Class: Gitlab::Json::StreamValidator

Inherits:

Oj::ScHandler

• Object
• Oj::ScHandler
• Gitlab::Json::StreamValidator

Defined in:

lib/gitlab/json/stream_validator.rb

Overview

See www.rubydoc.info/gems/oj/Oj/ScHandler for required methods

Constant Summary

LimitExceededError =

Class.new(StandardError)

DepthLimitError =

Class.new(LimitExceededError)

ArraySizeLimitError =

Class.new(LimitExceededError)

ElementCountLimitError =

Class.new(LimitExceededError)

HashSizeLimitError =

Class.new(LimitExceededError)

BodySizeExceededError =

Class.new(LimitExceededError)

NUMERIC_REGEX =

Match integers, floats, and scientific notation with reasonable size limits Supports: 123, -123, 12.3, -12.3, 1.23e10, -1.23E-10 Limits: max 15 digits for integer part, max 15 digits for fractional part, max 3 digits for exponent

/\A[+-]?(?:\d{1,15}\.?\d{0,15}|\.\d{1,15})(?:[eE][+-]?\d{1,3})?\z/

Instance Attribute Summary

• #options ⇒ Object readonly

  Returns the value of attribute options.

• #result ⇒ Object readonly

  Returns the value of attribute result.

Class Method Summary

• .user_facing_error_message(exception) ⇒ Object

  We want to hide the limits configured, but still show what type.

Instance Method Summary

• #add_value(value) ⇒ Object

  Called for root values (when not in a hash or array).

• #array_append(array, value) ⇒ Object
• #array_end ⇒ Object

  Called when an array ends.

• #array_start ⇒ Object

  Called when an array starts.

• #hash_end ⇒ Object

  Called when a hash ends.

• #hash_key(key) ⇒ Object

  Called for each key in a hash.

• #hash_set(hash, key, value) ⇒ Object

  Called when a key/value pair is complete.

• #hash_start ⇒ Object

  Called when a hash starts.

• #initialize(options) ⇒ StreamValidator constructor

  A new instance of StreamValidator.

• #metadata ⇒ Object

  Returns metadata about the parsed JSON structure.

• #validate!(body) ⇒ nil

  This method validates the JSON input against configured size limits.

Constructor Details

#initialize(options) ⇒ StreamValidator

Returns a new instance of StreamValidator.

# File 'lib/gitlab/json/stream_validator.rb', line 39

def initialize(options)
  @options = options
  @depth = 0
  @array_counts = {} # Track size by array object_id
  @hash_counts = {} # Track size by hash object_id
  @body_bytesize = 0
  @total_elements = 0
  @stack = []
  @result = nil
  @max_depth_reached = 0
  @max_array_count = 0
  @max_hash_count = 0
end

Instance Attribute Details

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/gitlab/json/stream_validator.rb', line 19

def options
  @options
end

#result ⇒ Object (readonly)

Returns the value of attribute result.

# File 'lib/gitlab/json/stream_validator.rb', line 19

def result
  @result
end

Class Method Details

.user_facing_error_message(exception) ⇒ Object

We want to hide the limits configured, but still show what type

# File 'lib/gitlab/json/stream_validator.rb', line 22

def self.user_facing_error_message(exception)
  case exception
  when ::Gitlab::Json::StreamValidator::DepthLimitError
    "Parameters nested too deeply"
  when ::Gitlab::Json::StreamValidator::ArraySizeLimitError
    "Array parameter too large"
  when ::Gitlab::Json::StreamValidator::HashSizeLimitError
    "Hash parameter too large"
  when ::Gitlab::Json::StreamValidator::ElementCountLimitError
    "Too many total parameters"
  when ::Gitlab::Json::StreamValidator::BodySizeExceededError
    "JSON body too large"
  else
    "Invalid JSON: limit exceeded"
  end
end

Instance Method Details

#add_value(value) ⇒ Object

Called for root values (when not in a hash or array)

# File 'lib/gitlab/json/stream_validator.rb', line 170

def add_value(value)
  increment_element_count!
  @result = value
end

#array_append(array, value) ⇒ Object

# File 'lib/gitlab/json/stream_validator.rb', line 156

def array_append(array, value)
  increment_element_count!

