Re: Maximum nesting level limit and efficiency (Re: json-stream-read should validate json too) Duy Nguyen 24 Jan 2020 01:38 UTC

On Fri, Jan 24, 2020 at 1:54 AM Amirouche Boubekki
<xxxxxx@gmail.com> wrote:
>
> > to stay safe, it must have nesting level limit.
>
> I agree with my past self.
>
> I am testing json-fold.  The following test file:
>
>   $ wc -c files/n_structure_open_array_object.json
>   250001 files/n_structure_open_array_object.json
>
> Put the library under heavy pressure. The JSON file is invalid because
> it does not close the arrays and objects it opens. It does NOT crash
> the interpreter but the doom of a DOS is looming Earth Scheme software
> systems!
>
> The implementation in master is much much faster but still it would be
> noticeable and can in heavy workloads inflict performance problems.
>
> That is why, I would prefer to add a parameter json-max-nesting-level
> that would be 42 by default. Regarding the test suite, there is  at

Arbitrary limits like this are not a good thing. You never know if
people have a valid use case for 43 levels and are bitten by it. I
would prefer a more composable approach, if you want nesting limit,
you can just stack it on top (this assumes streaming parser, because
we have little control over the other one).
--
Duy