[Git][java-team/libjettison-java][upstream] New upstream version 1.5.1
Markus Koschany (@apo)
gitlab at salsa.debian.org
Thu Nov 10 00:24:18 GMT 2022
Markus Koschany pushed to branch upstream at Debian Java Maintainers / libjettison-java
Commits:
bceadea9 by Markus Koschany at 2022-11-10T01:08:48+01:00
New upstream version 1.5.1
- - - - -
9 changed files:
- + .github/workflows/codeql-analysis.yml
- pom.xml
- src/main/java/org/codehaus/jettison/json/JSONObject.java
- src/main/java/org/codehaus/jettison/json/JSONTokener.java
- src/main/java/org/codehaus/jettison/mapped/DefaultConverter.java
- src/main/java/org/codehaus/jettison/mapped/MappedXMLStreamWriter.java
- src/test/java/org/codehaus/jettison/json/JSONArrayTest.java
- src/test/java/org/codehaus/jettison/json/JSONObjectTest.java
- + src/test/java/org/codehaus/jettison/json/JSONTokenerTest.java
Changes:
=====================================
.github/workflows/codeql-analysis.yml
=====================================
@@ -0,0 +1,74 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ "master" ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ "master" ]
+ schedule:
+ - cron: '38 10 * * 5'
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'java' ]
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+ # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout at v3
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init at v2
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild at v2
+
+ # ℹ️ Command-line programs to run using the OS shell..
+ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+ # If the Autobuild fails above, remove it and uncomment the following three lines.
+ # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+ # - run: |
+ # echo "Run, Build Application using script"
+ # ./location_of_script_within_repo/buildscript.sh
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze at v2
+ with:
+ category: "/language:${{matrix.language}}"
=====================================
pom.xml
=====================================
@@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
- <version>1.4.1</version>
+ <version>1.5.1</version>
<packaging>bundle</packaging>
<name>Jettison</name>
<description>A StAX implementation for JSON.</description>
@@ -17,13 +17,13 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.12</version>
+ <version>4.13.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.woodstox</groupId>
<artifactId>woodstox-core</artifactId>
- <version>5.0.3</version>
+ <version>6.2.8</version>
<scope>test</scope>
</dependency>
</dependencies>
@@ -31,7 +31,7 @@
<connection>scm:git:http://github.com/jettison-json/jettison.git</connection>
<developerConnection>scm:git:https://github.com/jettison-json/jettison.git</developerConnection>
<url>https://github.com/jettison-json/jettison</url>
- <tag>jettison-1.4.1</tag>
+ <tag>jettison-1.5.1</tag>
</scm>
<distributionManagement>
<snapshotRepository>
@@ -46,10 +46,30 @@
<build>
<plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0</version>
+ <executions>
+ <execution>
+ <id>enforce-maven</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <requireMavenVersion>
+ <version>3.2.5</version>
+ </requireMavenVersion>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
- <version>3.7.0</version>
+ <version>3.10.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
@@ -59,41 +79,42 @@
<showWarnings>true</showWarnings>
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.sonatype.plugins</groupId>
+ <artifactId>nexus-staging-maven-plugin</artifactId>
+ <version>1.6.13</version>
+ <extensions>true</extensions>
+ <configuration>
+ <serverId>ossrh</serverId>
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>
+ </configuration>
+ </plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
- <version>1.0.0</version>
+ <version>5.1.6</version>
<configuration>
<instructions>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Bundle-SymbolicName>${project.groupId}.${project.artifactId}</Bundle-SymbolicName>
<Export-Package>org.codehaus.jettison*;version=${project.version}</Export-Package>
- <Import-Package>*</Import-Package>
- <Private-Package>!*</Private-Package>
