Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strict JSON validation during parsing of configuration parameters #679

Closed
brenuart opened this issue Oct 14, 2021 · 0 comments · Fixed by #681
Closed

Strict JSON validation during parsing of configuration parameters #679

brenuart opened this issue Oct 14, 2021 · 0 comments · Fixed by #681
Assignees
@brenuart
Labels
type/enhancement
Milestone
7.0

Comments

@brenuart
Copy link
Collaborator

brenuart commented Oct 14, 2021
edited
Loading

A Jackson JsonParser is used at different places in the project to convert a JSON string into a JsonNode. Reading the string is usually done as follows:

try (JsonParser parser = jsonFactory.createParser(json)) {
   JsonNode node = parser.readValueAsTree();
}

It should be notated that the parser will stop reading the input after it found a valid JsonNode entry, leaving the rest of the string unread. This means that a string like "1 garbage" is accepted and returns a single NumericNode with value 1, ignoring the garbage at the end of the string. For the same reason, parsing "{"name":"value"} garbage" will return an ObjectNode with the name/value pair, leaving garbage unread until the next attempt at reading from the same parser.

Converting a JSON string into a JsonNode is required when processing user-supplied configuration settings (expressed as string in the XML configuration). These fields are meant to contain a valid JSON and should obviously fail or raise an ERROR status in the scenarios described above.
brenuart added a commit that referenced this issue Oct 14, 2021
@brenuart
No auto-start of JsonProviders + remaining chars after reading JSON s…
ca1ed56 
…tring

Issue #680: no auto-start of JsonProviders
- remove Lifecycle from the JsonProvider interface to prevent Logstash from auto-starting the provider
- declare the start/stop method initially defined by the Lifecycle interface in the JsonProvider interface
- now that start() is called only once, parse the JSON string during start()

Issue #679: remaining characters after reading JSON string
- raise an error if some characters remain after reading a JsonNode out of the string
@brenuart brenuart mentioned this issue Oct 14, 2021
Merged
@brenuart brenuart self-assigned this Oct 18, 2021
brenuart added a commit that referenced this issue Oct 29, 2021
@brenuart
Gh680 jsonproviders no auto start (#681)
1994a0a 
Issue #680: no auto-start of JsonProviders
- remove Lifecycle from the JsonProvider interface to prevent Logstash from auto-starting the provider
- declare the start/stop method initially defined by the Lifecycle interface in the JsonProvider interface
- now that start() is called only once, parse the JSON string during start()

Issue #679: remaining characters after reading JSON string
- raise an error if some characters remain after reading a JsonNode out of the string
@philsttr philsttr added this to the 7.0 milestone Oct 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brenuart brenuart

Labels
type/enhancement
Projects
None yet
Milestone
7.0
Development

Successfully merging a pull request may close this issue.

Gh680 jsonproviders no auto start logfellow/logstash-logback-encoder
2 participants
@brenuart @philsttr