Bug#878091: jq: accepts invalid JSON
Package: jq Version: 1.6-2.1 Followup-For: Bug #878091 X-Debbugs-Cc: t...@mirbsd.de Still pertinent in latest version: $ echo '[.1,0.2]' | jq -c . [0.1,0.2] -- System Information: Debian Release: 11.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages jq depends on: ii libc6 2.31-13+deb11u3 ii libjq1 1.6-2.1 jq recommends no packages. jq suggests no packages. -- no debconf information
Bug#878091: jq: accepts invalid JSON
Package: jq Version: 1.5+dfsg-2+b1 Followup-For: Bug #878091 Same: $ echo '[.1,0.2]' | jq -c . [0.1,0.2] With no flag to turn this off, I’d almost consider this serious. -- System Information: Debian Release: 10.12 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-0.bpo.15-amd64 (SMP w/3 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages jq depends on: ii libc6 2.28-10+deb10u1 ii libjq11.5+dfsg-2+b1 ii libonig5 6.9.1-1 jq recommends no packages. jq suggests no packages. -- no debconf information
Bug#878091: jq: accepts invalid JSON
Control: forwarded -1 https://github.com/stedolan/jq/issues/1404 -- ChangZhuo Chen (陳昌倬) czchen@{czchen,debconf,debian}.org http://czchen.info/ Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B signature.asc Description: PGP signature
Bug#878091: jq: accepts invalid JSON
Package: jq Version: 1.5+dfsg-2 Severity: important Tags: upstream jq silently accepts illegal JSON: tglase@tglase:~ $ jq <<<'[0,01,2]' [ 0, 1, 2 ] tglase@tglase:~ $ jsn <<<'[0,01,2]' JSON decoding of input failed: { "input": "[0,01,2]\n", "message": "missing comma in Array at offset 0x4" } A Number may not have a leading zero. Secondary reference: http://www.json.org/JSON_checker/test.zip -- System Information: Debian Release: buster/sid APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable') Architecture: x32 (x86_64) Foreign Architectures: i386, amd64 Kernel: Linux 4.12.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages jq depends on: ii libc6 2.24-17 ii libjq11.5+dfsg-2 ii libonig4 6.6.1-1 jq recommends no packages. jq suggests no packages. -- no debconf information