+ <Import-Package>javax.xml,*</Import-Package>
<Implementation-Title>${project.name}</Implementation-Title>
<Implementation-Version>${project.version}</Implementation-Version>
+ <_versionpolicy>[$(version;==;$(@)),$(version;+;$(@)))</_versionpolicy>
+ <_nouses>true</_nouses>
</instructions>
</configuration>
</plugin>
- <plugin>
- <groupId>org.sonatype.plugins</groupId>
- <artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.8</version>
- <extensions>true</extensions>
- <configuration>
- <serverId>ossrh</serverId>
- <nexusUrl>https://oss.sonatype.org/</nexusUrl>
- <autoReleaseAfterClose>true</autoReleaseAfterClose>
- </configuration>
- </plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
- <version>2.5.2</version>
+ <version>2.5.3</version>
<configuration>
<useReleaseProfile>false</useReleaseProfile>
<preparationGoals>clean install</preparationGoals>
@@ -114,7 +135,7 @@
<plugin>
<inherited>true</inherited>
<artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
+ <version>2.8.2</version>
<configuration>
<altDeploymentRepository>${deploy.altRepository}</altDeploymentRepository>
<updateReleaseInfo>true</updateReleaseInfo>
@@ -123,7 +144,7 @@
<!-- We want to sign the artifact, the POM, and all attached artifacts -->
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
- <version>1.6</version>
+ <version>3.0.1</version>
<executions>
<execution>
<goals>
=====================================
src/main/java/org/codehaus/jettison/json/JSONObject.java
=====================================
@@ -1350,6 +1350,7 @@ public class JSONObject implements Serializable {
while (keys.hasNext()) {
if (b) {
writer.write(',');
+ b = false;
}
String k = keys.next().toString();
Object v = this.myHashMap.get(k);
=====================================
src/main/java/org/codehaus/jettison/json/JSONTokener.java
=====================================
@@ -15,6 +15,8 @@ limitations under the License.
*/
package org.codehaus.jettison.json;
+import java.math.BigDecimal;
+
/**
* A JSONTokener takes a source string and extracts characters and tokens from
* it. It is used by the JSONObject and JSONArray constructors to parse
@@ -24,6 +26,11 @@ package org.codehaus.jettison.json;
*/
public class JSONTokener {
+ private static final String USE_BIGDECIMAL_JSONTOKENER_KEY = "jettison.json.jsontokener.use_bigdecimal";
+ public static final boolean USE_BIGDECIMAL_JSONTOKENER = Boolean.getBoolean( USE_BIGDECIMAL_JSONTOKENER_KEY );
+ protected boolean useBigDecimal = USE_BIGDECIMAL_JSONTOKENER;
+
+
/**
* The index of the next character.
*/
@@ -185,11 +192,13 @@ public class JSONTokener {
if (next() == '/') {
break;
}
- back();
}
}
break;
default:
+ if (!more()) {
+ throw syntaxError("The JSON text is malformed");
+ }
back();
return '/';
}
@@ -308,7 +317,8 @@ public class JSONTokener {
/**
- * Get the next value. The value can be a Boolean, Double, Integer,
+ * Get the next value. The value can be a Boolean, Double/BigDecimal
+ * (depending on -Djettison.json.jsontokener.use_bigdecimal), Integer,
* JSONArray, JSONObject, Long, or String, or the JSONObject.NULL object.
* @throws JSONException If syntax error.
*
@@ -398,7 +408,11 @@ public class JSONTokener {
return Long.valueOf(s);
} catch (Exception f) {
try {
- return new Double(s);
+ if (useBigDecimal) {
+ return new BigDecimal(s);
+ } else {
+ return new Double(s);
+ }
} catch (Exception g) {
return s;
}
=====================================
src/main/java/org/codehaus/jettison/mapped/DefaultConverter.java
=====================================
@@ -33,35 +33,194 @@ public class DefaultConverter implements TypeConverter {
public Object convertToJSONPrimitive(String text) {
if(text == null) return text;
- Object primitive = null;
- // Attempt to convert to Integer
- try {
- primitive = enforce32BitInt ? Integer.valueOf(text) : Long.valueOf(text);
- } catch (Exception e) {/**/}
- // Attempt to convert to double
- if (primitive == null) {
- try {
- Double v = Double.valueOf(text);
- if( !v.isInfinite() && !v.isNaN() ) {
- primitive = v;
+
+ // If there's at least one character
+ if (text.length() >= 1) {
+ // find the first character
+ char first = text.charAt(0);
+
+ // Is it incompatible with a number?
