mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-04-25 14:05:15 +00:00
086a921213
JsonParser has a footgun where it does not retain ownership of the
string to be parsed. For example, the following results in UAF:
JsonParser parser(something_returning_a_string());
parser.parse();
Let's avoid this altogether by only allowing use of JsonParser with
a static, safe method.
41 lines
854 B
C++
41 lines
854 B
C++
/*
|
|
* Copyright (c) 2018-2020, Andreas Kling <andreas@ladybird.org>
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <AK/GenericLexer.h>
|
|
#include <AK/JsonValue.h>
|
|
|
|
namespace AK {
|
|
|
|
class JsonParser : private GenericLexer {
|
|
public:
|
|
static ErrorOr<JsonValue> parse(StringView);
|
|
|
|
private:
|
|
explicit JsonParser(StringView input)
|
|
: GenericLexer(input)
|
|
{
|
|
}
|
|
|
|
ErrorOr<JsonValue> parse_json();
|
|
ErrorOr<JsonValue> parse_helper();
|
|
|
|
ErrorOr<ByteString> consume_and_unescape_string();
|
|
ErrorOr<JsonValue> parse_array();
|
|
ErrorOr<JsonValue> parse_object();
|
|
ErrorOr<JsonValue> parse_number();
|
|
ErrorOr<JsonValue> parse_string();
|
|
ErrorOr<JsonValue> parse_false();
|
|
ErrorOr<JsonValue> parse_true();
|
|
ErrorOr<JsonValue> parse_null();
|
|
};
|
|
|
|
}
|
|
|
|
#if USING_AK_GLOBALLY
|
|
using AK::JsonParser;
|
|
#endif
|