decoding invalid JSON starting with number and followed by extra characters doesn't throw exception

sile / jsone

Erlang JSON library

MIT License

291 stars 71 forks source link

decoding invalid JSON starting with number and followed by extra characters doesn't throw exception #68

Closed bsuh closed 2 years ago

bsuh commented 2 years ago

This is on version 1.5.6 as well as master branch.

~/git/jsone % make start
===> Verifying dependencies...
===> Analyzing applications...
===> Compiling jsone
===> Verifying dependencies...
===> Analyzing applications...
===> Compiling jsone
Erlang/OTP 24 [erts-12.1.2] [source] [64-bit] [smp:12:12] [ds:12:12:10] [async-threads:1] [jit] [dtrace]

Eshell V12.1.2  (abort with ^G)
1> ===> Booted jsone

1> jsone:decode(<<"1@">>).
1
2> jsone:decode(<<"1@s">>).
1

sile commented 2 years ago

Thank you for reporting this issue. This is because the current implementation of jsone:decode/1 just discards the remaining (unconsumed) binary in this line. It feels better to raise an error if the remaining binary size is not empty (maybe it's worth allowing binaries that only contain whitespace characters though).

bsuh commented 2 years ago

Allowing whitespace after seems reasonable. JavaScript API JSON.parse() allows whitespace after (but not garbage characters).

>> JSON.parse(" 1")
1
>> JSON.parse(" 1 ")
1

sile commented 2 years ago

Thank you for your information! I'll implement this check this or next week (however, if you're interested in doing that, the contribution is very welcomed).

sile commented 2 years ago

FYI: Created PR #69