This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch johnzon-1.2.x in repository https://gitbox.apache.org/repos/asf/johnzon.git
commit c64e3cc4e0ff22a75cc12b0ea15791feecfd5f72 Author: Jean-Louis Monteiro <jlmonte...@tomitribe.com> AuthorDate: Thu May 11 21:07:44 2023 +0200 feat(JOHNZON-397): allow to configure the scale limit for backward compatibility --- .../src/main/java/org/apache/johnzon/core/JsonNumberImpl.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java b/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java index 4609aceb..57db2ca1 100644 --- a/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java +++ b/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java @@ -26,6 +26,7 @@ import java.math.BigInteger; final class JsonNumberImpl implements JsonNumber, Serializable { private final BigDecimal value; private transient Integer hashCode = null; + private static final int MAX_BIG_DECIMAL_SCALE = toInt(System.getProperty("johnzon.max-big-decimal-scale", "1000")); JsonNumberImpl(final BigDecimal decimal) { if (decimal == null) { @@ -123,13 +124,17 @@ final class JsonNumberImpl implements JsonNumber, Serializable { private void checkBigDecimalScale() { // should be fine enough. Maybe we should externalize so users can pick something better if they need to // it becomes their responsibility to fix the limit and may expose them to a DoS attack - final int limit = 1_000; + final int limit = MAX_BIG_DECIMAL_SCALE; final int absScale = Math.abs(value.scale()); if (absScale > limit) { throw new ArithmeticException(String.format( - "BigDecimal scale (%d) magnitude exceeds maximum allowed (%d)", + "BigDecimal scale (%d) limit exceeds maximum allowed (%d)", value.scale(), limit)); } } + + private static Integer toInt(final Object v) { + return !Integer.class.isInstance(v) ? Integer.parseInt(v.toString()) : Integer.class.cast(v); + } }