You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@groovy.apache.org by JamesLaverack <gi...@git.apache.org> on 2017/05/26 22:40:12 UTC

[GitHub] groovy pull request #552: GROOVY-7979: Prevent JsonSlurper issue on a single...

GitHub user JamesLaverack opened a pull request:

    https://github.com/apache/groovy/pull/552

    GROOVY-7979: Prevent JsonSlurper issue on a single minus

    Add bound checking to JSON parser code to account for a single minus character.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/JamesLaverack/groovy groovy7979

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/groovy/pull/552.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #552
    
----
commit 082535c3e0e0044ed7cb138dde68e296e39ea74c
Author: James Laverack <ja...@jameslaverack.com>
Date:   2017-05-13T12:38:34Z

    GROOVY-7979: Add JSONSlurper test case for the string "[-]".

commit ac2b8f0584c3cced23fa51690d7c7ab40c2c29d8
Author: James Laverack <ja...@jameslaverack.com>
Date:   2017-05-14T19:21:43Z

    GROOVY-7979: Add check for end of negative number
    
    The check for the minus sign increments the character index by one. A
    check is added to ensure that this does not go over the end of the
    expected character substring.

commit a550df60a0714898dc9bbbe6512d0da57973a373
Author: James Laverack <ja...@jameslaverack.com>
Date:   2017-05-26T21:10:44Z

    GROOVY-7979: Check for single minus in NumberValue
    
    This check is performed at the time of parsing, rather than while
    reading the return from `JsonSlurper`. The intent is that the slurper
    should, to the best of it's ability, give you a structure which is
    valid.

commit f0e65f1765dcebaa4b24f8be0506adcc281c78c7
Author: James Laverack <ja...@jameslaverack.com>
Date:   2017-05-26T21:15:21Z

    Remove pointless sign handling
    
    This code is useless as both of these code paths ultimately call out to
    `CharScanner#parseIntFromTo` which handles the negative sign.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] groovy pull request #552: GROOVY-7979: Prevent JsonSlurper issue on a single...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/groovy/pull/552


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---