mirror of
https://gitee.com/chinabugotech/hutool.git
synced 2025-08-18 20:38:02 +08:00
增加ParseConfig,通过增加maxNestingDepth参数避免StackOverflowError问题,修复CVE-2022-45688漏洞
This commit is contained in:
@@ -0,0 +1,19 @@
|
||||
package cn.hutool.json.xml;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.hutool.json.JSONException;
|
||||
import cn.hutool.json.XML;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
public class Issue2748Test {
|
||||
|
||||
@Test
|
||||
public void toJSONObjectTest() {
|
||||
final String s = StrUtil.repeat("<a>", 600);
|
||||
|
||||
Assert.assertThrows(JSONException.class, () -> {
|
||||
XML.toJSONObject(s, ParseConfig.of().setMaxNestingDepth(512));
|
||||
});
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user