This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.xss-2.0.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 8266929fa52641808e7018bb2b0ef2b5ad667a37 Author: Karl Pauls <[email protected]> AuthorDate: Tue Mar 28 13:02:51 2017 +0000 SLING-6685: Replace commons.json usage in org.apache.sling.xss git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/xss@1789116 13f79535-47bb-0310-9956-ffa450edef68 --- pom.xml | 12 ++--- src/main/java/org/apache/sling/xss/JSONUtil.java | 55 ++++++++++------------ .../java/org/apache/sling/xss/impl/XSSAPIImpl.java | 31 +++++++----- .../java/org/apache/sling/xss/package-info.java | 4 +- .../org/apache/sling/xss/impl/XSSAPIImplTest.java | 8 ++-- 5 files changed, 55 insertions(+), 55 deletions(-) diff --git a/pom.xml b/pom.xml index f317496..2196703 100644 --- a/pom.xml +++ b/pom.xml @@ -265,12 +265,6 @@ <scope>provided</scope> </dependency> <dependency> - <groupId>org.apache.sling</groupId> - <artifactId>org.apache.sling.commons.json</artifactId> - <version>2.0.6</version> - <scope>provided</scope> - </dependency> - <dependency> <groupId>org.apache.sling</groupId> <artifactId>org.apache.sling.serviceusermapper</artifactId> <version>1.2.0</version> @@ -283,6 +277,12 @@ <scope>provided</scope> </dependency> <dependency> + <groupId>org.apache.sling</groupId> + <artifactId>org.apache.sling.commons.johnzon</artifactId> + <version>0.1.0-SNAPSHOT</version> + <scope>provided</scope> + </dependency> + <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> </dependency> diff --git a/src/main/java/org/apache/sling/xss/JSONUtil.java b/src/main/java/org/apache/sling/xss/JSONUtil.java index 37552af..0065027 100644 --- a/src/main/java/org/apache/sling/xss/JSONUtil.java +++ b/src/main/java/org/apache/sling/xss/JSONUtil.java @@ -16,9 +16,8 @@ ******************************************************************************/ package org.apache.sling.xss; -import org.apache.sling.commons.json.JSONException; -import org.apache.sling.commons.json.JSONObject; -import org.apache.sling.commons.json.io.JSONWriter; +import javax.json.JsonObjectBuilder; +import javax.json.stream.JsonGenerator; /** * JSON utilities @@ -44,13 +43,12 @@ public final class JSONUtil { * @param key Key to write * @param value Value to write * @param xss XSS protection filter - * @throws JSONException If value could not be put into the object + * @throws JsonException If value could not be put into the object * @throws NullPointerException If xss protection filter is <code>null</code> */ - public static void putProtected(final JSONObject object, final String key, final String value, final XSSFilter xss) - throws JSONException { + public static void putProtected(final JsonObjectBuilder object, final String key, final String value, final XSSFilter xss) { final String xssValue = xss.filter(ProtectionContext.PLAIN_HTML_CONTENT, value); - object.put(key, xssValue); + object.add(key, xssValue); } /** @@ -61,13 +59,12 @@ public final class JSONUtil { * @param key Key to write * @param value Value to write * @param xss XSS protection filter - * @throws JSONException If value could not be put into the object + * @throws JsonException If value could not be put into the object * @throws NullPointerException If xss protection filter is <code>null</code> */ - public static void putWithProtected(final JSONObject object, final String key, final String value, final XSSFilter xss) - throws JSONException { + public static void putWithProtected(final JsonObjectBuilder object, final String key, final String value, final XSSFilter xss) { putProtected(object, key + KEY_SUFFIX_XSS, value, xss); - object.put(key, value); + object.add(key, value); } /** @@ -81,10 +78,9 @@ public final class JSONUtil { * @throws JSONException If value could not be written * @throws NullPointerException If xss protection filter is <code>null</code> */ - public static void writeProtected(final JSONWriter writer, final String key, final String value, final XSSFilter xss) - throws JSONException { + public static void writeProtected(final JsonGenerator writer, final String key, final String value, final XSSFilter xss) { final String xssValue = xss.filter(ProtectionContext.PLAIN_HTML_CONTENT, value); - writer.key(key).value(xssValue); + writer.write(key, xssValue); } /** @@ -95,18 +91,17 @@ public final class JSONUtil { * @param key Key to use. * @param values The value arrays. * @param xss The XSS protection filter. - * @throws JSONException If an JSON specific error occurs. + * @throws JsonException If value could not be written * @throws NullPointerException If xss protection filter is <code>null</code> */ - public static void writeProtected(JSONWriter writer, String key, - String[] values, XSSFilter xss) throws JSONException { - writer.key(key); - writer.array(); + public static void writeProtected(JsonGenerator writer, String key, + String[] values, XSSFilter xss) { + writer.writeStartArray(key); for (String value : values) { String xssValue = xss.filter(ProtectionContext.PLAIN_HTML_CONTENT, value); - writer.value(xssValue); + writer.write(xssValue); } - writer.endArray(); + writer.writeEnd(); } /** @@ -120,10 +115,9 @@ public final class JSONUtil { * @throws JSONException If value could not be written * @throws NullPointerException If xss protection filter is <code>null</code> */ - public static void writeWithProtected(final JSONWriter writer, final String key, final String value, final XSSFilter xss) - throws JSONException { + public static void writeWithProtected(final