improve exception when deserializeJSON encounters bad json

Description

just was checking how lucee handles json after reading this

https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities

https://trycf.com/gist/552e6d941775ef13e719736e9d06ce63/lucee5?theme=monokai

Lucee throws Syntax Error, Invalid Construct rather than a clear, specific message about deserializeJson encountering invalid json.

if possible, also avoiding logging out the 2k of CFMLExpressionInterpreter stacktraces?

Environment

None

Attachments

1

Activity

Pothys - MitrahSoft 4 March 2021 at 10:34

I've checked this ticket with lucee latest version 5.3.8.149-SNAPSHOT also. DeserializeJSON() with bad JSON throws a Syntax Error. Seems ACF throws an error like JSON parsing failure at character 40:'=' in { "a":-1,"b":1,"s": "superadmin\ud888" =.

Unresolved

Details

Assignee

Reporter

Priority

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Created 27 February 2021 at 09:26
Updated 20 June 2024 at 19:52