From b096274c1a1a04d2260cac81519062bb74c0df54 Mon Sep 17 00:00:00 2001 From: Hailong Cui Date: Wed, 30 Oct 2024 17:12:25 +0800 Subject: [PATCH] Fix typo cause it will always trigger JSON11 parse (#889) * fix typo cause it will always trigger JSON11 parse Signed-off-by: Hailong Cui * add changelog Signed-off-by: Hailong Cui * add unit test Signed-off-by: Hailong Cui --------- Signed-off-by: Hailong Cui --- CHANGELOG.md | 1 + lib/Serializer.js | 2 +- test/unit/serializer.test.js | 31 +++++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ad9e8c49..3b4cac4a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ Inspired by [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### Removed ### Fixed - Upgrade JSON11 from 1.1.2 to 2.0.0 to ensure UTF-8 safety when stringifying JSON data +- Fixed typo cause JSON11 parse will always be execute when json string has number inside ### Security ## [3.0.0] diff --git a/lib/Serializer.js b/lib/Serializer.js index 2636a53d0..2864718d8 100644 --- a/lib/Serializer.js +++ b/lib/Serializer.js @@ -101,7 +101,7 @@ class Serializer { if ( numeralsAreNumbers && typeof val === 'number' && - (val < Number.MAX_SAFE_INTEGER || val > Number.MAX_SAFE_INTEGER) + (val < Number.MIN_SAFE_INTEGER || val > Number.MAX_SAFE_INTEGER) ) { numeralsAreNumbers = false; } diff --git a/test/unit/serializer.test.js b/test/unit/serializer.test.js index 1773fce07..41bb466f3 100644 --- a/test/unit/serializer.test.js +++ b/test/unit/serializer.test.js @@ -79,6 +79,37 @@ test('Long numerals enabled', (t) => { t.match(res, `"[ ${longNegative.toString()}, ${longPositive.toString()} ]"`); }); +test('Long numerals enabled and json not includes large numbers', (t) => { + t.plan(2); + const s = new Serializer({ enableLongNumeralSupport: true }); + const longPositive = BigInt(Number.MAX_SAFE_INTEGER) * 2n; // eslint-disable-line no-undef + const longNegative = BigInt(Number.MIN_SAFE_INTEGER) * 2n; // eslint-disable-line no-undef + const json = + `{` + + // The space before and after the values, and the lack of spaces before comma are intentional + `"false-positive-1": "෴${longNegative.toString()}", ` + + `"false-positive-2": "[ ߷${longPositive.toString()} ]", ` + + `"false-positive-3": "\\": ֍${longPositive.toString()}\\"", ` + + `"false-positive-4": "෴߷֍${longPositive.toString()}", ` + + `"normal-number": 2024,` + + `"max-safe-integer": ${Number.MAX_SAFE_INTEGER},` + + `"min-safe-integer": ${Number.MIN_SAFE_INTEGER}` + + `}`; + const obj = s.deserialize(json); + const res = s.serialize(obj); + t.same(obj, { + 'normal-number': 2024, + 'max-safe-integer': `${Number.MAX_SAFE_INTEGER}`, + 'min-safe-integer': `${Number.MIN_SAFE_INTEGER}`, + 'false-positive-4': `෴߷֍${longPositive.toString()}`, + 'false-positive-3': `": ֍${longPositive.toString()}"`, + 'false-positive-2': `[ ߷${longPositive.toString()} ]`, + 'false-positive-1': `෴${longNegative.toString()}`, + }); + // The space before and after the values, and the lack of spaces before comma are intentional + t.equal(res.replace(/\s+/g, ''), json.replace(/\s+/g, '')); +}); + test('long numerals not enabled', (t) => { t.plan(5); const s = new Serializer({ enableLongNumeralSupport: false });