Skip to content

Commit 335879d

Browse files
TommyLemonTommyLemon
committed
Server:Parser新增maxQueryDepth限制,优化maxObjectCount和maxArrayCount限制
1 parent 005bc85 commit 335879d

3 files changed

Lines changed: 21 additions & 11 deletions

File tree

APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractObjectParser.java

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -486,11 +486,12 @@ public JSON onChildParse(int index, String key, JSONObject value) throws Excepti
486486
boolean isEmpty;
487487

488488
if (zuo.biao.apijson.JSONObject.isArrayKey(key)) {//APIJSON Array
489-
arrayCount ++;
490-
491489
int maxArrayCount = parser.getMaxArrayCount();
492490
if (arrayCount > maxArrayCount) {
493-
throw new IllegalArgumentException(path + " 内 key[]: {} 的数量必须在 0-" + maxArrayCount + " 内 !");
491+
throw new IllegalArgumentException(path + " 内 key[]:{} 的数量 为 " + arrayCount + " 已超限,必须在 0-" + maxArrayCount + " 内 !");
492+
}
493+
if (arrayConfig == null || arrayConfig.getPosition() == 0) {
494+
arrayCount ++;
494495
}
495496

496497
if (isMain) {
@@ -502,11 +503,12 @@ public JSON onChildParse(int index, String key, JSONObject value) throws Excepti
502503
isEmpty = child == null || ((JSONArray) child).isEmpty();
503504
}
504505
else {//APIJSON Object
505-
objectCount ++;
506-
507506
int maxObjectCount = parser.getMaxObjectCount();
508507
if (objectCount > maxObjectCount) {
509-
throw new IllegalArgumentException(path + " 内 key: {} 的数量必须在 0-" + maxObjectCount + " 内 !");
508+
throw new IllegalArgumentException(path + " 内 TableKey:{} 的数量 为 " + objectCount + " 已超限,必须在 0-" + maxObjectCount + " 内 !");
509+
}
510+
if (arrayConfig == null || arrayConfig.getPosition() == 0) {
511+
arrayCount ++;
510512
}
511513

512514
if (type == TYPE_ITEM && JSONRequest.isTableKey(Pair.parseEntry(key, true).getKey()) == false) {
@@ -614,7 +616,7 @@ public AbstractObjectParser setSQLConfig(int count, int page, int position) thro
614616
sqlCount ++;
615617
int maxSQLCount = parser.getMaxSQLCount();
616618
if (sqlCount > maxSQLCount) {
617-
throw new IllegalArgumentException(path + " 内生成的 SQL 必须在 0-" + maxSQLCount + " 内 !");
619+
throw new IllegalArgumentException(path + " 内生成的 SQL 为 " + sqlCount + " 已超限,必须在 0-" + maxSQLCount + " 内 !");
618620
}
619621

620622
sqlConfig = newSQLConfig();

APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractParser.java

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -239,7 +239,7 @@ public JSONObject parseResponse(String request) {
239239
return parseResponse(requestObject);
240240
}
241241

242-
private int depth;
242+
private int queryDepth;
243243
/**解析请求json并获取对应结果
244244
* @param request
245245
* @return requestObject
@@ -298,7 +298,7 @@ public JSONObject parseResponse(JSONObject request) {
298298
Exception error = null;
299299
sqlExecutor = createSQLExecutor();
300300
try {
301-
depth = 0;
301+
queryDepth = 0;
302302
requestObject = onObjectParse(request, null, null, null, false);
303303
} catch (Exception e) {
304304
e.printStackTrace();
@@ -628,6 +628,14 @@ public JSONObject onObjectParse(final JSONObject request
628628
return null;
629629
}
630630

631+
if (arrayConfig == null || arrayConfig.getPosition() == 0) {
632+
int maxQueryDepth = getMaxQueryDepth();
633+
if (queryDepth > maxQueryDepth) {
634+
throw new IllegalArgumentException(parentPath + "/" + name + ":{} 的深度(或者说层级) 为 " + queryDepth + " 已超限,必须在 0-" + maxQueryDepth + " 内 !");
635+
}
636+
queryDepth ++;
637+
}
638+
631639
int type = arrayConfig == null ? 0 : arrayConfig.getType();
632640

633641
ObjectParser op = createObjectParser(request, parentPath, name, arrayConfig, isSubquery).parse();

APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/Parser.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ public interface Parser<T> {
3030
int MAX_QUERY_COUNT = 100;
3131
int MAX_UPDATE_COUNT = 10;
3232
int MAX_SQL_COUNT = 100;
33-
int MAX_OBJECT_COUNT = 3;
34-
int MAX_ARRAY_COUNT = 3;
33+
int MAX_OBJECT_COUNT = 5;
34+
int MAX_ARRAY_COUNT = 5;
3535
int MAX_QUERY_DEPTH = 3;
3636

3737

0 commit comments

Comments
 (0)