[java] Fail with JsonException when JsonOutput.MAX_DEPTH is reached (#12056)

joerg1985 · diemol · web-flow · commit b2f629d5c9c4 · 2023-05-18T15:11:54.000+02:00
Fail with JsonException when JsonOutput.MAX_DEPTH is reached

Co-authored-by: Diego Molina &lt;diemol@users.noreply.github.com&gt;
diff --git a/java/src/org/openqa/selenium/json/JsonOutput.java b/java/src/org/openqa/selenium/json/JsonOutput.java
@@ -174,6 +174,9 @@ public class JsonOutput implements Closeable {
     builder.put(
         Collection.class::isAssignableFrom,
         (obj, depth) -> {
+          if (depth < 1) {
+            throw new JsonException("Reached the maximum depth of " + MAX_DEPTH + " while writing JSON");
+          }
           beginArray();
           ((Collection<?>) obj)
               .stream()
@@ -185,6 +188,9 @@ public class JsonOutput implements Closeable {
     builder.put(
         Map.class::isAssignableFrom,
         (obj, depth) -> {
+          if (depth < 1) {
+            throw new JsonException("Reached the maximum depth of " + MAX_DEPTH + " while writing JSON");
+          }
           beginObject();
           ((Map<?, ?>) obj)
               .forEach(
@@ -199,6 +205,9 @@ public class JsonOutput implements Closeable {
     builder.put(
         Class::isArray,
         (obj, depth) -> {
+          if (depth < 1) {
+            throw new JsonException("Reached the maximum depth of " + MAX_DEPTH + " while writing JSON");
+          }
           beginArray();
           Stream.of((Object[]) obj)
               .filter(o -> (!(o instanceof Optional) || ((Optional<?>) o).isPresent()))
@@ -219,7 +228,12 @@ public class JsonOutput implements Closeable {
         });
 
     // Finally, attempt to convert as an object
-    builder.put(cls -> true, (obj, depth) -> mapObject(obj, depth - 1));
+    builder.put(cls -> true, (obj, depth) -> {
+      if (depth < 1) {
+        throw new JsonException("Reached the maximum depth of " + MAX_DEPTH + " while writing JSON");
+      }
+      mapObject(obj, depth - 1);
+    });
 
     this.converters = Collections.unmodifiableMap(builder);
   }
@@ -376,12 +390,7 @@ private JsonOutput convertUsingMethod(String methodName, Object toConvert, int d
     }
   }
 
-  private void mapObject(Object toConvert, int maxDepth) {
-    if (maxDepth < 1) {
-      append("null");
-      return;
-    }
-
+  private void mapObject(Object toConvert, int depthRemaining) {
     if (toConvert instanceof Class) {
       write(((Class<?>) toConvert).getName());
       return;
@@ -405,7 +414,7 @@ private void mapObject(Object toConvert, int maxDepth) {
       Object value = pd.getReadMethod().apply(toConvert);
       if (!Optional.empty().equals(value)) {
         name(pd.getName());
-        write(value, maxDepth - 1);
+        write(value, depthRemaining - 1);
       }
     }
     endObject();
diff --git a/java/test/org/openqa/selenium/json/JsonOutputTest.java b/java/test/org/openqa/selenium/json/JsonOutputTest.java
@@ -22,6 +22,7 @@
 import static java.util.Arrays.asList;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.emptyMap;
+import static java.util.Collections.singletonList;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -37,7 +38,6 @@
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonPrimitive;
-import java.awt.*;
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
@@ -62,6 +62,7 @@
 import org.openqa.selenium.ImmutableCapabilities;
 import org.openqa.selenium.MutableCapabilities;
 import org.openqa.selenium.Platform;
+import org.openqa.selenium.Point;
 import org.openqa.selenium.Proxy;
 import org.openqa.selenium.UnhandledAlertException;
 import org.openqa.selenium.WebDriverException;
@@ -717,6 +718,27 @@ public String getCheese() {
     assertThat(obj.get("cheese").getAsString()).isEqualTo("gouda");
   }
 
+  @Test
+  void shouldRespectMaxDepth() {
+    StringBuilder builder = new StringBuilder();
+
+    JsonOutput jsonOutput = new Json().newOutput(builder);
+    jsonOutput.beginArray();
+
+    Object value = emptyList();
+
+    for (int i = 0; i < 10; i++) {
+      jsonOutput.write(value);
+
+      value = singletonList(value);
+    }
+
+    Object finalValue = value;
+
+    assertThatExceptionOfType(JsonException.class)
+      .isThrownBy(() -> jsonOutput.write(finalValue));
+  }
+
   private String convert(Object toConvert) {
     try (Writer writer = new StringWriter();
         JsonOutput jsonOutput = new Json().newOutput(writer)) {
