Merge pull request #44 from csantero/invalid-json

add safeguards against invalid raw json strings

Author: SphtKr

JSONAPI.Tests/Data/MalformedRawJsonString.json

@@ -0,0 +1,12 @@
+{
+    "comments": [
+        {
+            "id": "5",
+            "body": null,
+            "customData": { },
+            "links": { 
+                "post":  null
+            }
+        }
+    ]
+}

JSONAPI.Tests/Data/ReformatsRawJsonStringWithUnquotedKeys.json

@@ -0,0 +1,14 @@
+{
+    "comments": [
+        {
+            "id": "5",
+            "body": null,
+            "customData": { 
+                "unquotedKey":  5
+            },
+            "links": {
+                "post": null
+            }
+        }
+    ]
+}

JSONAPI.Tests/JSONAPI.Tests.csproj

@@ -96,6 +96,12 @@
   </ItemGroup>
   <ItemGroup>
     <None Include="app.config" />
+    <None Include="Data\ReformatsRawJsonStringWithUnquotedKeys.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="Data\MalformedRawJsonString.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="Data\FormatterErrorSerializationTest.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

JSONAPI.Tests/Json/JsonApiMediaFormaterTests.cs

@@ -250,6 +250,44 @@ public void Serializes_attributes_properly()
             Assert.AreEqual(expected, output.Trim());
         }
 
+        [TestMethod]
+        [DeploymentItem(@"Data\ReformatsRawJsonStringWithUnquotedKeys.json")]
+        public void Reformats_raw_json_string_with_unquoted_keys()
+        {
+            // Arrange
+            JsonApiFormatter formatter = new JsonApiFormatter(new PluralizationService());
+            MemoryStream stream = new MemoryStream();
+
+            // Act
+            var payload = new [] { new Comment { Id = 5, CustomData = "{ unquotedKey: 5 }"}};
+            formatter.WriteToStreamAsync(typeof(Comment), payload, stream, null, null);
+
+            // Assert
+            var minifiedExpectedJson = JsonHelpers.MinifyJson(File.ReadAllText("ReformatsRawJsonStringWithUnquotedKeys.json"));
+            string output = System.Text.Encoding.ASCII.GetString(stream.ToArray());
+            Trace.WriteLine(output);
+            output.Should().Be(minifiedExpectedJson);
+        }
+
+        [TestMethod]
+        [DeploymentItem(@"Data\MalformedRawJsonString.json")]
+        public void Does_not_serialize_malformed_raw_json_string()
+        {
+            // Arrange
+            JsonApiFormatter formatter = new JsonApiFormatter(new PluralizationService());
+            MemoryStream stream = new MemoryStream();
+
+            // Act
+            var payload = new[] { new Comment { Id = 5, CustomData = "{ x }" } };
+            formatter.WriteToStreamAsync(typeof(Comment), payload, stream, null, null);
+
+            // Assert
+            var minifiedExpectedJson = JsonHelpers.MinifyJson(File.ReadAllText("MalformedRawJsonString.json"));
+            string output = System.Text.Encoding.ASCII.GetString(stream.ToArray());
+            Trace.WriteLine(output);
+            output.Should().Be(minifiedExpectedJson);
+        }
+
         [TestMethod]
         [DeploymentItem(@"Data\FormatterErrorSerializationTest.json")]
         public void Should_serialize_error()

JSONAPI/Json/JsonApiFormatter.cs

@@ -42,8 +42,11 @@ internal JsonApiFormatter(IModelManager modelManager, IErrorSerializer errorSeri
             _modelManager = modelManager;
             _errorSerializer = errorSerializer;
             SupportedMediaTypes.Add(new MediaTypeHeaderValue("application/vnd.api+json"));
+            ValidateRawJsonStrings = true;
         }
 
+        public bool ValidateRawJsonStrings { get; set; }
+
         [Obsolete("Use ModelManager.PluralizationService instead")]
         public IPluralizationService PluralizationService  //FIXME: Deprecated, will be removed shortly
         {
@@ -212,8 +215,21 @@ protected void Serialize(object value, Stream writeStream, JsonWriter writer, Js
                         }
                         else
                         {
-                            var minifiedValue = JsonHelpers.MinifyJson((string) propertyValue);
-                            writer.WriteRawValue(minifiedValue);
+                            var json = (string) propertyValue;
+                            if (ValidateRawJsonStrings)
+                            {
+                                try
+                                {
+                                    var token = JToken.Parse(json);
+                                    json = token.ToString();
+                                }
+                                catch (Exception)
+                                {
+                                    json = "{}";
+                                }
+                            }
+                            var valueToSerialize = JsonHelpers.MinifyJson(json);
+                            writer.WriteRawValue(valueToSerialize);
                         }
                     }
                     else