summaryrefslogtreecommitdiff
path: root/src/main/scala
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #280 from jrudolph/use-TreeMap-fixes-277Johannes Rudolph2018-11-072-6/+8
|\ | | | | CVE-2018-18854 Use TreeMap instead of HashMap for JsObject key/value pairs, fixes #277
| * CVE-2018-18854 Use TreeMap instead of HashMap for JsObject key/value pairs, ↵Johannes Rudolph2018-11-072-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes #277 The problem is that with String's hashCode implementation it is too simple to create synthetic collisions. This allows an attacker to create an object with keys that all collide which leads to a performance drop for the HashMap just for creating the map in the first place. See https://github.com/scala/bug/issues/11203 for more information about the underlying HashMap issue. For the time being, it seems safer to use a TreeMap which uses String ordering. Benchmarks suggest that using a TreeMap is only ~6% slower for reasonably sized JSON objects up to 100 keys. Benchmark for non-colliding keys: Benchmark (_size) (parser) Mode Cnt Score Error Units ExtractFieldsBenchmark.readSpray 1 HashMap thrpt 5 1195832.262 ± 64366.605 ops/s ExtractFieldsBenchmark.readSpray 1 TreeMap thrpt 5 1342009.641 ± 17307.555 ops/s ExtractFieldsBenchmark.readSpray 10 HashMap thrpt 5 237173.327 ± 70341.742 ops/s ExtractFieldsBenchmark.readSpray 10 TreeMap thrpt 5 233510.618 ± 69638.750 ops/s ExtractFieldsBenchmark.readSpray 100 HashMap thrpt 5 23202.016 ± 1514.763 ops/s ExtractFieldsBenchmark.readSpray 100 TreeMap thrpt 5 21899.072 ± 823.225 ops/s ExtractFieldsBenchmark.readSpray 1000 HashMap thrpt 5 2073.754 ± 66.093 ops/s ExtractFieldsBenchmark.readSpray 1000 TreeMap thrpt 5 1793.329 ± 43.603 ops/s ExtractFieldsBenchmark.readSpray 10000 HashMap thrpt 5 208.160 ± 7.466 ops/s ExtractFieldsBenchmark.readSpray 10000 TreeMap thrpt 5 160.349 ± 5.809 ops/s
* | Introduce JsonParserSettings to allow customization of parsingJohannes Rudolph2018-10-303-2/+16
|/
* Add support for Scala 2.13.0-M4 (#263)v1.3.4-2.13.0-M4kenji yoshida2018-08-072-3/+3
|
* Merge pull request #219 from magnolia-k/fix_warnings_about_manifestJohannes Rudolph2018-07-262-4/+7
|\ | | | | Replace ClassManifest with ClassTag
| * Replace ClassManifest to ClassTagMagnolia K2017-01-222-4/+7
| | | | | | | | | | ClassManifest has been deprecated as of 2.10 and replaced with ClassTag because a warning message is displayed at compile time.
* | fix procedure syntaxxuwei-k2018-06-034-13/+13
| |
* | add copyright headers to new filesKonrad `ktoso` Malawski2017-10-241-0/+16
| |
* | Merge pull request #164 from mattinbits/masterKonrad `ktoso` Malawski2017-10-243-1/+13
|\ \ | | | | | | Added method for sorted print
| * | Added method for sorted printMatthew Livesey2015-09-133-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method prints in the same format as PrettyPrinter but sorts the keys of each object lexicographically. The impetus for this change was this question: http://stackoverflow.com/questions/31418626/sort-fields-in-rendered-json In general it is useful to be able to have more deterministic control over the ordering of output, if diff tools are to be used.
* | | Merge pull request #168 from pasieronen/masterKonrad `ktoso` Malawski2017-10-241-2/+6
|\ \ \ | | | | | | | | Allow JsonParser to optionally parse multiple values (see #137)
| * | | Rename JsonParser parameter requireEndOfInput to allowTrailingInput, add ↵Pasi Eronen2015-11-021-3/+3
| | | | | | | | | | | | | | | | test case
| * | | Allow JsonParser to optionally parse multiple values (see #137)Pasi Eronen2015-10-131-2/+6
| |/ /
* | | replace pimp with 'rich', 'enrich', 'extension method'Seth Tisue2017-09-141-3/+21
| | | | | | | | | | | | | | | | | | and: * add MiMa so we know the change is binary compatible * use current Scala & sbt versions
* | | fix dispatch urlxuwei-k2017-06-261-1/+1
| | |
* | | refactor utf8 decoding from indexed bytes into super classJohannes Rudolph2016-12-291-8/+19
| |/ |/| | | | | | | | | This will allow third-party implementations of ParserInput without having to copy the code just to support other data structures like Akka's ByteString or java.nio.ByteBuffer.
