse_obj(pTHX_ fujson_parse_ctx *ctx) {
    fustr key;
    fustr_init(&key, NULL, SIZE_MAX);
    if (--ctx->depth == 0) return NULL;
    ctx->buf++; /* '{' */
    fujson_parse_ws(aTHX_ ctx);
    if (ctx->buf == ctx->end) goto err;
@ -217,6 +221,7 @@ static SV *fujson_parse_obj(pTHX_ fujson_parse_ctx *ctx) {
 done:
    if (key.sv) SvREFCNT_dec(key.sv);
    ctx->buf++; /* '}' */
    ctx->depth++;
    return newRV_noinc((SV *)hv);
 err:
    if (key.sv) SvREFCNT_dec(key.sv);
@ -257,10 +262,13 @@ static SV *fujson_parse_xs(pTHX_ I32 ax, I32 argc, SV *val) {
    I32 i = 1;
    char *arg;
    SV *r;
    SV *offset = NULL;
    UV maxlen = 0;
    int decutf8 = 0;
    STRLEN buflen;
    fujson_parse_ctx ctx;
    ctx.depth = 0;
    while (i < argc) {
        arg = SvPV_nolen(ST(i));
        i++;
@ -269,24 +277,40 @@ static SV *fujson_parse_xs(pTHX_ I32 ax, I32 argc, SV *val) {
        i++;
        if (strcmp(arg, "utf8") == 0) decutf8 = SvPVXtrue(r);
        else if (strcmp(arg, "max_size") == 0) maxlen = SvUV(r);
        else if (strcmp(arg, "max_depth") == 0) ctx.depth = SvUV(r);
        else if (strcmp(arg, "offset") == 0) offset = r;
        else croak("Unknown flag: '%s'", arg);
    }
    if (maxlen == 0) maxlen = 1<<30;
    if (ctx.depth == 0) ctx.depth = 512;
    arg = decutf8 ? SvPVbyte(val, buflen) : SvPVutf8(val, buflen);
    ctx.buf = (const unsigned char *)arg;
    ctx.end = ctx.buf + buflen;
    if (offset) {
        if (!SvROK(offset)) croak("Offset must be a reference to a scalar");
        offset = SvRV(offset);
        if (!looks_like_number(offset) || SvIV(offset) < 0) croak("Offset must be a positive integer");
        if (SvUV(offset) >= buflen) croak("Offset too large");
        ctx.buf += SvUV(offset);
        if ((UV)(ctx.end - ctx.buf) > maxlen) ctx.end = ctx.buf + maxlen;
    } else if ((UV)(ctx.end - ctx.buf) > maxlen)
        croak("Input string is larger than max_size");
    r = fujson_parse(aTHX_ &ctx);
    if (!r) croak("JSON parsing failed at offset %"UVuf, (UV)((char *)ctx.buf - arg));
    fujson_parse_ws(aTHX_ &ctx);
-    if (ctx.buf != ctx.end) {
+    if (offset) {
        if (ctx.buf == ctx.end) sv_set_undef(offset);
        else SvUV_set(offset, (UV)((char *)ctx.buf - arg));
    } else if (ctx.buf != ctx.end) {
        SvREFCNT_dec(r);
        croak("garbage after JSON value at offset %"UVuf, (UV)((char *)ctx.buf - arg));
    }
    return sv_2mortal(r);
 }
 /* TODO: incremental parsing (accept & return a byte offset) */
 /* TODO: max_depth & max_size */
--- a/t/json_parse.t
+++ b/t/json_parse.t
@ -50,6 +50,9 @@ my @error = (
    '{,}',
    '{"":1,"":2}',
    '{"ë":1,"ë":1}',
    '[] x',
    '{}x',
 );
 for my $s (@error) {
    ok !eval { json_parse($s); 1 };
@ -177,6 +180,10 @@ for (2000..2100, 4000..4200, 8100..8200, 12200..12300, 16300..16400) {
    is json_parse("\"$s\""), $s
 }
 ok !eval { json_parse '[[[[]]]]', max_depth => 4; 1 };
 ok !eval { json_parse '{"":{"":{"":{"":1}}}}', max_depth => 4; 1 };
 # 500 depth
 {
    $v = json_parse('['x500 . ']'x500);
@ -191,4 +198,39 @@ for (2000..2100, 4000..4200, 8100..8200, 12200..12300, 16300..16400) {
    is $i, 500;
 }
 # offset / max_size
 {
    my $off = 0;
    my $str = '0123-5.3e1"x"[]{}truefalse 1  '; # cursed
    is json_parse($str, offset => \$off), 0;
    is $off, 1;
    is json_parse($str, offset => \$off, max_size => 4), 123;
    is $off, 4;
    is json_parse($str, offset => \$off), -53;
    is $off, 10;
    is json_parse($str, offset => \$off), 'x';
    is $off, 13;
    is ref json_parse($str, offset => \$off), 'ARRAY';
    is $off, 15;
    is ref json_parse($str, offset => \$off), 'HASH';
    is $off, 17;
    ok json_parse($str, offset => \$off);
    is $off, 21;
    ok !json_parse($str, offset => \$off);
    is $off, 27;
    is json_parse($str, offset => \$off), 1;
    ok !defined $off;
    ok !eval { json_parse $str, offset => \$off; 1 };
    $off = 100;
    ok !eval { json_parse $str, offset => \$off; 1 };
    $off = 17;
    ok !eval { json_parse $str, offset => \$off, max_size => 3; 1 };
    is json_parse('"string"', max_size => 8), 'string';
    ok !eval { json_parse '"string"', max_size => 7 };
 }
 done_testing;