You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 10:26:02 UTC
[sling-org-apache-sling-xss] 04/19: SLING-6685: Replace
commons.json usage in org.apache.sling.xss
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.xss-2.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 8266929fa52641808e7018bb2b0ef2b5ad667a37
Author: Karl Pauls <pa...@apache.org>
AuthorDate: Tue Mar 28 13:02:51 2017 +0000
SLING-6685: Replace commons.json usage in org.apache.sling.xss
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/xss@1789116 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 12 ++---
src/main/java/org/apache/sling/xss/JSONUtil.java | 55 ++++++++++------------
.../java/org/apache/sling/xss/impl/XSSAPIImpl.java | 31 +++++++-----
.../java/org/apache/sling/xss/package-info.java | 4 +-
.../org/apache/sling/xss/impl/XSSAPIImplTest.java | 8 ++--
5 files changed, 55 insertions(+), 55 deletions(-)
diff --git a/pom.xml b/pom.xml
index f317496..2196703 100644
--- a/pom.xml
+++ b/pom.xml
@@ -265,12 +265,6 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.json</artifactId>
- <version>2.0.6</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.serviceusermapper</artifactId>
<version>1.2.0</version>
@@ -283,6 +277,12 @@
<scope>provided</scope>
</dependency>
<dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.johnzon</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
diff --git a/src/main/java/org/apache/sling/xss/JSONUtil.java b/src/main/java/org/apache/sling/xss/JSONUtil.java
index 37552af..0065027 100644
--- a/src/main/java/org/apache/sling/xss/JSONUtil.java
+++ b/src/main/java/org/apache/sling/xss/JSONUtil.java
@@ -16,9 +16,8 @@
******************************************************************************/
package org.apache.sling.xss;
-import org.apache.sling.commons.json.JSONException;
-import org.apache.sling.commons.json.JSONObject;
-import org.apache.sling.commons.json.io.JSONWriter;
+import javax.json.JsonObjectBuilder;
+import javax.json.stream.JsonGenerator;
/**
* JSON utilities
@@ -44,13 +43,12 @@ public final class JSONUtil {
* @param key Key to write
* @param value Value to write
* @param xss XSS protection filter
- * @throws JSONException If value could not be put into the object
+ * @throws JsonException If value could not be put into the object
* @throws NullPointerException If xss protection filter is <code>null</code>
*/
- public static void putProtected(final JSONObject object, final String key, final String value, final XSSFilter xss)
- throws JSONException {
+ public static void putProtected(final JsonObjectBuilder object, final String key, final String value, final XSSFilter xss) {
final String xssValue = xss.filter(ProtectionContext.PLAIN_HTML_CONTENT, value);
- object.put(key, xssValue);
+ object.add(key, xssValue);
}
/**
@@ -61,13 +59,12 @@ public final class JSONUtil {
* @param key Key to write
* @param value Value to write
* @param xss XSS protection filter
- * @throws JSONException If value could not be put into the object
+ * @throws JsonException If value could not be put into the object
* @throws NullPointerException If xss protection filter is <code>null</code>
*/
- public static void putWithProtected(final JSONObject object, final String key, final String value, final XSSFilter xss)
- throws JSONException {
+ public static void putWithProtected(final JsonObjectBuilder object, final String key, final String value, final XSSFilter xss) {
putProtected(object, key + KEY_SUFFIX_XSS, value, xss);
- object.put(key, value);
+ object.add(key, value);
}
/**
@@ -81,10 +78,9 @@ public final class JSONUtil {
* @throws JSONException If value could not be written
* @throws NullPointerException If xss protection filter is <code>null</code>
*/
- public static void writeProtected(final JSONWriter writer, final String key, final String value, final XSSFilter xss)
- throws JSONException {
+ public static void writeProtected(final JsonGenerator writer, final String key, final String value, final XSSFilter xss) {
final String xssValue = xss.filter(ProtectionContext.PLAIN_HTML_CONTENT, value);
- writer.key(key).value(xssValue);
+ writer.write(key, xssValue);
}
/**
@@ -95,18 +91,17 @@ public final class JSONUtil {
* @param key Key to use.
* @param values The value arrays.
* @param xss The XSS protection filter.
- * @throws JSONException If an JSON specific error occurs.
+ * @throws JsonException If value could not be written
* @throws NullPointerException If xss protection filter is <code>null</code>
*/
- public static void writeProtected(JSONWriter writer, String key,
- String[] values, XSSFilter xss) throws JSONException {
- writer.key(key);
- writer.array();
+ public static void writeProtected(JsonGenerator writer, String key,
+ String[] values, XSSFilter xss) {
+ writer.writeStartArray(key);
for (String value : values) {
String xssValue = xss.filter(ProtectionContext.PLAIN_HTML_CONTENT, value);
- writer.value(xssValue);
+ writer.write(xssValue);
}
- writer.endArray();
+ writer.writeEnd();
}
/**
@@ -120,10 +115,9 @@ public final class JSONUtil {
* @throws JSONException If value could not be written
* @throws NullPointerException If xss protection filter is <code>null</code>
*/
- public static void writeWithProtected(final JSONWriter writer, final String key, final String value, final XSSFilter xss)
- throws JSONException {
+ public static void writeWithProtected(final JsonGenerator writer, final String key, final String value, final XSSFilter xss) {
writeProtected(writer, key + KEY_SUFFIX_XSS, value, xss);
- writer.key(key).value(value);
+ writer.write(key, value);
}
/**
@@ -135,19 +129,18 @@ public final class JSONUtil {
* @param key The key to write.