* | +#182 allows BigInt/BigDecimal to be obtained from JsStringsKonrad Malawski2016-04-221-0/+2
|/
* = Fix decoding of 4-byte UTF-8 characters into UTF-16 surrogate pairsMark Hatton2015-06-111-11/+17
|
* Make JsonParser require complete consumption of parsing input, closes #137Mathias2015-05-061-1/+3
|
* Fix automatic field name discovery for member names with mangled prefix, ↵Mathias2015-05-061-1/+2
| | | | closes #142
* Introduce `JsObject.empty`, `JsArray.empty`, `JsString.empty` and ↵Mathias2015-05-062-23/+40
| | | | `JsNumber.zero`, closes #143
* Improve name unmangling in ProductFormats, closes #138Mathias2015-05-061-19/+44
|
* Merge pull request #152 from fommil/patch-1Mathias2015-05-061-1/+3
|\ | | | | standard optionFormat type close #151
| * standard optionFormat type close #151Sam Halliday2015-04-251-1/+3
| |
* | Expose fieldName when able in deserialization errorsDan Checkoway2015-04-272-5/+7
|/
* Reinstated deprecated JsArray and JsObject List based constructors for ↵James Roper2015-04-231-1/+8
| | | | backwards compatibility
* Merge pull request #136 from fommil/patch-1Mathias2015-04-201-16/+13
|\ | | | | close #132
| * close #132Sam Halliday2015-01-271-16/+13
| |
* | = Fix multibyte chars at ix 0 of JSON String not being parsed correctly, ↵Mark Hatton2015-04-091-1/+1
| | | | | | | | closes #148
* | Small improvements to JsonParserMathias2015-02-241-7/+7
|/
* Add member name unmangling to ProductFormats, fixes #120Mathias2014-10-281-1/+26
|
* Fix OOE when parsing unterminated JSON strings, fixes #122Mathias2014-10-281-4/+6
|
* Merge pull request #117 from chris-martin/jsonFormat0Mathias2014-09-221-0/+9
|\ | | | | Add jsonFormat0 for fieldless case classes
| * Add jsonFormat0 for fieldless case classesChris Martin2014-09-151-0/+9
| | | | | | | | Closes #41
* | Fix small problem in JsonParser error reportingMathias2014-09-191-6/+5
| |
* | Improve JsonPrinter to enable printing to custom StringBuilderMathias2014-09-191-11/+9
| |
* | Switch JsArray(List) to JsArray(Vector), make parser produce ↵Mathias2014-09-196-35/+32
| | | | | | | | JsObject(HashMap) rather than JsObject(ListMap)
* | Switch to fast, hand-written parser, remove parboiled dependencyMathias2014-09-192-68/+269
|/ | | | Closes #86, #108
* Make sure BasicFormats never pass `null` into JsValue constructors, fixes #70Johannes Rudolph2014-03-131-4/+12
|
* rename asJson => parseJson, fixes #89Johannes Rudolph2014-03-121-1/+3
|
* match spec tightly about which characters to encode, fixes #83, #46Johannes Rudolph2014-03-121-17/+8
|
* Only catch NonFatal exceptionsJohannes Rudolph2014-03-111-1/+2
|
* Fix error introduced in 3f56c8f (#92)Johannes Rudolph2014-03-111-5/+6
|
* Merge pull request #91 from fractaloop/issue-90-escape-control-charactersJohannes Rudolph2014-03-111-1/+1
|\ | | | | Fix for Issue #90
| * Modify the JsonPrinter to escape all characters less than 0x20Logan Lowell2014-02-251-1/+1
| |
* | Make printer methods protected, so they can be overriddenIan Forsey2014-03-062-6/+6
|/
* Ignore static fields in jsonFormatMark van der Tol2013-10-131-1/+3
|
* Fix bug with invalid hex digits in JsonParserAnish Athalye2013-09-271-1/+1
| | | | | Valid hex digits are `[0-9a-fA-F]`. The `"A" - "Z"` is a typo and should be changed to `"A" - "F"`.
* improved error message and fixed test, refs #62Johannes Rudolph2013-08-161-1/+1
|
* Fix for issue #66Eric J. Christeson2013-08-151-2/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-13 08:18:42 +0000