Fix typo cause it will always trigger JSON11 parse (#889)

* fix typo cause it will always trigger JSON11 parse Signed-off-by: Hailong Cui <[email protected]> * add changelog Signed-off-by: Hailong Cui <[email protected]> * add unit test Signed-off-by: Hailong Cui <[email protected]> --------- Signed-off-by: Hailong Cui <[email protected]>
opensearch-project · Oct 30, 2024 · b096274 · b096274
1 parent 9288450
commit b096274
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ Inspired by [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Removed
 ### Fixed
 - Upgrade JSON11 from 1.1.2 to 2.0.0 to ensure UTF-8 safety when stringifying JSON data
+- Fixed typo cause JSON11 parse will always be execute when json string has number inside
 ### Security
 
 ## [3.0.0]

diff --git a/lib/Serializer.js b/lib/Serializer.js
@@ -101,7 +101,7 @@ class Serializer {
       if (
         numeralsAreNumbers &&
         typeof val === 'number' &&
-        (val < Number.MAX_SAFE_INTEGER || val > Number.MAX_SAFE_INTEGER)
+        (val < Number.MIN_SAFE_INTEGER || val > Number.MAX_SAFE_INTEGER)
       ) {
         numeralsAreNumbers = false;
       }

diff --git a/test/unit/serializer.test.js b/test/unit/serializer.test.js
@@ -79,6 +79,37 @@ test('Long numerals enabled', (t) => {
   t.match(res, `"[ ${longNegative.toString()}, ${longPositive.toString()} ]"`);
 });
 
+test('Long numerals enabled and json not includes large numbers', (t) => {
+  t.plan(2);
+  const s = new Serializer({ enableLongNumeralSupport: true });
+  const longPositive = BigInt(Number.MAX_SAFE_INTEGER) * 2n; // eslint-disable-line no-undef
+  const longNegative = BigInt(Number.MIN_SAFE_INTEGER) * 2n; // eslint-disable-line no-undef
+  const json =
+    `{` +
+    // The space before and after the values, and the lack of spaces before comma are intentional
+    `"false-positive-1": "෴${longNegative.toString()}", ` +
+    `"false-positive-2": "[ ߷${longPositive.toString()} ]", ` +
+    `"false-positive-3": "\\": ֍${longPositive.toString()}\\"", ` +
+    `"false-positive-4": "෴߷֍${longPositive.toString()}", ` +
+    `"normal-number": 2024,` +
+    `"max-safe-integer": ${Number.MAX_SAFE_INTEGER},` +
+    `"min-safe-integer": ${Number.MIN_SAFE_INTEGER}` +
+    `}`;
+  const obj = s.deserialize(json);
+  const res = s.serialize(obj);
+  t.same(obj, {
+    'normal-number': 2024,
+    'max-safe-integer': `${Number.MAX_SAFE_INTEGER}`,
+    'min-safe-integer': `${Number.MIN_SAFE_INTEGER}`,
+    'false-positive-4': `෴߷֍${longPositive.toString()}`,
+    'false-positive-3': `": ֍${longPositive.toString()}"`,
+    'false-positive-2': `[ ߷${longPositive.toString()} ]`,
+    'false-positive-1': `෴${longNegative.toString()}`,
+  });
+  // The space before and after the values, and the lack of spaces before comma are intentional
+  t.equal(res.replace(/\s+/g, ''), json.replace(/\s+/g, ''));
+});
+
 test('long numerals not enabled', (t) => {
   t.plan(5);
   const s = new Serializer({ enableLongNumeralSupport: false });