diff options
author | Johannes Rudolph <johannes.rudolph@gmail.com> | 2018-11-07 15:05:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-07 15:05:18 +0100 |
commit | c8e106fe41dad3916d54dcbf90e3aa5599d4d461 (patch) | |
tree | b8bdb65baeb3dc969ee66b6652c24d23d143f11b /src/main/scala/spray/json | |
parent | ddb4e1e7c0e28f06f703dd5e325b59fd0548bd97 (diff) | |
parent | 855b35e6d65079085d580ab3063637d94c8f3e0a (diff) | |
download | spray-json-c8e106fe41dad3916d54dcbf90e3aa5599d4d461.tar.gz spray-json-c8e106fe41dad3916d54dcbf90e3aa5599d4d461.tar.bz2 spray-json-c8e106fe41dad3916d54dcbf90e3aa5599d4d461.zip |
Merge pull request #280 from jrudolph/use-TreeMap-fixes-277
CVE-2018-18854 Use TreeMap instead of HashMap for JsObject key/value pairs, fixes #277
Diffstat (limited to 'src/main/scala/spray/json')
-rw-r--r-- | src/main/scala/spray/json/JsValue.scala | 7 | ||||
-rw-r--r-- | src/main/scala/spray/json/JsonParser.scala | 7 |
2 files changed, 8 insertions, 6 deletions
diff --git a/src/main/scala/spray/json/JsValue.scala b/src/main/scala/spray/json/JsValue.scala index 7cd8cd8..9ed94da 100644 --- a/src/main/scala/spray/json/JsValue.scala +++ b/src/main/scala/spray/json/JsValue.scala @@ -19,6 +19,7 @@ package spray.json import collection.immutable +import scala.collection.immutable.TreeMap /** * The general type of a JSON AST node. @@ -53,10 +54,10 @@ case class JsObject(fields: Map[String, JsValue]) extends JsValue { def getFields(fieldNames: String*): immutable.Seq[JsValue] = fieldNames.toIterator.flatMap(fields.get).toList } object JsObject { - val empty = JsObject(Map.empty[String, JsValue]) - def apply(members: JsField*) = new JsObject(Map(members: _*)) + val empty = JsObject(TreeMap.empty[String, JsValue]) + def apply(members: JsField*): JsObject = new JsObject(TreeMap(members: _*)) @deprecated("Use JsObject(JsValue*) instead", "1.3.0") - def apply(members: List[JsField]) = new JsObject(Map(members: _*)) + def apply(members: List[JsField]): JsObject = apply(members: _*) } /** diff --git a/src/main/scala/spray/json/JsonParser.scala b/src/main/scala/spray/json/JsonParser.scala index f29c062..ded8d6a 100644 --- a/src/main/scala/spray/json/JsonParser.scala +++ b/src/main/scala/spray/json/JsonParser.scala @@ -18,9 +18,11 @@ package spray.json import scala.annotation.{switch, tailrec} import java.lang.{StringBuilder => JStringBuilder} -import java.nio.{CharBuffer, ByteBuffer} +import java.nio.{ByteBuffer, CharBuffer} import java.nio.charset.Charset +import scala.collection.immutable.TreeMap + /** * Fast, no-dependency parser for JSON as defined by http://tools.ietf.org/html/rfc4627. */ @@ -89,8 +91,7 @@ class JsonParser(input: ParserInput, settings: JsonParserSettings = JsonParserSe val nextMap = map.updated(key, jsValue) if (ws(',')) members(nextMap) else nextMap } - var map = Map.empty[String, JsValue] - map = members(map) + val map = members(TreeMap.empty[String, JsValue]) require('}') JsObject(map) } else { |