search

zio / zio-schema

Compositional, type-safe schema definitions, which enable auto-derivation of codecs and migrations.
https://zio.dev/zio-schema
Apache License 2.0
142 stars 162 forks source link

JsonCodec decoder accepts malformed JSON string with extra characters #712

Open guersam opened 4 months ago

guersam commented 4 months ago

The JSON codec accepts malformed JSON strings like {}}, "foo"" without error.

Reproducer: https://scastie.scala-lang.org/guersam/IFS2CO8dRGiNpsQhId3u3A/5

jdegoes commented 3 months ago

/bounty $75

algora-pbc[bot] commented 3 months ago

💎 $75 bounty • ZIO

Steps to solve:

  1. Start working: Comment /attempt #712 with your implementation plan
  2. Submit work: Create a pull request including /claim #712 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to zio/zio-schema!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🟢 @ImBIOS Aug 7, 2024, 3:12:17 PM #724
🔴 @Karfue Aug 23, 2024, 11:41:17 AM WIP
ImBIOS commented 3 months ago

/attempt #712

Problem

  1. The JsonDecoder.decode function in JsonCodec likely parse only the necessary portion of the input string and might ignore trailing characters.
  2. This behavior is problematic because it can lead to silent errors where malformed JSON is accepted as valid, potentially causing data inconsistencies or unexpected behavior later in the application.

Potential Solutions

  1. Strict Parsing: The most robust solution is to enforce strict JSON parsing. This means the decoder should explicitly check if the entire input string has been consumed after parsing the JSON object. If there are any remaining characters, the decoding should fail with an appropriate error. Here are the key changes that should be made:
    1. In the JsonDecoder object, modify the decode method to check for any remaining non-whitespace characters after parsing is complete. If any are found, it should return an error.
    2. In the string parsing logic (likely in the Lexer object), add a check to ensure there are no extra quotes after the closing quote of a string.
    3. In the object parsing logic, add a check to ensure there are no extra closing braces after the object is closed.
algora-pbc[bot] commented 3 months ago

💡 @ImBIOS submitted a pull request that claims the bounty. You can visit your bounty board to reward.

Karfue commented 2 months ago

/attempt #712 The inferSchema method is not correctly handling optional fields in case classes. This needs to be addressed to ensure that optional fields are properly recognized and handled.

Update the method to correctly identify and handle optional fields. This involves checking if a field’s type is an Option and adjusting the schema accordingly.

Objective: Ensure optional fields are recognized. Approach: Use reflection to check if a field’s type is an Option. Update the schema to reflect this.

algora-pbc[bot] commented 2 months ago

[!NOTE] The user @ImBIOS is already attempting to complete issue #712 and claim the bounty. We recommend checking in on @ImBIOS's progress, and potentially collaborating, before starting a new solution.

algora-pbc[bot] commented 2 months ago

@Karfue: Reminder that in 7 days the bounty will become up for grabs, so please submit a pull request before then 🙏

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.