Package com.fasterxml.jackson.core
Class StreamReadConstraints
java.lang.Object
com.fasterxml.jackson.core.StreamReadConstraints
- All Implemented Interfaces:
Serializable
The constraints to use for streaming reads: used to guard against malicious
input by preventing processing of "too big" input constructs (values,
structures).
Constraints are registered with
TokenStreamFactory (such as
JsonFactory); if nothing explicitly specified, default
constraints are used.
Currently constrained aspects, with default settings, are:
- Maximum Number value length: default 1000 (see
DEFAULT_MAX_NUM_LEN) - Maximum String value length: default 20_000_000 (see
DEFAULT_MAX_STRING_LEN) - Maximum Property name length: default 50_000 (see
DEFAULT_MAX_NAME_LEN) - Maximum Nesting depth: default 1000 (see
DEFAULT_MAX_DEPTH) - Maximum Document length: default
unlimited(coded as-1, (seeDEFAULT_MAX_DOC_LEN)
- Since:
- 2.15
- See Also:
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final longprotected final intprotected final intprotected final intprotected final intstatic final intDefault setting for maximum depth: seeStreamReadConstraints.Builder.maxNestingDepth(int)for details.static final longDefault setting for maximum document length: seeStreamReadConstraints.Builder.maxDocumentLength(long)for details.static final intDefault setting for maximum name length: seeStreamReadConstraints.Builder.maxNameLength(int)for details.static final intstatic final intDefault setting for maximum string length: seeStreamReadConstraints.Builder.maxStringLength(int)for details. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedStreamReadConstraints(int maxNestingDepth, long maxDocLen, int maxNumLen, int maxStringLen) Deprecated.protectedStreamReadConstraints(int maxNestingDepth, long maxDocLen, int maxNumLen, int maxStringLen, int maxNameLen) -
Method Summary
Modifier and TypeMethodDescriptionprotected String_constrainRef(String method) protected StreamConstraintsException_constructException(String msgTemplate, Object... args) builder()static StreamReadConstraintsdefaults()longAccessor for maximum document length.intAccessor for maximum length of names to decode.intAccessor for maximum depth.intAccessor for maximum length of numbers to decode.intAccessor for maximum length of strings to decode.booleanConvenience method, basically same as:static voidoverrideDefaultStreamReadConstraints(StreamReadConstraints streamReadConstraints) Override the default StreamReadConstraints.rebuild()voidvalidateBigIntegerScale(int scale) Convenience method that can be used to verify that a conversion toBigIntegerStreamConstraintsExceptionis thrown.voidvalidateDocumentLength(long len) Convenience method that can be used to verify that the document length does not exceed the maximum specified by this constraints object (if any): if it does, aStreamConstraintsExceptionis thrown.voidvalidateFPLength(int length) Convenience method that can be used to verify that a floating-point number of specified length does not exceed maximum specified by this constraints object: if it does, aStreamConstraintsExceptionis thrown.voidvalidateIntegerLength(int length) Convenience method that can be used to verify that an integer number of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsExceptionis thrown.voidvalidateNameLength(int length) Convenience method that can be used to verify that a name of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsExceptionis thrown.voidvalidateNestingDepth(int depth) Convenience method that can be used to verify that the nesting depth does not exceed the maximum specified by this constraints object: if it does, aStreamConstraintsExceptionis thrown.voidvalidateStringLength(int length) Convenience method that can be used to verify that a String of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsExceptionis thrown.
-
Field Details
-
DEFAULT_MAX_DEPTH
public static final int DEFAULT_MAX_DEPTHDefault setting for maximum depth: seeStreamReadConstraints.Builder.maxNestingDepth(int)for details.- See Also:
-
DEFAULT_MAX_DOC_LEN
public static final long DEFAULT_MAX_DOC_LENDefault setting for maximum document length: seeStreamReadConstraints.Builder.maxDocumentLength(long)for details.- See Also:
-
DEFAULT_MAX_NUM_LEN
public static final int DEFAULT_MAX_NUM_LEN- Since:
- 2.16
- See Also:
-
DEFAULT_MAX_STRING_LEN
public static final int DEFAULT_MAX_STRING_LENDefault setting for maximum string length: seeStreamReadConstraints.Builder.maxStringLength(int)for details.NOTE: Jackson 2.15.0 initially used a lower setting (5_000_000).
