Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge pull request #280 from jrudolph/use-TreeMap-fixes-277 | Johannes Rudolph | 2018-11-07 | 2 | -6/+8 |
|\ | | | | | CVE-2018-18854 Use TreeMap instead of HashMap for JsObject key/value pairs, fixes #277 | ||||
| * | CVE-2018-18854 Use TreeMap instead of HashMap for JsObject key/value pairs, ↵ | Johannes Rudolph | 2018-11-07 | 2 | -6/+8 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes #277 The problem is that with String's hashCode implementation it is too simple to create synthetic collisions. This allows an attacker to create an object with keys that all collide which leads to a performance drop for the HashMap just for creating the map in the first place. See https://github.com/scala/bug/issues/11203 for more information about the underlying HashMap issue. For the time being, it seems safer to use a TreeMap which uses String ordering. Benchmarks suggest that using a TreeMap is only ~6% slower for reasonably sized JSON objects up to 100 keys. Benchmark for non-colliding keys: Benchmark (_size) (parser) Mode Cnt Score Error Units ExtractFieldsBenchmark.readSpray 1 HashMap thrpt 5 1195832.262 ± 64366.605 ops/s ExtractFieldsBenchmark.readSpray 1 TreeMap thrpt 5 1342009.641 ± 17307.555 ops/s ExtractFieldsBenchmark.readSpray 10 HashMap thrpt 5 237173.327 ± 70341.742 ops/s ExtractFieldsBenchmark.readSpray 10 TreeMap thrpt 5 233510.618 ± 69638.750 ops/s ExtractFieldsBenchmark.readSpray 100 HashMap thrpt 5 23202.016 ± 1514.763 ops/s ExtractFieldsBenchmark.readSpray 100 TreeMap thrpt 5 21899.072 ± 823.225 ops/s ExtractFieldsBenchmark.readSpray 1000 HashMap thrpt 5 2073.754 ± 66.093 ops/s ExtractFieldsBenchmark.readSpray 1000 TreeMap thrpt 5 1793.329 ± 43.603 ops/s ExtractFieldsBenchmark.readSpray 10000 HashMap thrpt 5 208.160 ± 7.466 ops/s ExtractFieldsBenchmark.readSpray 10000 TreeMap thrpt 5 160.349 ± 5.809 ops/s | ||||
* | | Introduce JsonParserSettings to allow customization of parsing | Johannes Rudolph | 2018-10-30 | 3 | -2/+16 |
|/ | |||||
* | Add support for Scala 2.13.0-M4 (#263)v1.3.4-2.13.0-M4 | kenji yoshida | 2018-08-07 | 2 | -3/+3 |
| | |||||
* | Merge pull request #219 from magnolia-k/fix_warnings_about_manifest | Johannes Rudolph | 2018-07-26 | 2 | -4/+7 |
|\ | | | | | Replace ClassManifest with ClassTag | ||||
| * | Replace ClassManifest to ClassTag | Magnolia K | 2017-01-22 | 2 | -4/+7 |
| | | | | | | | | | | ClassManifest has been deprecated as of 2.10 and replaced with ClassTag because a warning message is displayed at compile time. | ||||
* | | fix procedure syntax | xuwei-k | 2018-06-03 | 4 | -13/+13 |
| | | |||||
* | | add copyright headers to new files | Konrad `ktoso` Malawski | 2017-10-24 | 1 | -0/+16 |
| | | |||||
* | | Merge pull request #164 from mattinbits/master | Konrad `ktoso` Malawski | 2017-10-24 | 3 | -1/+13 |
|\ \ | | | | | | | Added method for sorted print | ||||
| * | | Added method for sorted print | Matthew Livesey | 2015-09-13 | 3 | -1/+13 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method prints in the same format as PrettyPrinter but sorts the keys of each object lexicographically. The impetus for this change was this question: http://stackoverflow.com/questions/31418626/sort-fields-in-rendered-json In general it is useful to be able to have more deterministic control over the ordering of output, if diff tools are to be used. | ||||
* | | | Merge pull request #168 from pasieronen/master | Konrad `ktoso` Malawski | 2017-10-24 | 1 | -2/+6 |
|\ \ \ | | | | | | | | | Allow JsonParser to optionally parse multiple values (see #137) | ||||
| * | | | Rename JsonParser parameter requireEndOfInput to allowTrailingInput, add ↵ | Pasi Eronen | 2015-11-02 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | test case | ||||
| * | | | Allow JsonParser to optionally parse multiple values (see #137) | Pasi Eronen | 2015-10-13 | 1 | -2/+6 |
| |/ / | |||||
* | | | replace pimp with 'rich', 'enrich', 'extension method' | Seth Tisue | 2017-09-14 | 1 | -3/+21 |
| | | | | | | | | | | | | | | | | | | and: * add MiMa so we know the change is binary compatible * use current Scala & sbt versions | ||||
* | | | fix dispatch url | xuwei-k | 2017-06-26 | 1 | -1/+1 |
| | | | |||||
* | | | refactor utf8 decoding from indexed bytes into super class | Johannes Rudolph | 2016-12-29 | 1 | -8/+19 |
