From 7cc2c4068d0b8ccbc686683b114b58aa1e7925ae Mon Sep 17 00:00:00 2001 From: yanghuaiGit <38883656+yanghuaiGit@users.noreply.github.com> Date: Mon, 17 Nov 2025 20:22:59 +0800 Subject: [PATCH] Revert "Fix JSON parsing stack overflow vulnerabilities (#1939)" This reverts commit 77a30feb1afc515fcd4dbe7a461bb3f93d4cb179. --- .../com/dtstack/chunjun/util/GsonUtil.java | 91 ++++++++----------- 1 file changed, 40 insertions(+), 51 deletions(-) diff --git a/chunjun-core/src/main/java/com/dtstack/chunjun/util/GsonUtil.java b/chunjun-core/src/main/java/com/dtstack/chunjun/util/GsonUtil.java index 564ee91002..0c54a78d1d 100644 --- a/chunjun-core/src/main/java/com/dtstack/chunjun/util/GsonUtil.java +++ b/chunjun-core/src/main/java/com/dtstack/chunjun/util/GsonUtil.java @@ -77,62 +77,51 @@ public TypeAdapter create(Gson gson, TypeToken type) { return new TypeAdapter() { @Override public Object read(JsonReader in) throws IOException { - // Either List or Map - Object current; - JsonToken peeked = in.peek(); - - current = tryBeginNesting(in, peeked); - if (current == null) { - return readTerminal(in, peeked); - } - - Deque stack = new ArrayDeque<>(); - - while (true) { - while (in.hasNext()) { - String name = null; - // Name is only used for JSON object members - if (current instanceof Map) { - name = in.nextName(); + JsonToken token = in.peek(); + // 判断字符串的实际类型 + switch (token) { + case BEGIN_ARRAY: + List list = new ArrayList<>(); + in.beginArray(); + while (in.hasNext()) { + list.add(read(in)); } + in.endArray(); + return list; - peeked = in.peek(); - Object value = tryBeginNesting(in, peeked); - boolean isNesting = value != null; - - if (value == null) { - value = readTerminal(in, peeked); + case BEGIN_OBJECT: + Map map = + new LinkedTreeMap<>(); + in.beginObject(); + while (in.hasNext()) { + map.put(in.nextName(), read(in)); } - - if (current instanceof List) { - @SuppressWarnings("unchecked") - List list = (List) current; - list.add(value); + in.endObject(); + return map; + case STRING: + return in.nextString(); + case NUMBER: + String s = in.nextString(); + if (s.contains(".")) { + return Double.valueOf(s); } else { - @SuppressWarnings("unchecked") - Map map = (Map) current; - map.put(name, value); + try { + return Integer.valueOf(s); + } catch (Exception e) { + try { + return Long.valueOf(s); + } catch (Exception e1) { + return new BigInteger(s); + } + } } - - if (isNesting) { - stack.addLast(current); - current = value; - } - } - - // End current element - if (current instanceof List) { - in.endArray(); - } else { - in.endObject(); - } - - if (stack.isEmpty()) { - return current; - } else { - // Continue with enclosing element - current = stack.removeLast(); - } + case BOOLEAN: + return in.nextBoolean(); + case NULL: + in.nextNull(); + return null; + default: + throw new IllegalStateException(); } }