+ if ((first < '0' || first > '9') && first != '-') {
+ // Yes it is, so special case check for Boolean values
+ if (first == 't') {
+ if (text.equals("true")) {
+ return Boolean.TRUE;
+ }
+ } else if (first == 'f') {
+ if (text.equals("false")) {
+ return Boolean.FALSE;
+ }
}
- else {
+
+ // Definitely not a Boolean or a number, so return the original value
+ return text;
+ }
+ }
+
+ Object primitive = null;
+
+ if (enforce32BitInt) {
+ primitive = getInteger(text);
+ } else {
+ primitive = getLong(text);
+ }
+
+ if (primitive == null) {
+ Double dbl = getDouble(text);
+
+ if (dbl != null) {
+ if (dbl.isInfinite() || dbl.isNaN()) {
primitive = text;
}
- } catch (Exception e) {/**/}
- }
- // Attempt to convert to boolean
- if (primitive == null) {
- if(text.trim().equalsIgnoreCase("true") || text.trim().equalsIgnoreCase("false")) {
- primitive = Boolean.valueOf(text);
- }
- }
-
- if (primitive == null || !primitive.toString().equals(text)) {
- // Default String
- primitive = text;
- }
-
- return primitive;
+ else {
+ primitive = dbl;
+ }
+ }
+ }
+
+ if (primitive == null || !primitive.toString().equals(text)) {
+ // Default String
+ primitive = text;
+ }
+
+ return primitive;
+ }
+
+ private static final int MAX_LENGTH_LONG = String.valueOf(Long.MAX_VALUE).length();
+ private static final int MAX_LENGTH_LONG_NEGATIVE = String.valueOf(Long.MAX_VALUE).length() + 1;
+
+ /**
+ * Try to get a Long value efficiently, avoiding Exceptions
+ */
+ private static Long getLong(String text)
+ {
+ // handle an empty string
+ if (text.isEmpty()) return null;
+
+ // if the text is too long it can't be a Long
+ if (text.charAt(0) == '-') {
+ if (text.length() > MAX_LENGTH_LONG_NEGATIVE) {
+ return null;
+ }
+ } else if (text.length() > MAX_LENGTH_LONG) {
+ return null;
+ }
+
+ // Handle a leading minus sign
+ int i = 0;
+ if (text.charAt(0) == '-') {
+ if (text.length() > 1) {
+ i++;
+ } else {
+ return null;
+ }
+ }
+
+ // Check each character is a digit
+ for (; i < text.length(); i++) {
+ if (!Character.isDigit(text.charAt(i))) {
+ return null;
+ }
+ }
+
+ // It looks like it might be a Long, so give it a go
+ try {
+ return Long.parseLong(text);
+ } catch (Exception e) {
+ // It isn't a Long
+ return null;
+ }
+ }
+
+ private static final int MAX_LENGTH_INTEGER = String.valueOf(Integer.MAX_VALUE).length();
+ private static final int MAX_LENGTH_INTEGER_NEGATIVE = String.valueOf(Integer.MAX_VALUE).length() + 1;
+
+ /**
+ * Try to get an Integer value efficiently, avoiding Exceptions
+ */
+ private static Integer getInteger(String text) {
+ // handle an empty string
+ if (text.isEmpty()) return null;
+
+ // if the text is too long it can't be an Integer
+ if (text.charAt(0) == '-') {
+ if (text.length() > MAX_LENGTH_INTEGER_NEGATIVE) {
+ return null;
+ }
+ }
+ else if (text.length() > MAX_LENGTH_INTEGER) {
+ return null;
+ }
+
+ // Handle a leading minus sign
+ int i = 0;
+ if (text.charAt(0) == '-') {
+ if (text.length() > 1) {
+ i++;
+ } else {
+ return null;
+ }
+ }
+
+ // Check each character is a digit
+ for (; i < text.length(); i++) {
+ if (!Character.isDigit(text.charAt(i))) {
+ return null;
+ }
+ }
+
+ // It looks like it might be an Integer, so give it a go
+ try {
+ return Integer.parseInt(text);
+ } catch (Exception e) {
+ // It isn't an Integer
+ return null;
+ }
+ }
+
+ /**
+ * Try to get a Double value efficiently, avoiding Exceptions
+ */
+ private static Double getDouble(String text) {
+ boolean foundDP = false;
+ boolean foundExp = false;
+
+ // handle an empty string
+ if (text.isEmpty())
+ return null;
+
+ // Handle a leading minus sign
+ int i = 0;
+ if (text.charAt(0) == '-') {
+ if (text.length() > 1)
+ i++;
+ else
+ return null;
+ }
+
+ // Check each character is a digit
+ for (; i < text.length(); i++) {
+ char next = text.charAt(i);
+ if (!Character.isDigit(next)) {
+ if (next == '.') {
+ if (foundDP)
+ return null;
+ foundDP = true;
+ } else if (next == 'E' || next == 'e') {
+ if (foundExp)
+ return null;
+ foundExp = true;
