-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Limit JSON depth of the schema in the validateSchema
- Loading branch information
Showing
4 changed files
with
198 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
modules/core/src/main/scala/io/circe/jackson/schemaddl/CirceToJsonError.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/* | ||
* Copyright (c) 2014-2024 Snowplow Analytics Ltd. All rights reserved. | ||
* | ||
* This program is licensed to you under the Apache License Version 2.0, | ||
* and you may not use this file except in compliance with the Apache License Version 2.0. | ||
* You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the Apache License Version 2.0 is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. | ||
*/ | ||
|
||
package io.circe.jackson.schemaddl | ||
|
||
sealed trait CirceToJsonError extends Product with Serializable { | ||
def message: String | ||
} | ||
|
||
object CirceToJsonError { | ||
case object MaxDepthExceeded extends CirceToJsonError { | ||
override def message: String = "Maximum allowed JSON depth exceeded" | ||
} | ||
} |
78 changes: 78 additions & 0 deletions
78
modules/core/src/main/scala/io/circe/jackson/schemaddl/package.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
/* | ||
* Copyright (c) 2014-2024 Snowplow Analytics Ltd. All rights reserved. | ||
* | ||
* This program is licensed to you under the Apache License Version 2.0, | ||
* and you may not use this file except in compliance with the Apache License Version 2.0. | ||
* You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the Apache License Version 2.0 is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. | ||
*/ | ||
|
||
package io.circe | ||
package jackson | ||
|
||
import cats.syntax.either._ | ||
import cats.syntax.traverse._ | ||
|
||
import scala.jdk.CollectionConverters._ | ||
|
||
import java.math.{BigDecimal => JBigDecimal} | ||
|
||
import com.fasterxml.jackson.databind.JsonNode | ||
import com.fasterxml.jackson.databind.node._ | ||
|
||
/** A hack to add max json depth check to circeToJackson */ | ||
package object schemaddl { | ||
private val negativeZeroJson: Json = Json.fromDoubleOrNull(-0.0) | ||
|
||
/** | ||
* Converts given circe's Json instance to Jackson's JsonNode | ||
* Numbers with exponents exceeding Integer.MAX_VALUE are converted to strings | ||
* @param json instance of circe's Json | ||
* @return converted JsonNode | ||
*/ | ||
def circeToJackson(json: Json, maxJsonDepth: Int): Either[CirceToJsonError, JsonNode] = | ||
if (maxJsonDepth <= 0) CirceToJsonError.MaxDepthExceeded.asLeft | ||
else | ||
json.fold( | ||
NullNode.instance.asRight, | ||
BooleanNode.valueOf(_).asRight, | ||
number => { | ||
if (json == negativeZeroJson) | ||
DoubleNode.valueOf(number.toDouble) | ||
else | ||
number match { | ||
case _: JsonBiggerDecimal | _: JsonBigDecimal => | ||
number.toBigDecimal | ||
.map(bigDecimal => DecimalNode.valueOf(bigDecimal.underlying)) | ||
.getOrElse(TextNode.valueOf(number.toString)) | ||
case JsonLong(x) => LongNode.valueOf(x) | ||
case JsonDouble(x) => DoubleNode.valueOf(x) | ||
case JsonFloat(x) => FloatNode.valueOf(x) | ||
case JsonDecimal(x) => | ||
try { | ||
DecimalNode.valueOf(new JBigDecimal(x)) | ||
} catch { | ||
case _: NumberFormatException => TextNode.valueOf(x) | ||
} | ||
} | ||
}.asRight, | ||
TextNode.valueOf(_).asRight, | ||
array => array.traverse(circeToJackson(_, maxJsonDepth - 1)) | ||
.map { l => JsonNodeFactory.instance.arrayNode.addAll(l.asJava) }, | ||
obj => obj.toList.traverse { | ||
case (k, v) => circeToJackson(v, maxJsonDepth - 1).map((k, _)) | ||
}.map { l => | ||
objectNodeSetAll( | ||
JsonNodeFactory.instance.objectNode, | ||
l.toMap.asJava | ||
) | ||
} | ||
) | ||
|
||
def objectNodeSetAll(node: ObjectNode, fields: java.util.Map[String, JsonNode]): JsonNode = | ||
node.setAll[JsonNode](fields) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters