Package com.fasterxml.jackson.core
Class StreamReadConstraints
- java.lang.Object
-
- com.fasterxml.jackson.core.StreamReadConstraints
-
- All Implemented Interfaces:
java.io.Serializable
public class StreamReadConstraints extends java.lang.Object implements java.io.Serializable
The constraints to use for streaming reads: used to guard against malicious input by preventing processing of "too big" input constructs (values, structures). Constraints are registered withTokenStreamFactory
(such asJsonFactory
); if nothing explicitly specified, default constraints are used.Currently constrained aspects, with default settings, are:
- Maximum Number value length: default 1000 (see
DEFAULT_MAX_NUM_LEN
) - Maximum String value length: default 20_000_000 (see
DEFAULT_MAX_STRING_LEN
) - Maximum Nesting depth: default 1000 (see
DEFAULT_MAX_DEPTH
)
- Since:
- 2.15
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
StreamReadConstraints.Builder
-
Field Summary
Fields Modifier and Type Field Description static int
DEFAULT_MAX_DEPTH
Default setting for maximum depth: seeStreamReadConstraints.Builder.maxNestingDepth(int)
for details.static int
DEFAULT_MAX_NUM_LEN
Default setting for maximum number length: seeStreamReadConstraints.Builder.maxNumberLength(int)
for details.static int
DEFAULT_MAX_STRING_LEN
Default setting for maximum string length: seeStreamReadConstraints.Builder.maxStringLength(int)
for details.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static StreamReadConstraints.Builder
builder()
static StreamReadConstraints
defaults()
int
getMaxNestingDepth()
Accessor for maximum depth.int
getMaxNumberLength()
Accessor for maximum length of numbers to decode.int
getMaxStringLength()
Accessor for maximum length of strings to decode.static void
overrideDefaultStreamReadConstraints(StreamReadConstraints streamReadConstraints)
Override the default StreamReadConstraints.StreamReadConstraints.Builder
rebuild()
void
validateBigIntegerScale(int scale)
Convenience method that can be used to verify that a conversion toBigInteger
StreamConstraintsException
is thrown.void
validateFPLength(int length)
Convenience method that can be used to verify that a floating-point number of specified length does not exceed maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.void
validateIntegerLength(int length)
Convenience method that can be used to verify that an integer number of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.void
validateNestingDepth(int depth)
Convenience method that can be used to verify that the nesting depth does not exceed the maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.void
validateStringLength(int length)
Convenience method that can be used to verify that a String of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.
-
-
-
Field Detail
-
DEFAULT_MAX_DEPTH
public static final int DEFAULT_MAX_DEPTH
Default setting for maximum depth: seeStreamReadConstraints.Builder.maxNestingDepth(int)
for details.- See Also:
- Constant Field Values
-
DEFAULT_MAX_NUM_LEN
public static final int DEFAULT_MAX_NUM_LEN
Default setting for maximum number length: seeStreamReadConstraints.Builder.maxNumberLength(int)
for details.- See Also:
- Constant Field Values
-
DEFAULT_MAX_STRING_LEN
public static final int DEFAULT_MAX_STRING_LEN
Default setting for maximum string length: seeStreamReadConstraints.Builder.maxStringLength(int)
for details.NOTE: Jackson 2.15.0 initially used a lower setting (5_000_000).
- See Also:
- Constant Field Values
-
-
Method Detail
-
overrideDefaultStreamReadConstraints
public static void overrideDefaultStreamReadConstraints(StreamReadConstraints streamReadConstraints)
Override the default StreamReadConstraints. These defaults are only used whenJsonFactory
instances are not configured with their own StreamReadConstraints.Library maintainers should not set this as it will affect other code that uses Jackson. Library maintainers who want to configure StreamReadConstraints for the Jackson usage within their lib should create
ObjectMapper
instances that have aJsonFactory
instance with the required StreamReadConstraints.This method is meant for users delivering applications. If they use this, they set it when they start their application to avoid having other code initialize their mappers before the defaults are overridden.
- Parameters:
streamReadConstraints
- new default for StreamReadConstraints (a null value will reset to built-in default)- Since:
- v2.15.2
- See Also:
defaults()
,builder()
-
builder
public static StreamReadConstraints.Builder builder()
-
defaults
public static StreamReadConstraints defaults()
- Returns:
- the default
StreamReadConstraints
(when none is set on theJsonFactory
explicitly) - See Also:
overrideDefaultStreamReadConstraints(com.fasterxml.jackson.core.StreamReadConstraints)
-
rebuild
public StreamReadConstraints.Builder rebuild()
- Returns:
- New
StreamReadConstraints.Builder
initialized with settings of this constraints instance
-
getMaxNestingDepth
public int getMaxNestingDepth()
Accessor for maximum depth. seeStreamReadConstraints.Builder.maxNestingDepth(int)
for details.- Returns:
- Maximum allowed depth
-
getMaxNumberLength
public int getMaxNumberLength()
Accessor for maximum length of numbers to decode. seeStreamReadConstraints.Builder.maxNumberLength(int)
for details.- Returns:
- Maximum allowed number length
-
getMaxStringLength
public int getMaxStringLength()
Accessor for maximum length of strings to decode. seeStreamReadConstraints.Builder.maxStringLength(int)
for details.- Returns:
- Maximum allowed string length
-
validateNestingDepth
public void validateNestingDepth(int depth) throws StreamConstraintsException
Convenience method that can be used to verify that the nesting depth does not exceed the maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
depth
- count of unclosed objects and arrays- Throws:
StreamConstraintsException
- If depth exceeds maximum
-
validateFPLength
public void validateFPLength(int length) throws StreamConstraintsException
Convenience method that can be used to verify that a floating-point number of specified length does not exceed maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
length
- Length of number in input units- Throws:
StreamConstraintsException
- If length exceeds maximum
-
validateIntegerLength
public void validateIntegerLength(int length) throws StreamConstraintsException
Convenience method that can be used to verify that an integer number of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
length
- Length of number in input units- Throws:
StreamConstraintsException
- If length exceeds maximum
-
validateStringLength
public void validateStringLength(int length) throws StreamConstraintsException
Convenience method that can be used to verify that a String of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
length
- Length of string in input units- Throws:
StreamConstraintsException
- If length exceeds maximum
-
validateBigIntegerScale
public void validateBigIntegerScale(int scale) throws StreamConstraintsException
Convenience method that can be used to verify that a conversion toBigInteger
StreamConstraintsException
is thrown.- Parameters:
scale
- Scale (possibly negative) ofBigDecimal
to convert- Throws:
StreamConstraintsException
- If magnitude (absolute value) of scale exceeds maximum allowed
-
-