  current_size = @array_counts[array.object_id] || 0 # rubocop:disable Lint/HashCompareByIdentity -- We want to track by object ID

  check_array_size!(current_size)

  array << value
  new_size = current_size + 1
  @array_counts[array.object_id] = new_size # rubocop:disable Lint/HashCompareByIdentity -- We want to track by object ID
  @max_array_count = [@max_array_count, new_size].max
end

#array_end ⇒ Object

Called when an array ends

# File 'lib/gitlab/json/stream_validator.rb', line 146

def array_end
  @depth -= 1
  array = @stack.pop
  @array_counts.delete(array.object_id)

  @result = array if @stack.empty?

  array
end

#array_start ⇒ Object

Called when an array starts

# File 'lib/gitlab/json/stream_validator.rb', line 134

def array_start
  check_depth!
  @depth += 1
  @max_depth_reached = [@max_depth_reached, @depth].max

  array = []
  @array_counts[array.object_id] = 0 # rubocop:disable Lint/HashCompareByIdentity -- We want to track by object ID
  @stack.push(array)
  array
end

#hash_end ⇒ Object

Called when a hash ends

# File 'lib/gitlab/json/stream_validator.rb', line 103

def hash_end
  @depth -= 1
  hash = @stack.pop
  @hash_counts.delete(hash.object_id)

  @result = hash if @stack.empty?

  hash
end

#hash_key(key) ⇒ Object

Called for each key in a hash

# File 'lib/gitlab/json/stream_validator.rb', line 114

def hash_key(key)
  increment_element_count!

  key
end

#hash_set(hash, key, value) ⇒ Object

Called when a key/value pair is complete

# File 'lib/gitlab/json/stream_validator.rb', line 121

def hash_set(hash, key, value)
  increment_element_count!

  current_size = @hash_counts[hash.object_id] || 0 # rubocop:disable Lint/HashCompareByIdentity -- We want to track by object ID
  check_hash_size!(current_size)

  hash[key] = value
  new_size = current_size + 1
  @hash_counts[hash.object_id] = new_size # rubocop:disable Lint/HashCompareByIdentity -- We want to track by object ID
  @max_hash_count = [@max_hash_count, new_size].max
end

#hash_start ⇒ Object

Called when a hash starts

# File 'lib/gitlab/json/stream_validator.rb', line 91

def hash_start
  check_depth!
  @depth += 1
  @max_depth_reached = [@max_depth_reached, @depth].max

  hash = {}
  @hash_counts[hash.object_id] = 0 # rubocop:disable Lint/HashCompareByIdentity -- We want to track by object ID
  @stack.push(hash)
  hash
end

#metadata ⇒ Object

Returns metadata about the parsed JSON structure

# File 'lib/gitlab/json/stream_validator.rb', line 176

def metadata
  {
    body_bytesize: @body_bytesize,
    total_elements: @total_elements,
    max_array_count: @max_array_count,
    max_hash_count: @max_hash_count,
    max_depth: @max_depth_reached
  }
end

#validate!(body) ⇒ nil

This method validates the JSON input against configured size limits. It uses Oj’s streaming parser for efficient processing of large JSON documents while enforcing safety limits.

are exceeded

Examples:

Parse a simple JSON string

validator = Gitlab::Json::StreamValidator.new(max_json_size_bytes: 1024)
validator.validate!('{"key": "value"}') #=> nil

Handle size limit exceeded

validator = Gitlab::Json::StreamValidator.new(max_json_size_bytes: 10)
validator.validate!('{"very": "long json string"}')
# raises BodySizeExceededError

Parameters:

• body (String) —

  the JSON string to parse

Returns:

• (nil) —

  returns nil after successful validation or when skipping primitive values

Raises:

• (Oj::ParseError) —

  when the JSON is malformed or invalid

• (EncodingError) —

  when the JSON is malformed or invalid

• (::Gitlab::Json::StreamValidator::LimitExceededError) —

  when parsing limits (depth, array size, etc.)

# File 'lib/gitlab/json/stream_validator.rb', line 72

def validate!(body)
  return if body.nil? || body.empty?

  @body_bytesize = body.bytesize

  check_body_size!

  # Oj.sc_parse does not handle primitive values (see https://github.com/ohler55/oj/issues/979)
  # so we need to handle them separately before calling the streaming parser
  return if %w[true false null].include?(body)
  return if quoted_string?(body)
  return if body.encoding == Encoding::UTF_8 && body.valid_encoding? && NUMERIC_REGEX.match?(body)

  ::Oj.sc_parse(self, body)

  nil
end