I'm looking into why a simple Jackson JSON deserialisation setup is not failing on my clearly broken Json. In my application I MUST confirm that the input is valid json before doing mapping to Java type.
final String json = "[\"plop\"]]]]]]]]]]]]]]]]";
final ObjectMapper om = new ObjectMapper();
final JsonFactory jf = new JsonFactory();
jf.setCodec(om);
final JsonParser jp = jf.createParser(json);
jp.disable(JsonParser.Feature.ALLOW_TRAILING_COMMA);
jp.readValueAsTree()
(I run this in IntelliJ Evaluate 😎)
You see my JSON has however many dangling array close ] as I choose. The parser doesn't care about them.
Other rubbish that this setup appears to allow are:
final String json = "{}]]]]";
final String json = "[{},[]]]]]]]]";
final String json = "[{},{}]}}}}";
You see, the problem is not confined to dangling ] either - same issue for }.
I wonder if the parser stops looking for stuff after the final thing to be "expected" is seen - rather than consuming all the input.
Any ideas, anyone? Bueller?
Rich
You are right. After deserializing array (in case of "["blah"]]]"
it stops and doesn't read anything else, so you can put anything after closing ]
.
See ObjectMapper.readTree
for details.
@Override
public <T extends TreeNode> T readTree(JsonParser p)
throws IOException, JsonProcessingException
{
/* 02-Mar-2009, tatu: One twist; deserialization provider
* will map JSON null straight into Java null. But what
* we want to return is the "null node" instead.
*/
/* 05-Aug-2011, tatu: Also, must check for EOF here before
* calling readValue(), since that'll choke on it otherwise
*/
DeserializationConfig cfg = getDeserializationConfig();
JsonToken t = p.getCurrentToken();
if (t == null) {
t = p.nextToken();
if (t == null) {
return null;
}
}
JsonNode n = (JsonNode) _readValue(cfg, p, JSON_NODE_TYPE);
if (n == null) {
n = getNodeFactory().nullNode();
}
@SuppressWarnings("unchecked")
T result = (T) n;
return result;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.