Package com.fasterxml.jackson.core
Class StreamReadConstraints
- java.lang.Object
-
- com.fasterxml.jackson.core.StreamReadConstraints
-
- All Implemented Interfaces:
java.io.Serializable
public class StreamReadConstraints extends java.lang.Object implements java.io.Serializable
The constraints to use for streaming reads: used to guard against malicious input by preventing processing of "too big" input constructs (values, structures). Constraints are registered withTokenStreamFactory
(such asJsonFactory
); if nothing explicitly specified, default constraints are used.Currently constrained aspects, with default settings, are:
- Maximum Number value length: default 1000 (see
DEFAULT_MAX_NUM_LEN
) - Maximum String value length: default 20_000_000 (see
DEFAULT_MAX_STRING_LEN
) - Maximum Property name length: default 50_000 (see
DEFAULT_MAX_NAME_LEN
) - Maximum Nesting depth: default 1000 (see
DEFAULT_MAX_DEPTH
) - Maximum Document length: default
unlimited
(coded as-1
, (seeDEFAULT_MAX_DOC_LEN
)
- Since:
- 2.15
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
StreamReadConstraints.Builder
-
Field Summary
Fields Modifier and Type Field Description static int
DEFAULT_MAX_DEPTH
Default setting for maximum depth: seeStreamReadConstraints.Builder.maxNestingDepth(int)
for details.static long
DEFAULT_MAX_DOC_LEN
Default setting for maximum document length: seeStreamReadConstraints.Builder.maxDocumentLength(long)
for details.static int
DEFAULT_MAX_NAME_LEN
Default setting for maximum name length: seeStreamReadConstraints.Builder.maxNameLength(int)
for details.static int
DEFAULT_MAX_NUM_LEN
static int
DEFAULT_MAX_STRING_LEN
Default setting for maximum string length: seeStreamReadConstraints.Builder.maxStringLength(int)
for details.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static StreamReadConstraints.Builder
builder()
static StreamReadConstraints
defaults()
long
getMaxDocumentLength()
Accessor for maximum document length.int
getMaxNameLength()
Accessor for maximum length of names to decode.int
getMaxNestingDepth()
Accessor for maximum depth.int
getMaxNumberLength()
Accessor for maximum length of numbers to decode.int
getMaxStringLength()
Accessor for maximum length of strings to decode.boolean
hasMaxDocumentLength()
Convenience method, basically same as:static void
overrideDefaultStreamReadConstraints(StreamReadConstraints streamReadConstraints)
Override the default StreamReadConstraints.StreamReadConstraints.Builder
rebuild()
void
validateBigIntegerScale(int scale)
Convenience method that can be used to verify that a conversion toBigInteger
StreamConstraintsException
is thrown.void
validateDocumentLength(long len)
Convenience method that can be used to verify that the document length does not exceed the maximum specified by this constraints object (if any): if it does, aStreamConstraintsException
is thrown.void
validateFPLength(int length)
Convenience method that can be used to verify that a floating-point number of specified length does not exceed maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.void
validateIntegerLength(int length)
Convenience method that can be used to verify that an integer number of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.void
validateNameLength(int length)
Convenience method that can be used to verify that a name of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.void
validateNestingDepth(int depth)
Convenience method that can be used to verify that the nesting depth does not exceed the maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.void
validateStringLength(int length)
Convenience method that can be used to verify that a String of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.
-
-
-
Field Detail
-
DEFAULT_MAX_DEPTH
public static final int DEFAULT_MAX_DEPTH
Default setting for maximum depth: seeStreamReadConstraints.Builder.maxNestingDepth(int)
for details.- See Also:
- Constant Field Values
-
DEFAULT_MAX_DOC_LEN
public static final long DEFAULT_MAX_DOC_LEN
Default setting for maximum document length: seeStreamReadConstraints.Builder.maxDocumentLength(long)
for details.- See Also:
- Constant Field Values
-
DEFAULT_MAX_NUM_LEN
public static final int DEFAULT_MAX_NUM_LEN
- Since:
- 2.16
- See Also:
- Constant Field Values
-
DEFAULT_MAX_STRING_LEN
public static final int DEFAULT_MAX_STRING_LEN
Default setting for maximum string length: seeStreamReadConstraints.Builder.maxStringLength(int)
for details.NOTE: Jackson 2.15.0 initially used a lower setting (5_000_000).
