packages/json-path
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
json-path/CVE-2023-51074.patch
starlet-dx 98c301e2db Fix CVE-2023-51074 
(cherry picked from commit 54995c2a39eab2dd26908256e164bfb145742d80)
2024-03-04 10:33:22 +08:00

71 lines
2.6 KiB
Diff
Raw Blame History

From 71a09c1193726c010917f1157ecbb069ad6c3e3b Mon Sep 17 00:00:00 2001
From: Tobi <22715034+twobiers@users.noreply.github.com>
Date: Thu, 18 Jan 2024 16:48:57 +0100
Subject: [PATCH] Check for the existence of the next significant bracket
(#985)
---
.../jayway/jsonpath/internal/path/PathCompiler.java | 6 +++++-
.../src/test/java/com/jayway/jsonpath/Issue_970.java | 12 ++++++++++++
.../src/test/java/com/jayway/jsonpath/Issue_973.java | 12 ++++++++++++
3 files changed, 29 insertions(+), 1 deletion(-)
create mode 100644 json-path/src/test/java/com/jayway/jsonpath/Issue_970.java
create mode 100644 json-path/src/test/java/com/jayway/jsonpath/Issue_973.java
diff --git a/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java b/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java
index e4fcd31..e0fb96e 100644
--- a/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java
+++ b/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java
@@ -374,7 +374,11 @@ public class PathCompiler {
readPosition++;
}
- int endBracketIndex = path.indexOfNextSignificantChar(endPosition, CLOSE_SQUARE_BRACKET) + 1;
+ int endBracketIndex = path.indexOfNextSignificantChar(endPosition, CLOSE_SQUARE_BRACKET);
+ if(endBracketIndex == -1) {
+ fail("Property has not been closed - missing closing ]");
+ }
+ endBracketIndex++;
path.setPosition(endBracketIndex);
diff --git a/json-path/src/test/java/com/jayway/jsonpath/Issue_970.java b/json-path/src/test/java/com/jayway/jsonpath/Issue_970.java
new file mode 100644
index 0000000..25f52b7
--- /dev/null
+++ b/json-path/src/test/java/com/jayway/jsonpath/Issue_970.java
@@ -0,0 +1,12 @@
+package com.jayway.jsonpath;
+
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThatNoException;
+
+public class Issue_970 {
+ @Test
+ public void shouldNotCauseStackOverflow() {
+ assertThatNoException().isThrownBy(() -> Criteria.where("[']',"));
+ }
+}
diff --git a/json-path/src/test/java/com/jayway/jsonpath/Issue_973.java b/json-path/src/test/java/com/jayway/jsonpath/Issue_973.java
new file mode 100644
index 0000000..a1d05ac
--- /dev/null
+++ b/json-path/src/test/java/com/jayway/jsonpath/Issue_973.java
@@ -0,0 +1,12 @@
+package com.jayway.jsonpath;
+
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.*;
+
+public class Issue_973 {
+ @Test
+ public void shouldNotCauseStackOverflow() {
+ assertThatNoException().isThrownBy(() -> Criteria.parse("@[\"\",/\\"));
+ }
+}
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink