From 062d2ee6f798205c3046730d0d348cfd0d0bc09d Mon Sep 17 00:00:00 2001 From: naruse Date: Tue, 12 Feb 2013 03:05:45 +0000 Subject: * ext/json: merge JSON 1.7.7. This includes security fix. [CVE-2013-0269] https://github.com/flori/json/commit/d0a62f3ced7560daba2ad546d83f0479a5ae2cf2 https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39208 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/json/fixtures/fail18.json | 2 +- test/json/test_json.rb | 34 +++++++++++--------- test/json/test_json_addition.rb | 56 +++++++++++++++++++-------------- test/json/test_json_encoding.rb | 2 +- test/json/test_json_fixtures.rb | 2 +- test/json/test_json_generate.rb | 57 +++++++++++++++++++++++++++++++--- test/json/test_json_generic_object.rb | 43 +++++++++++++++++++------ test/json/test_json_string_matching.rb | 9 +++--- test/json/test_json_unicode.rb | 2 +- 9 files changed, 147 insertions(+), 60 deletions(-) (limited to 'test') diff --git a/test/json/fixtures/fail18.json b/test/json/fixtures/fail18.json index e2d130c6eb..ebc11eb4c2 100644 --- a/test/json/fixtures/fail18.json +++ b/test/json/fixtures/fail18.json @@ -1 +1 @@ -[[[[[[[[[[[[[[[[[[[["Too deep"]]]]]]]]]]]]]]]]]]]] +[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["Too deep"]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] diff --git a/test/json/test_json.rb b/test/json/test_json.rb index 22cd5ee5a5..6af6b32208 100755 --- a/test/json/test_json.rb +++ b/test/json/test_json.rb @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -# -*- coding: utf-8 -*- +# encoding: utf-8 require 'test/unit' require File.join(File.dirname(__FILE__), 'setup_variant') @@ -329,12 +329,12 @@ class TestJSON < Test::Unit::TestCase def test_generate_core_subclasses_with_new_to_json obj = SubHash2["foo" => SubHash2["bar" => true]] obj_json = JSON(obj) - obj_again = JSON(obj_json) + obj_again = JSON.parse(obj_json, :create_additions => true) assert_kind_of SubHash2, obj_again assert_kind_of SubHash2, obj_again['foo'] assert obj_again['foo']['bar'] assert_equal obj, obj_again - assert_equal ["foo"], JSON(JSON(SubArray2["foo"])) + assert_equal ["foo"], JSON(JSON(SubArray2["foo"]), :create_additions => true) end def test_generate_core_subclasses_with_default_to_json @@ -446,12 +446,12 @@ EOT assert_raises(JSON::NestingError) { JSON.parse '[[]]', :max_nesting => 1 } assert_raises(JSON::NestingError) { JSON.parser.new('[[]]', :max_nesting => 1).parse } assert_equal [[]], JSON.parse('[[]]', :max_nesting => 2) - too_deep = '[[[[[[[[[[[[[[[[[[[["Too deep"]]]]]]]]]]]]]]]]]]]]' + too_deep = '[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["Too deep"]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]' too_deep_ary = eval too_deep assert_raises(JSON::NestingError) { JSON.parse too_deep } assert_raises(JSON::NestingError) { JSON.parser.new(too_deep).parse } - assert_raises(JSON::NestingError) { JSON.parse too_deep, :max_nesting => 19 } - ok = JSON.parse too_deep, :max_nesting => 20 + assert_raises(JSON::NestingError) { JSON.parse too_deep, :max_nesting => 100 } + ok = JSON.parse too_deep, :max_nesting => 101 assert_equal too_deep_ary, ok ok = JSON.parse too_deep, :max_nesting => nil assert_equal too_deep_ary, ok @@ -462,8 +462,8 @@ EOT assert_raises(JSON::NestingError) { JSON.generate [[]], :max_nesting => 1 } assert_equal '[[]]', JSON.generate([[]], :max_nesting => 2) assert_raises(JSON::NestingError) { JSON.generate too_deep_ary } - assert_raises(JSON::NestingError) { JSON.generate too_deep_ary, :max_nesting => 19 } - ok = JSON.generate too_deep_ary, :max_nesting => 20 + assert_raises(JSON::NestingError) { JSON.generate too_deep_ary, :max_nesting => 100 } + ok = JSON.generate too_deep_ary, :max_nesting => 101 assert_equal too_deep, ok ok = JSON.generate too_deep_ary, :max_nesting => nil assert_equal too_deep, ok @@ -493,19 +493,25 @@ EOT assert_equal nil, JSON.load('') end + def test_load_with_options + small_hash = JSON("foo" => 'bar') + symbol_hash = { :foo => 'bar' } + assert_equal symbol_hash, JSON.load(small_hash, nil, :symbolize_names => true) + end + def test_dump - too_deep = '[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]' + too_deep = '[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]' assert_equal too_deep, JSON.dump(eval(too_deep)) assert_kind_of String, Marshal.dump(eval(too_deep)) - assert_raises(ArgumentError) { JSON.dump(eval(too_deep), 19) } - assert_raises(ArgumentError) { Marshal.dump(eval(too_deep), 19) } - assert_equal too_deep, JSON.dump(eval(too_deep), 20) - assert_kind_of String, Marshal.dump(eval(too_deep), 20) + assert_raises(ArgumentError) { JSON.dump(eval(too_deep), 100) } + assert_raises(ArgumentError) { Marshal.dump(eval(too_deep), 100) } + assert_equal too_deep, JSON.dump(eval(too_deep), 101) + assert_kind_of String, Marshal.dump(eval(too_deep), 101) output = StringIO.new JSON.dump(eval(too_deep), output) assert_equal too_deep, output.string output = StringIO.new - JSON.dump(eval(too_deep), output, 20) + JSON.dump(eval(too_deep), output, 101) assert_equal too_deep, output.string end diff --git a/test/json/test_json_addition.rb b/test/json/test_json_addition.rb index 707aa322d9..a30f06addd 100755 --- a/test/json/test_json_addition.rb +++ b/test/json/test_json_addition.rb @@ -73,11 +73,19 @@ class TestJSONAddition < Test::Unit::TestCase a = A.new(666) assert A.json_creatable? json = generate(a) - a_again = JSON.parse(json) + a_again = JSON.parse(json, :create_additions => true) assert_kind_of a.class, a_again assert_equal a, a_again end + def test_extended_json_default + a = A.new(666) + assert A.json_creatable? + json = generate(a) + a_hash = JSON.parse(json) + assert_kind_of Hash, a_hash + end + def test_extended_json_disabled a = A.new(666) assert A.json_creatable? @@ -104,7 +112,7 @@ class TestJSONAddition < Test::Unit::TestCase c = C.new assert !C.json_creatable? json = generate(c) - assert_raises(ArgumentError, NameError) { JSON.parse(json) } + assert_raises(ArgumentError, NameError) { JSON.parse(json, :create_additions => true) } end def test_raw_strings @@ -122,7 +130,7 @@ class TestJSONAddition < Test::Unit::TestCase assert_match(/\A\{.*\}\z/, json) assert_match(/"json_class":"String"/, json) assert_match(/"raw":\[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255\]/, json) - raw_again = JSON.parse(json) + raw_again = JSON.parse(json, :create_additions => true) assert_equal raw, raw_again end @@ -130,17 +138,17 @@ class TestJSONAddition < Test::Unit::TestCase def test_core t = Time.now - assert_equal t, JSON(JSON(t)) + assert_equal t, JSON(JSON(t), :create_additions => true) d = Date.today - assert_equal d, JSON(JSON(d)) + assert_equal d, JSON(JSON(d), :create_additions => true) d = DateTime.civil(2007, 