JSON-java icon indicating copy to clipboard operation
JSON-java copied to clipboard

Published 20 hours ago verified publisher icon stleary

JSONArray converting incorrect input string to array

Open ssharan27 opened this issue 1 year ago • 6 comments

Hi, I recently came across a strange issue in one of my java applications. I have an input string that looks like [1,2];[3,4]. This is clearly not a JSON array and should result in an exception. However when I do the following:

String inputString = "[1,2];[3,4]";
List<Object> resultArray = new JSONArray(inputString).toList();

This gives me a List object with value [1,2].

I checked this in the latest release as well by adding the following test to the JSONArrayTest class and it still failed:

    @Test(expected = JSONException.class)
    public void testInvalidJSONArray() {
        List<Object> x = new JSONArray("[1,2];[3,4]").toList();
        System.out.println(x);
    }

I am not sure but it seems like the array object creation is stopping at the first ] character even when there are characters left to read. Can you please take a look at this?

ssharan27 avatar Feb 28 '24 13:02 ssharan27

@ssharan27 Thanks for raising this issue. It turns out that since the beginning, the parser has been forgiving of unparseable content at the end of JSON docs. In this case, :[3,4] is considered invalid text, and is therefore ignored. Since the first part - [1,2] is a valid JSONArray, that is the only part that is parsed.

WIth this in mind, you can try some different variants and see if the results are consistent.

stleary avatar Feb 28 '24 15:02 stleary

Gotcha! Thanks @stleary ! This means I cannot rely on this constructor call alone to automatically detect a valid JSON (with strictness, that is) and then convert into array. The input needs to be validated before parsing. Is there any recommended way to do this?

Also, would you consider adding examples as well where invalid JSON is parsed successfully in the docs or the readme itself? The docs do mention the forgiving nature but I think an example there would be helpful. I say this because a lot of examples/posts/SO answers I saw regarding this seem to ignore this behavior.

ssharan27 avatar Feb 29 '24 05:02 ssharan27

No objections if someone wants to work on this.

  1. Update the readme (or add a new markup doc linked from the readme), explaining how forgiving mode works, with examples.

  2. Implement strict mode using JSONParserConfiguration to enforce not allowing invalid chars at end of file. If possible, disallow implied quotes as well (this is when a key or string value is not surrounded by quotes).

stleary avatar Mar 01 '24 02:03 stleary

Hi,

I'm currently working on this and the only thing that is left to do is the quotes part and adding a few more unit tests.

I will provide feedback as soon as I have more.

rikkarth avatar Mar 15 '24 10:03 rikkarth

Tests for non compliant JSON arrays after implementation. image

rikkarth avatar Mar 15 '24 22:03 rikkarth

PR - https://github.com/stleary/JSON-java/pull/877

rikkarth avatar Mar 15 '24 23:03 rikkarth

Closing due to implementation completed.

stleary avatar Apr 07 '24 17:04 stleary