Package: jq
Version: 1.5+dfsg-2
Severity: important
Tags: upstream

jq silently accepts illegal JSON:

tglase@tglase:~ $ jq <<<'[0,01,2]'
[
  0,
  1,
  2
]
tglase@tglase:~ $ jsn <<<'[0,01,2]'
JSON decoding of input failed: {
  "input": "[0,01,2]\n",
  "message": "missing comma in Array at offset 0x4"
}

A Number may not have a leading zero. Secondary reference:
http://www.json.org/JSON_checker/test.zip

-- System Information:
Debian Release: buster/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.12.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages jq depends on:
ii  libc6     2.24-17
ii  libjq1    1.5+dfsg-2
ii  libonig4  6.6.1-1

jq recommends no packages.

jq suggests no packages.

-- no debconf information

Reply via email to