You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2021/06/24 07:16:38 UTC
[cxf] branch 3.3.x-fixes updated (326732d -> 7bd3b2a)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from 326732d Recording .gitmergeinfo Changes
new 4d3b017 CXF-8555 - JsonMapObjectReaderWriter escapes now any back slash (#819)
new 7bd3b2a Recording .gitmergeinfo Changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 1 +
.../json/basic/JsonMapObjectReaderWriter.java | 59 +++++++++++++++++-----
.../json/basic/JsonMapObjectReaderWriterTest.java | 56 ++++++++++++++++++--
3 files changed, 100 insertions(+), 16 deletions(-)
[cxf] 02/02: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 7bd3b2a5dfa8003056b65b8a86d1634b56036a13
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jun 24 06:35:57 2021 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 1 +
.../java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 49657d8..2577403 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -839,6 +839,7 @@ M 727c2b8e70f6f8282ad2431703e88063f27d69c4
M 743ef459be7a1a7d17cb3b67780daf06eb5356c2
M 752a8a2dafff76ed8098cd73f1e071ffa0514754
M 764662ff240d8f5dc09cb059d867d9e69bf761d4
+M 7663d41fe2a101532eeeb80511d27e94ef375e97
M 79466c55a2a1191df9c28a02568b82a8c3d08fbd
M 7971b506283502c26aafb97c0f6e50633f126cdd
M 79f68ec4acb91c754e1b7d118f844d787a5ce888
diff --git a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
index 702cd20..83551af 100644
--- a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
+++ b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
@@ -21,7 +21,6 @@ package org.apache.cxf.jaxrs.json.basic;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.io.UncheckedIOException;
import java.util.*;
import org.apache.cxf.common.util.StringUtils;
[cxf] 01/02: CXF-8555 - JsonMapObjectReaderWriter escapes now any
back slash (#819)
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 4d3b017b46d475ea3c904a070eec7d329b4ae54f
Author: Colm O hEigeartaigh <co...@users.noreply.github.com>
AuthorDate: Thu Jun 24 06:34:31 2021 +0100
CXF-8555 - JsonMapObjectReaderWriter escapes now any back slash (#819)
(cherry picked from commit f01fd3146da4b25229ea951b1f00b61b123e950c)
(cherry picked from commit 7663d41fe2a101532eeeb80511d27e94ef375e97)
# Conflicts:
# rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
# rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
---
.../json/basic/JsonMapObjectReaderWriter.java | 60 +++++++++++++++++-----
.../json/basic/JsonMapObjectReaderWriterTest.java | 56 ++++++++++++++++++--
2 files changed, 100 insertions(+), 16 deletions(-)
diff --git a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
index 4ebcd99..702cd20 100644
--- a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
+++ b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
@@ -21,13 +21,8 @@ package org.apache.cxf.jaxrs.json.basic;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
+import java.io.UncheckedIOException;
+import java.util.*;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.IOUtils;
@@ -35,6 +30,7 @@ import org.apache.cxf.helpers.IOUtils;
public class JsonMapObjectReaderWriter {
+ private static final Set<Character> ESCAPED_CHARS;
private static final char DQUOTE = '"';
private static final char COMMA = ',';
private static final char COLON = ':';
@@ -46,6 +42,19 @@ public class JsonMapObjectReaderWriter {
private static final String NULL_VALUE = "null";
private boolean format;
+ static {
+ Set<Character> chars = new HashSet<>();
+ chars.add('"');
+ chars.add('\\');
+ chars.add('/');
+ chars.add('b');
+ chars.add('f');
+ chars.add('h');
+ chars.add('r');
+ chars.add('t');
+ ESCAPED_CHARS = Collections.unmodifiableSet(chars);
+ }
+
public JsonMapObjectReaderWriter() {
}
@@ -253,9 +262,19 @@ public class JsonMapObjectReaderWriter {
}
}
- if (value instanceof String && ((String)value).contains("\\/")) {
- // Escape an encoded forward slash
- value = ((String) value).replace("\\/", "/");
+ if (value instanceof String) {
+ if (((String) value).contains("\\/")) {
+ // Escape an encoded forward slash
+ value = ((String) value).replace("\\/", "/");
+ }
+ if (((String) value).contains("\\\"")) {
+ // Escape an encoded quotation mark
+ value = ((String) value).replace("\\\"", "\"");
+ }