6, 14, 14, 57, 10, Rational(1, 12), 2299161) - assert_equal d, JSON(JSON(d)) - assert_equal 1..10, JSON(JSON(1..10)) - assert_equal 1...10, JSON(JSON(1...10)) - assert_equal "a".."c", JSON(JSON("a".."c")) - assert_equal "a"..."c", JSON(JSON("a"..."c")) + assert_equal d, JSON(JSON(d), :create_additions => true) + assert_equal 1..10, JSON(JSON(1..10), :create_additions => true) + assert_equal 1...10, JSON(JSON(1...10), :create_additions => true) + assert_equal "a".."c", JSON(JSON("a".."c"), :create_additions => true) + assert_equal "a"..."c", JSON(JSON("a"..."c"), :create_additions => true) s = MyJsonStruct.new 4711, 'foot' - assert_equal s, JSON(JSON(s)) + assert_equal s, JSON(JSON(s), :create_additions => true) struct = Struct.new :foo, :bar s = struct.new 4711, 'foot' assert_raises(JSONError) { JSON(s) } @@ -148,41 +156,41 @@ class TestJSONAddition < Test::Unit::TestCase raise TypeError, "test me" rescue TypeError => e e_json = JSON.generate e - e_again = JSON e_json + e_again = JSON e_json, :create_additions => true assert_kind_of TypeError, e_again assert_equal e.message, e_again.message assert_equal e.backtrace, e_again.backtrace end - assert_equal(/foo/, JSON(JSON(/foo/))) - assert_equal(/foo/i, JSON(JSON(/foo/i))) + assert_equal(/foo/, JSON(JSON(/foo/), :create_additions => true)) + assert_equal(/foo/i, JSON(JSON(/foo/i), :create_additions => true)) end def test_utc_datetime now = Time.now - d = DateTime.parse(now.to_s) # usual case - assert_equal d, JSON.parse(d.to_json) + d = DateTime.parse(now.to_s, :create_additions => true) # usual case + assert_equal d, JSON.parse(d.to_json, :create_additions => true) d = DateTime.parse(now.utc.to_s) # of = 0 - assert_equal d, JSON.parse(d.to_json) + assert_equal d, JSON.parse(d.to_json, :create_additions => true) d = DateTime.civil(2008, 6, 17, 11, 48, 32, Rational(1,24)) - assert_equal d, JSON.parse(d.to_json) + assert_equal d, JSON.parse(d.to_json, :create_additions => true) d = DateTime.civil(2008, 6, 17, 11, 48, 32, Rational(12,24)) - assert_equal d, JSON.parse(d.to_json) + assert_equal d, JSON.parse(d.to_json, :create_additions => true) end def test_rational_complex - assert_equal Rational(2, 9), JSON(JSON(Rational(2, 9))) - assert_equal Complex(2, 9), JSON(JSON(Complex(2, 9))) + assert_equal Rational(2, 9), JSON.parse(JSON(Rational(2, 9)), :create_additions => true) + assert_equal Complex(2, 9), JSON.parse(JSON(Complex(2, 9)), :create_additions => true) end def test_bigdecimal - assert_equal BigDecimal('3.141', 23), JSON(JSON(BigDecimal('3.141', 23))) - assert_equal BigDecimal('3.141', 666), JSON(JSON(BigDecimal('3.141', 666))) + assert_equal BigDecimal('3.141', 23), JSON(JSON(BigDecimal('3.141', 23)), :create_additions => true) + assert_equal BigDecimal('3.141', 666), JSON(JSON(BigDecimal('3.141', 666)), :create_additions => true) end def test_ostruct o = OpenStruct.new # XXX this won't work; o.foo = { :bar => true } o.foo = { 'bar' => true } - assert_equal o, JSON(JSON(o)) + assert_equal o, JSON.parse(JSON(o), :create_additions => true) end end diff --git a/test/json/test_json_encoding.rb b/test/json/test_json_encoding.rb index caa0c6c50e..fa7d878920 100644 --- a/test/json/test_json_encoding.rb +++ b/test/json/test_json_encoding.rb @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -# -*- coding: utf-8 -*- +# encoding: utf-8 