[johnzon] 03/11: feat(JOHNZON-397): allow to configure the scale limit for backward compatibility

Mon, 22 May 2023 02:07:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

jlmonteiro pushed a commit to branch johnzon-1.2.x
in repository https://gitbox.apache.org/repos/asf/johnzon.git

commit c64e3cc4e0ff22a75cc12b0ea15791feecfd5f72
Author: Jean-Louis Monteiro <jlmonte...@tomitribe.com>
AuthorDate: Thu May 11 21:07:44 2023 +0200

    feat(JOHNZON-397): allow to configure the scale limit for backward 
compatibility
---
 .../src/main/java/org/apache/johnzon/core/JsonNumberImpl.java    | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git 
a/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java 
b/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java
index 4609aceb..57db2ca1 100644
--- a/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java
+++ b/johnzon-core/src/main/java/org/apache/johnzon/core/JsonNumberImpl.java
@@ -26,6 +26,7 @@ import java.math.BigInteger;
 final class JsonNumberImpl implements JsonNumber, Serializable {
     private final BigDecimal value;
     private transient Integer hashCode = null;
+    private static final int MAX_BIG_DECIMAL_SCALE = 
toInt(System.getProperty("johnzon.max-big-decimal-scale", "1000"));
 
     JsonNumberImpl(final BigDecimal decimal) {
         if (decimal == null) {
@@ -123,13 +124,17 @@ final class JsonNumberImpl implements JsonNumber, 
Serializable {
     private void checkBigDecimalScale() {
         // should be fine enough. Maybe we should externalize so users can 
pick something better if they need to
         // it becomes their responsibility to fix the limit and may expose 
them to a DoS attack
-        final int limit = 1_000;
+        final int limit = MAX_BIG_DECIMAL_SCALE;
         final int absScale = Math.abs(value.scale());
 
         if (absScale > limit) {
             throw new ArithmeticException(String.format(
-                "BigDecimal scale (%d) magnitude exceeds maximum allowed (%d)",
+                "BigDecimal scale (%d) limit exceeds maximum allowed (%d)",
                 value.scale(), limit));
         }
     }
+
+    private static Integer toInt(final Object v) {
+        return !Integer.class.isInstance(v) ? Integer.parseInt(v.toString()) : 
Integer.class.cast(v);
+    }
 }

Reply via email to