Comments (8)
@brad302 I think it has been discussed this in #131 (comment)
Could you please provide us the case? We can add an argument to customize this limit if need.
cc @UrielCh
from json-smart-v2.
seemingly innocuous sized JSON structure
I think this error only occurs when json size very large. Could you please provide a minimal reproduced case?
from json-smart-v2.
seemingly innocuous sized JSON structure
I think this error only occurs when json size very large. Could you please provide a minimal reproduced case?
Yep, have attached one.
When I say "innocuous" I mean, I would expect it to be able to be processed. I consider the payload to be large enough but I have seen much larger.
Let me know how you go. Thanks
payload.zip
from json-smart-v2.
@brad302 @UrielCh
I hava created a draft pr #155 for this issue. PTAL
from json-smart-v2.
What are the chances of having the default value substantially increased? My issue is, when this new version is released, there's nothing to say that Talend will follow suit and provide the ability to enter a value and override the default.
It may be a big ask but something like 2000 (rather than 400) would help a lot. I'd say that would still alleviate any issues relating to a DDOS attack but not sure if it would then re-expose the CVE.
Happy to get your thoughts.
from json-smart-v2.
If a real non-malicious application needs more, adding a flag to drop this security may be a better choice, and increasing the current 400 to more like 1000, is fine, 400 never blew up any stack, and 1000 is still kind of okay.
from json-smart-v2.
discussions are in progress in the draft #155
from json-smart-v2.
I think we can close this issue now, see #156 to drop the limit.
from json-smart-v2.
Related Issues (20)
- Integrating json-smart-v2 into OSS-Fuzz HOT 1
- depth limit of 400 when parsing JSON ! Why? HOT 9
- 2.4.9 breaks JSON parser HOT 3
- CVE-2023-1370 CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') HOT 4
- Accessors-smart is being reported against CVE-2023-1370 HOT 10
- can suport graalvm-native? HOT 1
- Lacking org.hamcrest.Matcher helpers to perform assertion in unit tests HOT 5
- JSONObject.merge blocks overwriting HOT 1
- Unpack dependencies is failing: Negative time HOT 1
- Parsing partial and incomplete JSON without error HOT 1
- Maintain the precision of a decimal number. HOT 3
- ArrayIndexOutOfBoundsException in parser HOT 7
- Parent pom for 2.4.4 missing in Maven Central HOT 21
- support latest asm in accessor-smart HOT 4
- Unicode characters are not correctly parsed from byte[] if default charset is not UTF-8
- Signing key is not published HOT 3
- !!!URGENT!!! Upgrading to json-smart 2.4.5 causes missing dependency `net.minidev:accessors-smart:jar:2.4.3` HOT 3
- Java record support HOT 2
- Add a constructor with size parameter on JSONArray and JSONObject classes HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from json-smart-v2.