- See Also:
-
DEFAULT_MAX_NAME_LEN
public static final int DEFAULT_MAX_NAME_LENDefault setting for maximum name length: seeStreamReadConstraints.Builder.maxNameLength(int)for details.- Since:
- 2.16
- See Also:
-
_maxNestingDepth
protected final int _maxNestingDepth -
_maxDocLen
protected final long _maxDocLen -
_maxNumLen
protected final int _maxNumLen -
_maxStringLen
protected final int _maxStringLen -
_maxNameLen
protected final int _maxNameLen
-
-
Constructor Details
-
StreamReadConstraints
@Deprecated protected StreamReadConstraints(int maxNestingDepth, long maxDocLen, int maxNumLen, int maxStringLen) Deprecated. -
StreamReadConstraints
protected StreamReadConstraints(int maxNestingDepth, long maxDocLen, int maxNumLen, int maxStringLen, int maxNameLen) - Parameters:
maxNestingDepth- Maximum input document nesting to allowmaxDocLen- Maximum input document length to allowmaxNumLen- Maximum number representation length to allowmaxStringLen- Maximum String value length to allowmaxNameLen- Maximum Object property name length to allow- Since:
- 2.16
-
-
Method Details
-
overrideDefaultStreamReadConstraints
public static void overrideDefaultStreamReadConstraints(StreamReadConstraints streamReadConstraints) Override the default StreamReadConstraints. These defaults are only used whenJsonFactoryinstances are not configured with their own StreamReadConstraints.Library maintainers should not set this as it will affect other code that uses Jackson. Library maintainers who want to configure StreamReadConstraints for the Jackson usage within their lib should create
ObjectMapperinstances that have aJsonFactoryinstance with the required StreamReadConstraints.This method is meant for users delivering applications. If they use this, they set it when they start their application to avoid having other code initialize their mappers before the defaults are overridden.
- Parameters:
streamReadConstraints- new default for StreamReadConstraints (a null value will reset to built-in default)- Since:
- v2.15.2
- See Also:
-
builder
-
defaults
- Returns:
- the default
StreamReadConstraints(when none is set on theJsonFactoryexplicitly) - See Also:
-
rebuild
- Returns:
- New
StreamReadConstraints.Builderinitialized with settings of this constraints instance
-
getMaxNestingDepth
public int getMaxNestingDepth()Accessor for maximum depth. seeStreamReadConstraints.Builder.maxNestingDepth(int)for details.- Returns:
- Maximum allowed depth
-
getMaxDocumentLength
public long getMaxDocumentLength()Accessor for maximum document length. seeStreamReadConstraints.Builder.maxDocumentLength(long)for details.- Returns:
- Maximum allowed depth
-
hasMaxDocumentLength
public boolean hasMaxDocumentLength()Convenience method, basically same as:getMaxDocumentLength() > 0L
- Returns:
Trueif this constraints instance has a limit for maximum document length to enforce;falseotherwise.
-
getMaxNumberLength
public int getMaxNumberLength()Accessor for maximum length of numbers to decode. seeStreamReadConstraints.Builder.maxNumberLength(int)for details.- Returns:
- Maximum allowed number length
-
getMaxStringLength
public int getMaxStringLength()Accessor for maximum length of strings to decode. seeStreamReadConstraints.Builder.maxStringLength(int)for details.- Returns:
- Maximum allowed string length
-
getMaxNameLength
public int getMaxNameLength()Accessor for maximum length of names to decode. seeStreamReadConstraints.Builder.maxNameLength(int)for details.- Returns:
- Maximum allowed name length
-
validateNestingDepth
Convenience method that can be used to verify that the nesting depth does not exceed the maximum specified by this constraints object: if it does, aStreamConstraintsExceptionis thrown.- Parameters:
depth- count of unclosed objects and arrays- Throws:
StreamConstraintsException- If depth exceeds maximum
-
validateDocumentLength
Convenience method that can be used to verify that the document length does not exceed the maximum specified by this constraints object (if any): if it does, aStreamConstraintsExceptionis thrown.- Parameters:
len- Current length of processed document content- Throws:
StreamConstraintsException- If length exceeds maximum- Since:
- 2.16
-
validateFPLength
Convenience method that can be used to verify that a floating-point number of specified length does not exceed maximum specified by this constraints object: if it does, aStreamConstraintsExceptionis thrown.- Parameters:
length- Length of number in input units- Throws:
StreamConstraintsException- If length exceeds maximum
-
validateIntegerLength
Convenience method that can be used to verify that an integer number of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsExceptionis thrown.- Parameters:
length- Length of number in input units- Throws:
StreamConstraintsException- If length exceeds maximum
-
validateStringLength
Convenience method that can be used to verify that a String of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsExceptionis thrown.- Parameters:
length- Length of string in input units- Throws:
StreamConstraintsException- If length exceeds maximum
-
validateNameLength
Convenience method that can be used to verify that a name of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsExceptionis thrown.- Parameters:
length- Length of name in input units- Throws:
StreamConstraintsException- If length exceeds maximum
-
validateBigIntegerScale
Convenience method that can be used to verify that a conversion toBigIntegerStreamConstraintsExceptionis thrown.- Parameters:
scale- Scale (possibly negative) ofBigDecimalto convert- Throws:
StreamConstraintsException- If magnitude (absolute value) of scale exceeds maximum allowed
-
_constructException
protected StreamConstraintsException _constructException(String msgTemplate, Object... args) throws StreamConstraintsException - Throws:
StreamConstraintsException
-
_constrainRef
-