require 'test/unit' require File.join(File.dirname(__FILE__), 'setup_variant') diff --git a/test/json/test_json_fixtures.rb b/test/json/test_json_fixtures.rb index 37e51457d4..584dffdfdb 100755 --- a/test/json/test_json_fixtures.rb +++ b/test/json/test_json_fixtures.rb @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -# -*- coding: utf-8 -*- +# encoding: utf-8 require 'test/unit' require File.join(File.dirname(__FILE__), 'setup_variant') diff --git a/test/json/test_json_generate.rb b/test/json/test_json_generate.rb index 04368a4c8b..1c8f0bc968 100755 --- a/test/json/test_json_generate.rb +++ b/test/json/test_json_generate.rb @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -# -*- coding: utf-8 -*- +# encoding: utf-8 require 'test/unit' require File.join(File.dirname(__FILE__), 'setup_variant') @@ -130,7 +130,7 @@ EOT :quirks_mode => false, :depth => 0, :indent => " ", - :max_nesting => 19, + :max_nesting => 100, :object_nl => "\n", :space => " ", :space_before => "", @@ -147,7 +147,7 @@ EOT :quirks_mode => false, :depth => 0, :indent => "", - :max_nesting => 19, + :max_nesting => 100, :object_nl => "", :space => "", :space_before => "", @@ -200,7 +200,7 @@ EOT s = JSON.state.new assert_equal 0, s.depth assert_raises(JSON::NestingError) { ary.to_json(s) } - assert_equal 19, s.depth + assert_equal 100, s.depth end def test_buffer_initial_length @@ -228,6 +228,30 @@ EOT EOS end if GC.respond_to?(:stress=) + def test_configure_using_configure_and_merge + numbered_state = { + :indent => "1", + :space => '2', + :space_before => '3', + :object_nl => '4', + :array_nl => '5' + } + state1 = JSON.state.new + state1.merge(numbered_state) + assert_equal '1', state1.indent + assert_equal '2', state1.space + assert_equal '3', state1.space_before + assert_equal '4', state1.object_nl + assert_equal '5', state1.array_nl + state2 = JSON.state.new + state2.configure(numbered_state) + assert_equal '1', state2.indent + assert_equal '2', state2.space + assert_equal '3', state2.space_before + assert_equal '4', state2.object_nl + assert_equal '5', state2.array_nl + end + if defined?(JSON::Ext::Generator) def test_broken_bignum # [ruby-core:38867] pid = fork do @@ -249,4 +273,29 @@ EOT # introducing race conditions of tests are run in parallel end end + + def test_hash_likeness_set_symbol + state = JSON.state.new + assert_equal nil, state[:foo] + assert_equal nil.class, state[:foo].class + assert_equal nil, state['foo'] + state[:foo] = :bar + assert_equal :bar, state[:foo] + assert_equal :bar, state['foo'] + state_hash = state.to_hash + assert_kind_of Hash, state_hash + assert_equal :bar, state_hash[:foo] + end + + def test_hash_likeness_set_string + state = JSON.state.new + assert_equal nil, state[:foo] + assert_equal nil, state['foo'] + state['foo'] = :bar + assert_equal :bar, state[:foo] + assert_equal :bar, state['foo'] + state_hash = state.to_hash + assert_kind_of Hash, state_hash + assert_equal :bar, state_hash[:foo] + end end diff --git a/test/json/test_json_generic_object.rb b/test/json/test_json_generic_object.rb index e13a492170..77ef22e6ae 100644 --- a/test/json/test_json_generic_object.rb +++ b/test/json/test_json_generic_object.rb @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -# -*- coding: utf-8 -*- +# encoding: utf-8 require 'test/unit' require File.join(File.dirname(__FILE__), 'setup_variant') @@ -20,16 +20,41 @@ class TestJSONGenericObject < Test::Unit::TestCase end def test_generate_json - assert_equal @go, JSON(JSON(@go)) + switch_json_creatable do + assert_equal @go, JSON(JSON(@go), :create_additions => true) + end end def test_parse_json - assert_equal @go, l = JSON('{ "json_class": "JSON::GenericObject", "a": 1, "b": 2 }') - assert_equal 1, l.a - assert_equal @go, l = JSON('{ "a": 1, "b": 2 }', :object_class => GenericObject) - assert_equal 1, l.a - assert_equal GenericObject[:a => GenericObject[:b => 2]], - l = JSON('{ "a": { "b": 2 } }', :object_class => GenericObject) - assert_equal 2, l.a.b + assert_kind_of Hash, JSON('{ "json_class": "JSON::GenericObject", "a": 1, "b": 2 }', :create_additions => true) + switch_json_creatable do + assert_equal @go, l = JSON('{ "json_class": "JSON::GenericObject", "a": 1, "b": 2 }', :create_additions => true) + assert_equal 1, l.a + assert_equal @go, l = JSON('{ "a": 1, "b": 2 }', :object_class => GenericObject) + assert_equal 1, l.a + assert_equal GenericObject[:a => GenericObject[:b => 2]], + l = JSON('{ "a": { "b": 2 } }', :object_class => GenericObject) + assert_equal 2, l.a.b + end + end + + def test_from_hash + result = GenericObject.from_hash( + :foo => { :bar => { :baz => true }, :quux => [ { :foobar => true } ] }) + assert_kind_of GenericObject, result.foo + assert_kind_of GenericObject, result.foo.bar + assert_equal true, result.foo.bar.baz + assert_kind_of GenericObject, result.foo.quux.first + assert_equal true, result.foo.quux.first.foobar + assert_equal true, GenericObject.from_hash(true) + end + + private + + def switch_json_creatable + JSON::GenericObject.json_creatable = true + yield + ensure + JSON::GenericObject.json_creatable = false end end diff --git a/test/json/test_json_string_matching.rb b/test/json/test_json_string_matching.rb index 97e8c0788f..c233df8c2c 100644 --- a/test/json/test_json_string_matching.rb +++ b/test/json/test_json_string_matching.rb @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -# -*- coding: utf-8 -*- +# encoding: utf-8 require 'test/unit' require File.join(File.dirname(__FILE__), 'setup_variant') @@ -27,14 +27,13 @@ class TestJSONStringMatching < Test::Unit::TestCase t = TestTime.new t_json = [ t ].to_json assert_equal [ t ], - JSON.parse(t_json, + JSON.parse(t_json, :create_additions => true, :match_string => { /\A\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}[+-]\d{4}\z/ => TestTime }) assert_equal [ t.strftime('%FT%T%z') ], - JSON.parse(t_json, + JSON.parse(t_json, :create_additions => true, :match_string => { /\A\d{3}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}[+-]\d{4}\z/ => TestTime }) assert_equal [ t.strftime('%FT%T%z') ], JSON.parse(t_json, - :match_string => { /\A\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}[+-]\d{4}\z/ => TestTime }, - :create_additions => false) + :match_string => { /\A\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}[+-]\d{4}\z/ => TestTime }) end end diff --git a/test/json/test_json_unicode.rb b/test/json/test_json_unicode.rb index c328811106..8352d5c6c6 100755 --- a/test/json/test_json_unicode.rb +++ b/test/json/test_json_unicode.rb @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -# -*- coding: utf-8 -*- +# encoding: utf-8 require 'test/unit' require File.join(File.dirname(__FILE__), 'setup_variant') -- cgit v1.2.3