* @param values The value array.
* @param xss The xss protection filter.
- * @throws JSONException If a JSON specific error occurs.
+ * @throws JSONException If value could not be written
* @throws NullPointerException If xss protection filter is <code>null</code>
*/
- public static void writeWithProtected(JSONWriter writer, String key,
- String[] values, XSSFilter xss) throws JSONException {
+ public static void writeWithProtected(JsonGenerator writer, String key,
+ String[] values, XSSFilter xss) {
writeProtected(writer, key + KEY_SUFFIX_XSS, values, xss);
// and the non-xss array variant
- writer.key(key);
- writer.array();
+ writer.writeStartArray(key);
for (String value : values) {
- writer.value(value);
+ writer.write(value);
}
- writer.endArray();
+ writer.writeEnd();
}
}
diff --git a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
index b38fde6..d88acf5 100644
--- a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
+++ b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
@@ -17,11 +17,15 @@
package org.apache.sling.xss.impl;
import java.io.StringReader;
+import java.io.StringWriter;
+import java.util.HashMap;
+import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
-import javax.xml.parsers.ParserConfigurationException;
+import javax.json.Json;
+import javax.json.JsonReaderFactory;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -32,9 +36,6 @@ import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.ResourceResolver;
-import org.apache.sling.commons.json.JSONArray;
-import org.apache.sling.commons.json.JSONException;
-import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.xss.ProtectionContext;
import org.apache.sling.xss.XSSAPI;
import org.apache.sling.xss.XSSFilter;
@@ -44,8 +45,6 @@ import org.owasp.esapi.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.InputSource;
-import org.xml.sax.SAXNotRecognizedException;
-import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.XMLReader;
@Component
@@ -61,6 +60,8 @@ public class XSSAPIImpl implements XSSAPI {
private static final Pattern PATTERN_AUTO_DIMENSION = Pattern.compile("['\"]?auto['\"]?");
private SAXParserFactory factory;
+
+ private volatile JsonReaderFactory jsonReaderFactory;
@Activate
@SuppressWarnings("unused")
@@ -75,12 +76,16 @@ public class XSSAPIImpl implements XSSAPI {
} catch (Exception e) {
LOGGER.error("SAX parser configuration error: " + e.getMessage(), e);
}
+ Map<String, Object> config = new HashMap<>();
+ config.put("org.apache.johnzon.supports-comments", true);
+ jsonReaderFactory = Json.createReaderFactory(config);
}
@Deactivate
@SuppressWarnings("unused")
protected void deactivate() {
factory = null;
+ jsonReaderFactory = null;
}
// =============================================================================================
@@ -358,16 +363,18 @@ public class XSSAPIImpl implements XSSAPI {
int straightIx = json.indexOf("[");
if (curlyIx >= 0 && (curlyIx < straightIx || straightIx < 0)) {
try {
- JSONObject obj = new JSONObject(json);
- return obj.toString();
- } catch (JSONException e) {
+ StringWriter output = new StringWriter();
+ Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readObject()).close();
+ return output.getBuffer().toString();
+ } catch (Exception e) {
LOGGER.debug("JSON validation failed: " + e.getMessage(), e);
}
} else {
try {
- JSONArray arr = new JSONArray(json);
- return arr.toString();
- } catch (JSONException e) {
+ StringWriter output = new StringWriter();
+ Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readArray()).close();
+ return output.getBuffer().toString();
+ } catch (Exception e) {
LOGGER.debug("JSON validation failed: " + e.getMessage(), e);
}
}
diff --git a/src/main/java/org/apache/sling/xss/package-info.java b/src/main/java/org/apache/sling/xss/package-info.java
index 5e02e69..aaec1b6 100644
--- a/src/main/java/org/apache/sling/xss/package-info.java
+++ b/src/main/java/org/apache/sling/xss/package-info.java
@@ -17,9 +17,9 @@
/**
* XSS Protection Service
*
- * @version 1.2.0
+ * @version 2.0.0
*/
-@Version("1.2.0")
+@Version("2.0.0")
package org.apache.sling.xss;
import aQute.bnd.annotation.Version;
diff --git a/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java b/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java
index e8b9e42..11faf28 100644
--- a/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java
+++ b/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java
@@ -611,22 +611,22 @@ public class XSSAPIImplTest {
{"{}", "{}"},
{"{1}", RUBBISH_JSON},
{
- "{test: 'test'}",
+ "{\"test\": \"test\"}",
"{\"test\":\"test\"}"
},
{
- "{test:\"test}",
+ "{\"test\":\"test}",
RUBBISH_JSON
},
{
- "{test1:'test1', test2: {test21: 'test21', test22: 'test22'}}",
+ "{\"test1\":\"test1\", \"test2\": {\"test21\": \"test21\", \"test22\": \"test22\"}}",
"{\"test1\":\"test1\",\"test2\":{\"test21\":\"test21\",\"test22\":\"test22\"}}"
},
{"[]", "[]"},
{"[1,2]", "[1,2]"},
{"[1", RUBBISH_JSON},
{
- "[{test: 'test'}]",
+ "[{\"test\": \"test\"}]",
"[{\"test\":\"test\"}]"
}
};
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.