+ } else
+ return null;
+ }
+ }
+
+ // It looks like it might be a Double, so give it a go
+ try {
+ return Double.parseDouble(text);
+ } catch (Exception e) {
+ // It isn't a Double
+ return null;
+ }
}
}
=====================================
src/main/java/org/codehaus/jettison/mapped/MappedXMLStreamWriter.java
=====================================
@@ -243,6 +243,10 @@ public class MappedXMLStreamWriter extends AbstractXMLStreamWriter {
}
public void writeStartElement(String prefix, String local, String ns) throws XMLStreamException {
+ if (current == null) {
+ this.writeStartDocument();
+ }
+
String parentKey = current.getTreeKey();
stack.push(current);
String key = convention.createKey(prefix, ns, local);
=====================================
src/test/java/org/codehaus/jettison/json/JSONArrayTest.java
=====================================
@@ -43,6 +43,24 @@ public class JSONArrayTest extends TestCase {
String expectedValue = "[\"a string with / character\",{\"key\":\"http://example.com/foo\"}]";
assertEquals(expectedValue, array.toString());
}
-
-
+
+ public void testInfiniteLoop() {
+ String str = "[*/*A25] **";
+ try {
+ new JSONArray(str);
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
+
+ public void testInfiniteLoop2() {
+ String str = "[/";
+ try {
+ new JSONArray(str);
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
}
=====================================
src/test/java/org/codehaus/jettison/json/JSONObjectTest.java
=====================================
@@ -92,5 +92,60 @@ public class JSONObjectTest extends TestCase {
assertEquals(obj.toString(), "{\"key\":\"http://example.com/foo\"}");
obj.setEscapeForwardSlashAlways(true);
assertEquals(obj.toString(), "{\"key\":\"http:\\/\\/example.com\\/foo\"}");
- }
+ }
+
+ public void testMalformedObject() throws Exception {
+ try {
+ new JSONObject("{/");
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
+
+ public void testMalformedObject2() throws Exception {
+ try {
+ new JSONObject("{x");
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
+
+ public void testMalformedObject3() throws Exception {
+ try {
+ new JSONObject("{/x");
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
+
+ public void testMalformedObject4() throws Exception {
+ try {
+ new JSONObject("{/*");
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
+
+ public void testMalformedObject5() throws Exception {
+ try {
+ new JSONObject("{//");
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
+
+ public void testMalformedArray() throws Exception {
+ try {
+ new JSONObject("{[/");
+ fail("Failure expected on malformed JSON");
+ } catch (JSONException ex) {
+ // expected
+ }
+ }
+
}
=====================================
src/test/java/org/codehaus/jettison/json/JSONTokenerTest.java
=====================================
@@ -0,0 +1,27 @@
+package org.codehaus.jettison.json;
+
+import java.math.BigDecimal;
+
+import junit.framework.TestCase;
+
+public class JSONTokenerTest extends TestCase {
+
+ public void testDoublePrecision() throws Exception {
+ JSONTokener doubleTokener = new JSONTokener("9999999999999.9999");
+ Object nextValue = doubleTokener.nextValue();
+ assertEquals(Double.class, nextValue.getClass());
+ assertEquals(Double.valueOf("1.0E13"), nextValue);
+ }
+
+ public void testBigDecimalPrecision() throws Exception {
+ JSONTokener bigDecimalTokener = new JSONTokener("9999999999999.9999") {
+ {
+ this.useBigDecimal = true;
+ }
+ };
+ Object nextValue = bigDecimalTokener.nextValue();
+ assertEquals(BigDecimal.class, nextValue.getClass());
+ assertEquals(new BigDecimal("9999999999999.9999"), nextValue);
+ }
+
+}
View it on GitLab: https://salsa.debian.org/java-team/libjettison-java/-/commit/bceadea9f2679d4e353711414a85323f1444e200
--
View it on GitLab: https://salsa.debian.org/java-team/libjettison-java/-/commit/bceadea9f2679d4e353711414a85323f1444e200
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20221110/7efe2c4d/attachment.htm>
More information about the pkg-java-commits
mailing list