safeguards against invalid raw json strings

Chris Santero · Chris Santero · commit 4ca3654aebee · 2015-02-02T17:28:25.000-05:00
Conflicts:
	JSONAPI.Tests/Json/JsonApiMediaFormaterTests.cs
diff --git a/JSONAPI.Tests/Data/MalformedRawJsonString.json b/JSONAPI.Tests/Data/MalformedRawJsonString.json
@@ -0,0 +1,12 @@
+{
+    "comments": [
+        {
+            "id": "5",
+            "body": null,
+            "customData": { },
+            "links": { 
+                "post":  null
+            }
+        }
+    ]
+}
diff --git a/JSONAPI.Tests/Data/ReformatsRawJsonStringWithUnquotedKeys.json b/JSONAPI.Tests/Data/ReformatsRawJsonStringWithUnquotedKeys.json
@@ -0,0 +1,14 @@
+{
+    "comments": [
+        {
+            "id": "5",
+            "body": null,
+            "customData": { 
+                "unquotedKey":  5
+            },
+            "links": {
+                "post": null
+            }
+        }
+    ]
+}
diff --git a/JSONAPI.Tests/JSONAPI.Tests.csproj b/JSONAPI.Tests/JSONAPI.Tests.csproj
@@ -94,6 +94,12 @@
   </ItemGroup>
   <ItemGroup>
     <None Include="app.config" />
+    <None Include="Data\ReformatsRawJsonStringWithUnquotedKeys.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="Data\MalformedRawJsonString.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="Data\FormatterErrorSerializationTest.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
diff --git a/JSONAPI.Tests/Json/JsonApiMediaFormaterTests.cs b/JSONAPI.Tests/Json/JsonApiMediaFormaterTests.cs
@@ -176,6 +176,44 @@ public void SerializeArrayIntegrationTest()
             //Assert.AreEqual("[2,3,4]", sw.ToString());
         }
 
+        [TestMethod]
+        [DeploymentItem(@"Data\ReformatsRawJsonStringWithUnquotedKeys.json")]
+        public void Reformats_raw_json_string_with_unquoted_keys()
+        {
+            // Arrange
+            JsonApiFormatter formatter = new JsonApiFormatter(new PluralizationService());
+            MemoryStream stream = new MemoryStream();
+
+            // Act
+            var payload = new [] { new Comment { Id = 5, CustomData = "{ unquotedKey: 5 }"}};
+            formatter.WriteToStreamAsync(typeof(Comment), payload, stream, null, null);
+
+            // Assert
+            var minifiedExpectedJson = JsonHelpers.MinifyJson(File.ReadAllText("ReformatsRawJsonStringWithUnquotedKeys.json"));
+            string output = System.Text.Encoding.ASCII.GetString(stream.ToArray());
+            Trace.WriteLine(output);
+            output.Should().Be(minifiedExpectedJson);
+        }
+
+        [TestMethod]
+        [DeploymentItem(@"Data\MalformedRawJsonString.json")]
+        public void Does_not_serialize_malformed_raw_json_string()
+        {
+            // Arrange
+            JsonApiFormatter formatter = new JsonApiFormatter(new PluralizationService());
+            MemoryStream stream = new MemoryStream();
+
+            // Act
+            var payload = new[] { new Comment { Id = 5, CustomData = "{ x }" } };
+            formatter.WriteToStreamAsync(typeof(Comment), payload, stream, null, null);
+
+            // Assert
+            var minifiedExpectedJson = JsonHelpers.MinifyJson(File.ReadAllText("MalformedRawJsonString.json"));
+            string output = System.Text.Encoding.ASCII.GetString(stream.ToArray());
+            Trace.WriteLine(output);
+            output.Should().Be(minifiedExpectedJson);
+        }
+
         [TestMethod]
         [DeploymentItem(@"Data\FormatterErrorSerializationTest.json")]
         public void Should_serialize_error()
diff --git a/JSONAPI/Json/JsonApiFormatter.cs b/JSONAPI/Json/JsonApiFormatter.cs
@@ -41,8 +41,11 @@ internal JsonApiFormatter(IModelManager modelManager, IErrorSerializer errorSeri
             _modelManager = modelManager;
             _errorSerializer = errorSerializer;
             SupportedMediaTypes.Add(new MediaTypeHeaderValue("application/vnd.api+json"));
+            ValidateRawJsonStrings = true;
         }
 
+        public bool ValidateRawJsonStrings { get; set; }
+
         [Obsolete("Use ModelManager.PluralizationService instead")]
         public IPluralizationService PluralizationService  //FIXME: Deprecated, will be removed shortly
         {
@@ -215,8 +218,21 @@ protected void Serialize(object value, Stream writeStream, JsonWriter writer, Js
                         }
                         else
                         {
-                            var minifiedValue = JsonHelpers.MinifyJson((string) propertyValue);
-                            writer.WriteRawValue(minifiedValue);
+                            var json = (string) propertyValue;
+                            if (ValidateRawJsonStrings)
+                            {
+                                try
+                                {
+                                    var token = JToken.Parse(json);
+                                    json = token.ToString();
+                                }
+                                catch (Exception)
+                                {
+                                    json = "{}";
+                                }
+                            }
+                            var valueToSerialize = JsonHelpers.MinifyJson(json);
+                            writer.WriteRawValue(valueToSerialize);
                         }
                     }
                     else

Original file line number	Diff line number	Diff line change
`@@ -41,8 +41,11 @@ internal JsonApiFormatter(IModelManager modelManager, IErrorSerializer errorSeri`
`41`	`41`	`_modelManager = modelManager;`
`42`	`42`	`_errorSerializer = errorSerializer;`
`43`	`43`	`SupportedMediaTypes.Add(new MediaTypeHeaderValue("application/vnd.api+json"));`
	`44`	`+ ValidateRawJsonStrings = true;`
`44`	`45`	`}`
`45`	`46`
	`47`	`+ public bool ValidateRawJsonStrings { get; set; }`
	`48`	`+`
`46`	`49`	`[Obsolete("Use ModelManager.PluralizationService instead")]`
`47`	`50`	`public IPluralizationService PluralizationService //FIXME: Deprecated, will be removed shortly`
`48`	`51`	`{`
`@@ -215,8 +218,21 @@ protected void Serialize(object value, Stream writeStream, JsonWriter writer, Js`
`215`	`218`	`}`
`216`	`219`	`else`
`217`	`220`	`{`
`218`		`- var minifiedValue = JsonHelpers.MinifyJson((string) propertyValue);`
`219`		`- writer.WriteRawValue(minifiedValue);`
	`221`	`+ var json = (string) propertyValue;`
	`222`	`+ if (ValidateRawJsonStrings)`
	`223`	`+ {`
	`224`	`+ try`
	`225`	`+ {`
	`226`	`+ var token = JToken.Parse(json);`
	`227`	`+ json = token.ToString();`
	`228`	`+ }`
	`229`	`+ catch (Exception)`
	`230`	`+ {`
	`231`	`+ json = "{}";`
	`232`	`+ }`
	`233`	`+ }`
	`234`	`+ var valueToSerialize = JsonHelpers.MinifyJson(json);`
	`235`	`+ writer.WriteRawValue(valueToSerialize);`
`220`	`236`	`}`
`221`	`237`	`}`
`222`	`238`	`else`