Protect against deeply nested maps

Update BasicJsonParser to fix the deeply nested map protection logic. Fixes gh-32029
spring-projects · Aug 9, 2022 · 2f85ea3 · 2f85ea3
1 parent 8dea05f
commit 2f85ea3
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 1 deletion.
diff --git a/...boot-project/spring-boot/src/main/java/org/springframework/boot/json/BasicJsonParser.java b/...boot-project/spring-boot/src/main/java/org/springframework/boot/json/BasicJsonParser.java
@@ -67,7 +67,7 @@ private Object parseInternal(int nesting, String json) {
 			return parseListInternal(nesting + 1, json);
 		}
 		if (json.startsWith("{")) {
-			return parseMapInternal(nesting, json);
+			return parseMapInternal(nesting + 1, json);
 		}
 		if (json.startsWith("\"")) {
 			return trimTrailingCharacter(trimLeadingCharacter(json, '"'), '"');

diff --git a/...ject/spring-boot/src/test/java/org/springframework/boot/json/AbstractJsonParserTests.java b/...ject/spring-boot/src/test/java/org/springframework/boot/json/AbstractJsonParserTests.java
@@ -205,4 +205,12 @@ void largeMalformed() throws IOException {
 		assertThatExceptionOfType(JsonParseException.class).isThrownBy(() -> this.parser.parseList(input));
 	}
 
+	@Test // gh-32029
+	void deeplyNestedMap() throws IOException {
+		String input = StreamUtils.copyToString(
+				AbstractJsonParserTests.class.getResourceAsStream("deeply-nested-map-json.txt"),
+				StandardCharsets.UTF_8);
+		assertThatExceptionOfType(JsonParseException.class).isThrownBy(() -> this.parser.parseList(input));
+	}
+
 }
diff --git a/...-project/spring-boot/src/test/java/org/springframework/boot/json/YamlJsonParserTests.java b/...-project/spring-boot/src/test/java/org/springframework/boot/json/YamlJsonParserTests.java
@@ -66,4 +66,9 @@ void listWithRepeatedOpenArray() throws IOException {
 	void largeMalformed() throws IOException {
 	}
 
+	@Override
+	@Disabled("SnakeYaml does not protect against deeply nested JSON")
+	void deeplyNestedMap() throws IOException {
+	}
+
 }
diff --git a/...t/spring-boot/src/test/resources/org/springframework/boot/json/deeply-nested-map-json.txt b/...t/spring-boot/src/test/resources/org/springframework/boot/json/deeply-nested-map-json.txt
@@ -0,0 +1 @@
+[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��{":{":{":{":{":{":[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��{":{":{":{":{":{":[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��{":{":{":{":{":{":[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��{":{":{":{":{":{":[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��{":{":{":{":{":{":[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��{":{":{":{":{":{":[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��{":{":{":{":{":{":[{":{"":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{":{"��