spray-json icon indicating copy to clipboard operation
spray-json copied to clipboard
verified publisher icon spray

Scientific notation numbers potentially break when not converted to the right type

Open legopiraat opened this issue 7 years ago • 0 comments

Hello,

When i was testing my application i noticed when you send a scientific notation number in the json and convert it to a Long the calculation takes very long and uses all the CPU.

example:

  case class ScientificNotation(number: Long)
  implicit val testJsonFormat: RootJsonFormat[ScientificNotation] = jsonFormat1(ScientificNotation)

  "it should break" when {
    "a scientific number is parsed as long" in {
      val json = s"""{ "number": 1e100000000 }"""

      json.parseJson.convertTo[ScientificNotation]
    }
  }

This will a big calculation and will use up all CPU. When used in an API this could potentially DDos the application really easy.

Regards, Legopiraat

legopiraat avatar Apr 19 '18 10:04 legopiraat