| |/ |/| | | | | | | | | | This will allow third-party implementations of ParserInput without having to copy the code just to support other data structures like Akka's ByteString or java.nio.ByteBuffer. | ||||
* | | +#182 allows BigInt/BigDecimal to be obtained from JsStrings | Konrad Malawski | 2016-04-22 | 1 | -0/+2 |
|/ | |||||
* | = Fix decoding of 4-byte UTF-8 characters into UTF-16 surrogate pairs | Mark Hatton | 2015-06-11 | 1 | -11/+17 |
| | |||||
* | Make JsonParser require complete consumption of parsing input, closes #137 | Mathias | 2015-05-06 | 1 | -1/+3 |
| | |||||
* | Fix automatic field name discovery for member names with mangled prefix, ↵ | Mathias | 2015-05-06 | 1 | -1/+2 |
| | | | | closes #142 | ||||
* | Introduce `JsObject.empty`, `JsArray.empty`, `JsString.empty` and ↵ | Mathias | 2015-05-06 | 2 | -23/+40 |
| | | | | `JsNumber.zero`, closes #143 | ||||
* | Improve name unmangling in ProductFormats, closes #138 | Mathias | 2015-05-06 | 1 | -19/+44 |
| | |||||
* | Merge pull request #152 from fommil/patch-1 | Mathias | 2015-05-06 | 1 | -1/+3 |
|\ | | | | | standard optionFormat type close #151 | ||||
| * | standard optionFormat type close #151 | Sam Halliday | 2015-04-25 | 1 | -1/+3 |
| | | |||||
* | | Expose fieldName when able in deserialization errors | Dan Checkoway | 2015-04-27 | 2 | -5/+7 |
|/ | |||||
* | Reinstated deprecated JsArray and JsObject List based constructors for ↵ | James Roper | 2015-04-23 | 1 | -1/+8 |
| | | | | backwards compatibility | ||||
* | Merge pull request #136 from fommil/patch-1 | Mathias | 2015-04-20 | 1 | -16/+13 |
|\ | | | | | close #132 | ||||
| * | close #132 | Sam Halliday | 2015-01-27 | 1 | -16/+13 |
| | | |||||
* | | = Fix multibyte chars at ix 0 of JSON String not being parsed correctly, ↵ | Mark Hatton | 2015-04-09 | 1 | -1/+1 |
| | | | | | | | | closes #148 | ||||
* | | Small improvements to JsonParser | Mathias | 2015-02-24 | 1 | -7/+7 |
|/ | |||||
* | Add member name unmangling to ProductFormats, fixes #120 | Mathias | 2014-10-28 | 1 | -1/+26 |
| | |||||
* | Fix OOE when parsing unterminated JSON strings, fixes #122 | Mathias | 2014-10-28 | 1 | -4/+6 |
| | |||||
* | Merge pull request #117 from chris-martin/jsonFormat0 | Mathias | 2014-09-22 | 1 | -0/+9 |
|\ | | | | | Add jsonFormat0 for fieldless case classes | ||||
| * | Add jsonFormat0 for fieldless case classes | Chris Martin | 2014-09-15 | 1 | -0/+9 |
| | | | | | | | | Closes #41 | ||||
* | | Fix small problem in JsonParser error reporting | Mathias | 2014-09-19 | 1 | -6/+5 |
| | | |||||
* | | Improve JsonPrinter to enable printing to custom StringBuilder | Mathias | 2014-09-19 | 1 | -11/+9 |
| | | |||||
* | | Switch JsArray(List) to JsArray(Vector), make parser produce ↵ | Mathias | 2014-09-19 | 6 | -35/+32 |
| | | | | | | | | JsObject(HashMap) rather than JsObject(ListMap) | ||||
* | | Switch to fast, hand-written parser, remove parboiled dependency | Mathias | 2014-09-19 | 2 | -68/+269 |
|/ | | | | Closes #86, #108 | ||||
* | Make sure BasicFormats never pass `null` into JsValue constructors, fixes #70 | Johannes Rudolph | 2014-03-13 | 1 | -4/+12 |
| | |||||
* | rename asJson => parseJson, fixes #89 | Johannes Rudolph | 2014-03-12 | 1 | -1/+3 |
| | |||||
* | match spec tightly about which characters to encode, fixes #83, #46 | Johannes Rudolph | 2014-03-12 | 1 | -17/+8 |
| | |||||
* | Only catch NonFatal exceptions | Johannes Rudolph | 2014-03-11 | 1 | -1/+2 |
| | |||||
* | Fix error introduced in 3f56c8f (#92) | Johannes Rudolph | 2014-03-11 | 1 | -5/+6 |
| | |||||
* | Merge pull request #91 from fractaloop/issue-90-escape-control-characters | Johannes Rudolph | 2014-03-11 | 1 | -1/+1 |
|\ | | | | | Fix for Issue #90 | ||||
| * | Modify the JsonPrinter to escape all characters less than 0x20 | Logan Lowell | 2014-02-25 | 1 | -1/+1 |
| | | |||||
* | | Make printer methods protected, so they can be overridden | Ian Forsey | 2014-03-06 | 2 | -6/+6 |
|/ | |||||
* | Ignore static fields in jsonFormat | Mark van der Tol | 2013-10-13 | 1 | -1/+3 |
| | |||||
* | Fix bug with invalid hex digits in JsonParser | Anish Athalye | 2013-09-27 | 1 | -1/+1 |
| | | | | | Valid hex digits are `[0-9a-fA-F]`. The `"A" - "Z"` is a typo and should be changed to `"A" - "F"`. | ||||
* | improved error message and fixed test, refs #62 | Johannes Rudolph | 2013-08-16 | 1 | -1/+1 |
| | |||||
* | Fix for issue #66 | Eric J. Christeson | 2013-08-15 | 1 | -2/+2 |
| |