search

hiltontj / serde_json_path

Query serde_json Values with JSONPath
https://serdejsonpath.live/
MIT License
51 stars 4 forks source link

`match` Function Extension False Positives on Empty Expression #60

Closed hiltontj closed 1 year ago

hiltontj commented 1 year ago

The match function is producing invalid matches. For example, given the JSON object:

[
  {
    "foo": "bar"
  },
  {
    "foo": "biz"
  }
]

and the following JSONPath query:

$[? match(@.foo, '|')]

The resulting node list should be empty, but is giving the following:

[
  {
    "foo": "bar"
  },
  {
    "foo": "biz"
  }
]

This looks to be an issue with how serde_json_path composes the regular expression in the match function definition: https://github.com/hiltontj/serde_json_path/blob/9f463fc100a947acf73f0e8fe408cdb9ef0054f8/serde_json_path/src/parser/selector/function/registry.rs#L49

Given the above example, the resulting regex would be ^|$, which may be giving a match because it is matching empty strings at the start or end of the value, which would always work.

Likely this can be solved by formatting the regex with parentheses, e.g.:

format!("^({r})$")
//        ^   ^
//        add the '(' and ')'