+ if (((String) value).contains("\\\\")) {
+ // Escape an encoded backslash
+ value = ((String) value).replace("\\\\", "\\");
+ }
}
return value;
}
@@ -369,8 +388,25 @@ public class JsonMapObjectReaderWriter {
}
private String escapeJson(String value) {
- return value.replace("\"", "\\\"")
- .replace("\\", "\\\\");
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < value.length(); i++) {
+ char c = value.charAt(i);
+ // If we have " and the previous char was not \ then escape it
+ if (c == '"' && (i == 0 || value.charAt(i - 1) != '\\')) {
+ sb.append('\\').append(c);
+ // If we have \ and the previous char was not \ and the next char is not an escaped char, then escape it
+ } else if (c == '\\' && (i == 0 || value.charAt(i - 1) != '\\')
+ && (i == value.length() - 1 || !isEscapedChar(value.charAt(i + 1)))) {
+ sb.append('\\').append(c);
+ } else {
+ sb.append(c);
+ }
+ }
+ return sb.toString();
+ }
+
+ private boolean isEscapedChar(char c) {
+ return ESCAPED_CHARS.contains(Character.valueOf(c));
}
}
diff --git a/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java b/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
index 166b5ac..d2f9ca0 100644
--- a/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
+++ b/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
@@ -31,6 +31,7 @@ import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
public class JsonMapObjectReaderWriterTest {
@@ -125,7 +126,7 @@ public class JsonMapObjectReaderWriterTest {
assertEquals(1, map.size());
Map<String, Object> xMap = CastUtils.cast((Map<?, ?>)map.get("x"));
assertEquals(1, xMap.size());
- assertEquals("{\\\"}", xMap.get("y"));
+ assertEquals("{\"}", xMap.get("y"));
}
@Test
@@ -152,13 +153,60 @@ public class JsonMapObjectReaderWriterTest {
public void testEscapeDoubleQuotes() throws Exception {
JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new JsonMapObjectReaderWriter();
Map<String, Object> content = new HashMap<>();
- content.put("userInput", "a\",\"exp\":9999999999,\"b\":\"x");
+ content.put("userInput", "a\"");
String json = jsonMapObjectReaderWriter.toJson(content);
+ assertTrue(json.contains("a\\\""));
Map<String, Object> map = jsonMapObjectReaderWriter.fromJson(json);
assertEquals(1, map.size());
- assertEquals("userInput", map.keySet().iterator().next());
+ Map.Entry<String, Object> entry = map.entrySet().iterator().next();
+ assertEquals("userInput", entry.getKey());
+ assertEquals("a\"", entry.getValue());
}
-}
+ @Test
+ public void testAlreadyEscapedDoubleQuotes() throws Exception {
+ JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new JsonMapObjectReaderWriter();
+ Map<String, Object> content = new HashMap<>();
+ content.put("userInput", "a\\\"");
+ String json = jsonMapObjectReaderWriter.toJson(content);
+ assertTrue(json.contains("a\\\""));
+
+ Map<String, Object> map = jsonMapObjectReaderWriter.fromJson(json);
+ assertEquals(1, map.size());
+ Map.Entry<String, Object> entry = map.entrySet().iterator().next();
+ assertEquals("userInput", entry.getKey());
+ assertEquals("a\"", entry.getValue());
+ }
+
+ @Test
+ public void testEscapeBackslash() throws Exception {
+ JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new JsonMapObjectReaderWriter();
+ Map<String, Object> content = new HashMap<>();
+ content.put("userInput", "a\\");
+ String json = jsonMapObjectReaderWriter.toJson(content);
+ assertTrue(json.contains("a\\\\"));
+ Map<String, Object> map = jsonMapObjectReaderWriter.fromJson(json);
+ assertEquals(1, map.size());
+ Map.Entry<String, Object> entry = map.entrySet().iterator().next();
+ assertEquals("userInput", entry.getKey());
+ assertEquals("a\\", entry.getValue());
+ }
+
+ @Test
+ public void testAlreadyEscapedBackslash() throws Exception {
+ JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new JsonMapObjectReaderWriter();
+ Map<String, Object> content = new HashMap<>();
+ content.put("userInput", "a\\\\");
+ String json = jsonMapObjectReaderWriter.toJson(content);
+ assertTrue(json.contains("a\\\\"));
+
+ Map<String, Object> map = jsonMapObjectReaderWriter.fromJson(json);
+ assertEquals(1, map.size());
+ Map.Entry<String, Object> entry = map.entrySet().iterator().next();
+ assertEquals("userInput", entry.getKey());
+ assertEquals("a\\", entry.getValue());
+ }
+
+}