- See Also:
- Constant Field Values
-
DEFAULT_MAX_NAME_LEN
public static final int DEFAULT_MAX_NAME_LEN
Default setting for maximum name length: seeStreamReadConstraints.Builder.maxNameLength(int)
for details.- Since:
- 2.16
- See Also:
- Constant Field Values
-
-
Method Detail
-
overrideDefaultStreamReadConstraints
public static void overrideDefaultStreamReadConstraints(StreamReadConstraints streamReadConstraints)
Override the default StreamReadConstraints. These defaults are only used whenJsonFactory
instances are not configured with their own StreamReadConstraints.Library maintainers should not set this as it will affect other code that uses Jackson. Library maintainers who want to configure StreamReadConstraints for the Jackson usage within their lib should create
ObjectMapper
instances that have aJsonFactory
instance with the required StreamReadConstraints.This method is meant for users delivering applications. If they use this, they set it when they start their application to avoid having other code initialize their mappers before the defaults are overridden.
- Parameters:
streamReadConstraints
- new default for StreamReadConstraints (a null value will reset to built-in default)- Since:
- v2.15.2
- See Also:
defaults()
,builder()
-
builder
public static StreamReadConstraints.Builder builder()
-
defaults
public static StreamReadConstraints defaults()
- Returns:
- the default
StreamReadConstraints
(when none is set on theJsonFactory
explicitly) - See Also:
overrideDefaultStreamReadConstraints(com.fasterxml.jackson.core.StreamReadConstraints)
-
rebuild
public StreamReadConstraints.Builder rebuild()
- Returns:
- New
StreamReadConstraints.Builder
initialized with settings of this constraints instance
-
getMaxNestingDepth
public int getMaxNestingDepth()
Accessor for maximum depth. seeStreamReadConstraints.Builder.maxNestingDepth(int)
for details.- Returns:
- Maximum allowed depth
-
getMaxDocumentLength
public long getMaxDocumentLength()
Accessor for maximum document length. seeStreamReadConstraints.Builder.maxDocumentLength(long)
for details.- Returns:
- Maximum allowed depth
-
hasMaxDocumentLength
public boolean hasMaxDocumentLength()
Convenience method, basically same as:getMaxDocumentLength() > 0L
- Returns:
True
if this constraints instance has a limit for maximum document length to enforce;false
otherwise.
-
getMaxNumberLength
public int getMaxNumberLength()
Accessor for maximum length of numbers to decode. seeStreamReadConstraints.Builder.maxNumberLength(int)
for details.- Returns:
- Maximum allowed number length
-
getMaxStringLength
public int getMaxStringLength()
Accessor for maximum length of strings to decode. seeStreamReadConstraints.Builder.maxStringLength(int)
for details.- Returns:
- Maximum allowed string length
-
getMaxNameLength
public int getMaxNameLength()
Accessor for maximum length of names to decode. seeStreamReadConstraints.Builder.maxNameLength(int)
for details.- Returns:
- Maximum allowed name length
-
validateNestingDepth
public void validateNestingDepth(int depth) throws StreamConstraintsException
Convenience method that can be used to verify that the nesting depth does not exceed the maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
depth
- count of unclosed objects and arrays- Throws:
StreamConstraintsException
- If depth exceeds maximum
-
validateDocumentLength
public void validateDocumentLength(long len) throws StreamConstraintsException
Convenience method that can be used to verify that the document length does not exceed the maximum specified by this constraints object (if any): if it does, aStreamConstraintsException
is thrown.- Parameters:
len
- Current length of processed document content- Throws:
StreamConstraintsException
- If length exceeds maximum- Since:
- 2.16
-
validateFPLength
public void validateFPLength(int length) throws StreamConstraintsException
Convenience method that can be used to verify that a floating-point number of specified length does not exceed maximum specified by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
length
- Length of number in input units- Throws:
StreamConstraintsException
- If length exceeds maximum
-
validateIntegerLength
public void validateIntegerLength(int length) throws StreamConstraintsException
Convenience method that can be used to verify that an integer number of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
length
- Length of number in input units- Throws:
StreamConstraintsException
- If length exceeds maximum
-
validateStringLength
public void validateStringLength(int length) throws StreamConstraintsException
Convenience method that can be used to verify that a String of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
length
- Length of string in input units- Throws:
StreamConstraintsException
- If length exceeds maximum
-
validateNameLength
public void validateNameLength(int length) throws StreamConstraintsException
Convenience method that can be used to verify that a name of specified length does not exceed maximum specific by this constraints object: if it does, aStreamConstraintsException
is thrown.- Parameters:
length
- Length of name in input units- Throws:
StreamConstraintsException
- If length exceeds maximum
-
validateBigIntegerScale
public void validateBigIntegerScale(int scale) throws StreamConstraintsException
Convenience method that can be used to verify that a conversion toBigInteger
StreamConstraintsException
is thrown.- Parameters:
scale
- Scale (possibly negative) ofBigDecimal
to convert- Throws:
StreamConstraintsException
- If magnitude (absolute value) of scale exceeds maximum allowed
-
-