Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix DoS vunerability with ujson.Obj and upack.Obj #449

Merged
merged 25 commits into from
Mar 10, 2023
Merged

Fix DoS vunerability with ujson.Obj and upack.Obj #449

merged 25 commits into from
Mar 10, 2023

Commits on Mar 9, 2023

  1. Fix DoS vunerability with ujson.Obj and upack.Obj 

    - Replace `mutable.LinkedHashMap` with `mutable.Map` ujson and upack API

`LinkedHashMap` is not secure because of
com-lihaoyi#446
This commit removes it from the API and replaces the implementation with
a bespoke wrapper around java.util.LinkedHashMap that also extends
scala's `mutable.Map`

- Add test for issue com-lihaoyi#446
    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    0354039 View commit details
    Browse the repository at this point in the history

  2. Fix Scala 2.12 and 2.13 compatibility

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    dd04c24 View commit details
    Browse the repository at this point in the history

  3. Fix behavior with null key

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    7bc5f88 View commit details
    Browse the repository at this point in the history

  4. Port fixes to upack

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    c66be64 View commit details
    Browse the repository at this point in the history

  5. Fix visitObject to not create extra Map

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    5c1a441 View commit details
    Browse the repository at this point in the history

  6. Add tests for read

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    dbb9c7e View commit details
    Browse the repository at this point in the history

  7. Fix Scala 3 compatibility

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    952703c View commit details
    Browse the repository at this point in the history

  8. Privatize constructors in upack

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    9a0b7c0 View commit details
    Browse the repository at this point in the history

  9. Specify 3.1+ as supported version 

    Co-authored-by: Tobias Roeser <[email protected]>
    @lolgab @lefou
    lolgab and lefou authored Mar 9, 2023
    Configuration menu
    Copy the full SHA
    a7cd5f7 View commit details
    Browse the repository at this point in the history

  10. Hide LinkedHashMap type and expose only mutable.Map

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    9ab2f31 View commit details
    Browse the repository at this point in the history

  11. Skip test issue-446 in Scala.js and Native

    @lolgab
    lolgab committed Mar 9, 2023
    Configuration menu
    Copy the full SHA
    f2408c4 View commit details
    Browse the repository at this point in the history

Commits on Mar 10, 2023

  1. Expose LinkedHashMap in the Obj API

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    5723b9a View commit details
    Browse the repository at this point in the history

  2. Revert other changes

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    adee5bf View commit details
    Browse the repository at this point in the history

  3. Revert scalafmt changes

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    7faa90a View commit details
    Browse the repository at this point in the history

  4. Revert change in upack.Msg

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    b73aa1a View commit details
    Browse the repository at this point in the history

  5. Add trailing newline

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    500808c View commit details
    Browse the repository at this point in the history

  6. Improve Scaladoc for LinkedHashMap

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    8ca4984 View commit details
    Browse the repository at this point in the history

  7. Don't make LinkedHashMap extend Builder

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    517fc63 View commit details
    Browse the repository at this point in the history

  8. Add basic tests for LinkedHashMap

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    64b5d27 View commit details
    Browse the repository at this point in the history

  9. Fix compilation for Scala 2.12

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    dbc3631 View commit details
    Browse the repository at this point in the history

  10. Use same same string for hash-collision tests

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    32b70bc View commit details
    Browse the repository at this point in the history

  11. Remove ObjTests wrapping mutable.Map

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    f56080c View commit details
    Browse the repository at this point in the history

  12. Avoid wildcard import

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    ee40517 View commit details
    Browse the repository at this point in the history

  13. Add timeout to DoS tests

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    43606c2 View commit details
    Browse the repository at this point in the history

  14. Fix withTimeout for Scala.js and Native

    @lolgab
    lolgab committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    b25b92c View commit details
    Browse the repository at this point in the history