Parsing a JSON value should fail when there is extra content in the parsed input - fixes #3260

2026-03-10 08:51:19 +00:00 · 2020-01-29 00:42:06 +01:00
parent 526db35cd2
commit 8573ce0b4f
2 changed files with 13 additions and 2 deletions
--- a/src/main/java/io/vertx/core/json/jackson/JacksonCodec.java
+++ b/src/main/java/io/vertx/core/json/jackson/JacksonCodec.java
@@ -12,6 +12,7 @@
 package io.vertx.core.json.jackson;

 import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.netty.buffer.ByteBufInputStream;
@@ -91,13 +92,18 @@ public class JacksonCodec implements JsonCodec {
  @SuppressWarnings("deprecation")
  private static <T> T fromParser(JsonParser parser, Class<T> type) throws DecodeException {
    T value;
+    JsonToken remaining;
    try {
      value = Json.mapper.readValue(parser, type);
+      remaining = parser.nextToken();
    } catch (Exception e) {
      throw new DecodeException("Failed to decode:" + e.getMessage(), e);
    } finally {
      close(parser);
    }
+    if (remaining != null) {
+      throw new DecodeException("Unexpected trailing token");
+    }
    if (type == Object.class) {
      value = (T) adapt(value);
    }
@@ -107,13 +113,18 @@ public class JacksonCodec implements JsonCodec {
  @SuppressWarnings("deprecation")
  private static <T> T fromParser(JsonParser parser, TypeReference<T> type) throws DecodeException {
    T value;
+    JsonToken remaining;
    try {
      value = Json.mapper.readValue(parser, type);
+      remaining = parser.nextToken();
    } catch (Exception e) {
      throw new DecodeException("Failed to decode:" + e.getMessage(), e);
    } finally {
      close(parser);
    }
+    if (remaining != null) {
+      throw new DecodeException("Unexpected trailing token");
+    }
    if (type.getType() == Object.class) {
      value = (T) adapt(value);
    }
--- a/src/test/java/io/vertx/core/json/JsonCodecTest.java
+++ b/src/test/java/io/vertx/core/json/JsonCodecTest.java
@@ -292,7 +292,7 @@ public class JsonCodecTest {

  @Test
  public void testDecodeJsonObjectWithInvalidJson() {
-    for (String test : new String[] { "null", "3", "\"3", "qiwjdoiqwjdiqwjd" }) {
+    for (String test : new String[] { "3", "\"3", "qiwjdoiqwjdiqwjd", "{\"foo\":1},{\"bar\":2}", "{\"foo\":1} 1234" }) {
      try {
        new JsonObject(test);
        fail();
@@ -308,7 +308,7 @@ public class JsonCodecTest {

  @Test
  public void testDecodeJsonArrayWithInvalidJson() {
-    for (String test : new String[] { "null", "3", "\"3", "qiwjdoiqwjdiqwjd" }) {
+    for (String test : new String[] { "3", "\"3", "qiwjdoiqwjdiqwjd", "[1],[2]", "[] 1234" }) {
      try {
        new JsonArray(test);
        fail();