JsonGenerator writer, final String key, final String value, final XSSFilter xss) { writeProtected(writer, key + KEY_SUFFIX_XSS, value, xss); - writer.key(key).value(value); + writer.write(key, value); } /** @@ -135,19 +129,18 @@ public final class JSONUtil { * @param key The key to write. * @param values The value array. * @param xss The xss protection filter. - * @throws JSONException If a JSON specific error occurs. + * @throws JSONException If value could not be written * @throws NullPointerException If xss protection filter is <code>null</code> */ - public static void writeWithProtected(JSONWriter writer, String key, - String[] values, XSSFilter xss) throws JSONException { + public static void writeWithProtected(JsonGenerator writer, String key, + String[] values, XSSFilter xss) { writeProtected(writer, key + KEY_SUFFIX_XSS, values, xss); // and the non-xss array variant - writer.key(key); - writer.array(); + writer.writeStartArray(key); for (String value : values) { - writer.value(value); + writer.write(value); } - writer.endArray(); + writer.writeEnd(); } } diff --git a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java index b38fde6..d88acf5 100644 --- a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java +++ b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java @@ -17,11 +17,15 @@ package org.apache.sling.xss.impl; import java.io.StringReader; +import java.io.StringWriter; +import java.util.HashMap; +import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.annotation.Nonnull; -import javax.xml.parsers.ParserConfigurationException; +import javax.json.Json; +import javax.json.JsonReaderFactory; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -32,9 +36,6 @@ import org.apache.felix.scr.annotations.Reference; import org.apache.felix.scr.annotations.Service; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.resource.ResourceResolver; -import org.apache.sling.commons.json.JSONArray; -import org.apache.sling.commons.json.JSONException; -import org.apache.sling.commons.json.JSONObject; import org.apache.sling.xss.ProtectionContext; import org.apache.sling.xss.XSSAPI; import org.apache.sling.xss.XSSFilter; @@ -44,8 +45,6 @@ import org.owasp.esapi.Validator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xml.sax.InputSource; -import org.xml.sax.SAXNotRecognizedException; -import org.xml.sax.SAXNotSupportedException; import org.xml.sax.XMLReader; @Component @@ -61,6 +60,8 @@ public class XSSAPIImpl implements XSSAPI { private static final Pattern PATTERN_AUTO_DIMENSION = Pattern.compile("['\"]?auto['\"]?"); private SAXParserFactory factory; + + private volatile JsonReaderFactory jsonReaderFactory; @Activate @SuppressWarnings("unused") @@ -75,12 +76,16 @@ public class XSSAPIImpl implements XSSAPI { } catch (Exception e) { LOGGER.error("SAX parser configuration error: " + e.getMessage(), e); } + Map<String, Object> config = new HashMap<>(); + config.put("org.apache.johnzon.supports-comments", true); + jsonReaderFactory = Json.createReaderFactory(config); } @Deactivate @SuppressWarnings("unused") protected void deactivate() { factory = null; + jsonReaderFactory = null; } // ============================================================================================= @@ -358,16 +363,18 @@ public class XSSAPIImpl implements XSSAPI { int straightIx = json.indexOf("["); if (curlyIx >= 0 && (curlyIx < straightIx || straightIx < 0)) { try { - JSONObject obj = new JSONObject(json); - return obj.toString(); - } catch (JSONException e) { + StringWriter output = new StringWriter(); + Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readObject()).close(); + return output.getBuffer().toString(); + } catch (Exception e) { LOGGER.debug("JSON validation failed: " + e.getMessage(), e); } } else { try { - JSONArray arr = new JSONArray(json); - return arr.toString(); - } catch (JSONException e) { + StringWriter output = new StringWriter(); + Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readArray()).close(); + return output.getBuffer().toString(); + } catch (Exception e) { LOGGER.debug("JSON validation failed: " + e.getMessage(), e); } } diff --git a/src/main/java/org/apache/sling/xss/package-info.java b/src/main/java/org/apache/sling/xss/package-info.java index 5e02e69..aaec1b6 100644 --- a/src/main/java/org/apache/sling/xss/package-info.java +++ b/src/main/java/org/apache/sling/xss/package-info.java @@ -17,9 +17,9 @@ /** * XSS Protection Service * - * @version 1.2.0 + * @version 2.0.0 */ -@Version("1.2.0") +@Version("2.0.0") package org.apache.sling.xss; import aQute.bnd.annotation.Version; diff --git a/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java b/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java index e8b9e42..11faf28 100644 --- a/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java +++ b/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java @@ -611,22 +611,22 @@ public class XSSAPIImplTest { {"{}", "{}"}, {"{1}", RUBBISH_JSON}, { - "{test: 'test'}", + "{\"test\": \"test\"}", "{\"test\":\"test\"}" }, { - "{test:\"test}", + "{\"test\":\"test}", RUBBISH_JSON }, { - "{test1:'test1', test2: {test21: 'test21', test22: 'test22'}}", + "{\"test1\":\"test1\", \"test2\": {\"test21\": \"test21\", \"test22\": \"test22\"}}", "{\"test1\":\"test1\",\"test2\":{\"test21\":\"test21\",\"test22\":\"test22\"}}" }, {"[]", "[]"}, {"[1,2]", "[1,2]"}, {"[1", RUBBISH_JSON}, { - "[{test: 'test'}]", + "[{\"test\": \"test\"}]", "[{\"test\":\"test\"}]" } }; -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
