-
Notifications
You must be signed in to change notification settings - Fork 821
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Variadic Object Traversal #688
base: master
Are you sure you want to change the base?
Conversation
f38e4b9
to
11a747a
Compare
8ff5321
to
b78335a
Compare
I can't seem to end the redundant appveyor calls. Is there anything I can do to compensate you if there is any harm caused? I'm really sorry about this. |
So, again sorry about the appveyor thing. it's 3AM here and I can't sleep so I though I'd fix this but I didn't realise I was pushing to the PR instead of my branch. Also, apparently removing the typechecking in the function was unnecessary, but I like it better this way |
} | ||
continue; | ||
} | ||
object = json_object_get(object, va_arg(path, const char*)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, thanks for the PR!
It seems to me that the function is quite dangerous: if the json structure differs from the expected one, then the passed array index can be used as a pointer to a string.
In this case, we have no way to return an error to the user, since va args is not typed in any way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is true, though that seems inherent to a variadic approach. printf and other functions I've found tend to have this issue regardless. I considered an approach of using a pointer array to a specific struct with appropriate typechecking but it defeated the purpose of making a convenient interface.
I largely created this function as a way of simplifying getting parts of a JSON object from a known JSON structure and thought it might be useful for other people as well. the variadic approach handles object traversal well and in my exeprience using this in my own project, I've found that if I ever mess up the location of an index in the path, I just get a null return since it's extremely unlikely that such a space in memory would have a char pointer with a value that's also a key in the object that is being queried.
And even if it did, the worst case result is that it returns an unintended child of the JSON which is still relatively safe.
I've also passed a char* as an index and just had null returns since it's unlikely that the array in question is large enough that the pointer in question is a valid index.
Since any inputs to this function are never edited or copied, simply read from the impact on other parts of the memory should be effectively null.
Granted this is obviously not intended for any application where the path is passed in by a user or some outside source, since that might allow a bad actor to pass in something specifically malicious. (though it would be quite unweildy to work with regardless in this scenario as far as I'm aware)
But in the bounds of standard development where this may be used, I figure that it fails in a sufficiently safe manner even if the path is incorrect.
Beyond that if this still seems too unsafe, I'm not too concerned about it and just wanted to pass along a tool that I made since I thought it might be useful, and I'll just retain it for my own use. Thank you for your time in that case, and if you have any reccomendations on how to make it safer given the goal of this function, please let me know as I'm more than happy to learn.
Searches Object using a variadic function.
Function takes a root object, a depth of search and a path composed of char* keys for elements in objects and size_t indexes for objects in lists.
examples below from tests, and reference the following JSON:
value = json_object_get_path(json, 2, "base", "array");
returns a json object for
[{}, [], "string 1", 1, 2.2000000000000002, true, false, null]
value = json_object_get_path(json, 3, "base", "array", (size_t) 2);
returns a json object for
"string 1"
value = json_object_get_path(json, 3, "base", "nest 1", "nest 2");
returns a json object for
{"nest 3":{}}