From f1bf6779426911ba57270d09046b50f5c7def881 Mon Sep 17 00:00:00 2001 From: Piotr Bugara Date: Fri, 22 Jul 2022 11:49:12 +0200 Subject: [PATCH 1/2] #807 JsonPointer double slashes validation --- src/main/java/com/github/fge/jsonpatch/JsonPathParser.java | 5 +++-- .../java/com/github/fge/jsonpatch/JsonPathParserTest.java | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/github/fge/jsonpatch/JsonPathParser.java b/src/main/java/com/github/fge/jsonpatch/JsonPathParser.java index 6cd6fd01..58902582 100644 --- a/src/main/java/com/github/fge/jsonpatch/JsonPathParser.java +++ b/src/main/java/com/github/fge/jsonpatch/JsonPathParser.java @@ -7,9 +7,10 @@ public class JsonPathParser { public static String tmfStringToJsonPath(String path) throws JsonPatchException { if (path.startsWith("$")) { return path; - } - if (path.contains("?")) { + } else if (path.contains("?")) { throw new JsonPatchException("Invalid path, `?` are not allowed in JsonPointer expressions."); + } else if (path.contains("//")) { + throw new JsonPatchException("Invalid path, `//` is not allowed in JsonPointer expressions."); } return "$" + path.replace('/', '.').replaceAll(ARRAY_ELEMENT_REGEX, "[$1]"); diff --git a/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java b/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java index 6886e6a7..b6b7e7ed 100644 --- a/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java +++ b/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java @@ -2,6 +2,7 @@ import org.testng.annotations.Test; +import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.testng.Assert.*; public class JsonPathParserTest { @@ -45,4 +46,10 @@ public void shouldLeaveJsonPathStatementsUntouched() throws JsonPatchException { String result = JsonPathParser.tmfStringToJsonPath(filterQuery); assertEquals(result, expected); } + + @Test(expectedExceptions = JsonPatchException.class, expectedExceptionsMessageRegExp = "Invalid path, `//` is not allowed in JsonPointer expressions.") + public void shouldThrowExceptionWhenDoubleSlashesInJsonPointerPath() throws JsonPatchException { + String filterQuery = "/characteristic/0//age"; + JsonPathParser.tmfStringToJsonPath(filterQuery); + } } \ No newline at end of file From ad576e92bfb89bdf39006efd2d72ad1203525978 Mon Sep 17 00:00:00 2001 From: Piotr Bugara Date: Fri, 22 Jul 2022 12:27:36 +0200 Subject: [PATCH 2/2] #807 JsonPointer double slashes validation --- .../com/github/fge/jsonpatch/JsonPathParserTest.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java b/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java index b6b7e7ed..3cdc4481 100644 --- a/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java +++ b/src/test/java/com/github/fge/jsonpatch/JsonPathParserTest.java @@ -2,8 +2,7 @@ import org.testng.annotations.Test; -import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.testng.Assert.*; +import static org.testng.Assert.assertEquals; public class JsonPathParserTest { @@ -52,4 +51,10 @@ public void shouldThrowExceptionWhenDoubleSlashesInJsonPointerPath() throws Json String filterQuery = "/characteristic/0//age"; JsonPathParser.tmfStringToJsonPath(filterQuery); } + + @Test(expectedExceptions = JsonPatchException.class) + public void shouldThrowExceptionWhenQuestionMarkInJsonPointerPath() throws JsonPatchException { + String filterQuery = "/characteristic/0/age?"; + JsonPathParser.tmfStringToJsonPath(filterQuery); + } } \ No newline at end of file