Hardens json parser (openzipkin#1691)

adriancole · web-flow · commit 6e6a080bea86 · 2017-08-14T14:04:14.000+08:00
[go-swagger](https://github.com/go-swagger/go-swagger) initializes some fields to null. This ensures null fields don't break parsing.
diff --git a/zipkin/src/main/java/zipkin/internal/Span2JsonCodec.java b/zipkin/src/main/java/zipkin/internal/Span2JsonCodec.java
@@ -66,21 +66,29 @@ static final class SimpleSpanReader implements JsonReaderAdapter<Span2> {
         String nextName = reader.nextName();
         if (nextName.equals("traceId")) {
           builder.traceId(reader.nextString());
-        } else if (nextName.equals("parentId") && reader.peek() != JsonToken.NULL) {
-          builder.parentId(reader.nextString());
+          continue;
         } else if (nextName.equals("id")) {
           builder.id(reader.nextString());
+          continue;
+        } else if (reader.peek() == JsonToken.NULL) {
+          reader.skipValue();
+          continue;
+        }
+
+        // read any optional fields
+        if (nextName.equals("parentId")) {
+          builder.parentId(reader.nextString());
         } else if (nextName.equals("kind")) {
           builder.kind(Span2.Kind.valueOf(reader.nextString()));
-        } else if (nextName.equals("name") && reader.peek() != JsonToken.NULL) {
+        } else if (nextName.equals("name")) {
           builder.name(reader.nextString());
-        } else if (nextName.equals("timestamp") && reader.peek() != JsonToken.NULL) {
+        } else if (nextName.equals("timestamp")) {
           builder.timestamp(reader.nextLong());
-        } else if (nextName.equals("duration") && reader.peek() != JsonToken.NULL) {
+        } else if (nextName.equals("duration")) {
           builder.duration(reader.nextLong());
-        } else if (nextName.equals("localEndpoint") && reader.peek() != JsonToken.NULL) {
+        } else if (nextName.equals("localEndpoint")) {
           builder.localEndpoint(ENDPOINT_READER.fromJson(reader));
-        } else if (nextName.equals("remoteEndpoint") && reader.peek() != JsonToken.NULL) {
+        } else if (nextName.equals("remoteEndpoint")) {
           builder.remoteEndpoint(ENDPOINT_READER.fromJson(reader));
         } else if (nextName.equals("annotations")) {
           reader.beginArray();
@@ -98,8 +106,11 @@ static final class SimpleSpanReader implements JsonReaderAdapter<Span2> {
                 reader.skipValue();
               }
             }
+            if (timestamp == null || value == null) {
+              throw new MalformedJsonException("Incomplete annotation at " + reader.getPath());
+            }
             reader.endObject();
-            if (timestamp != null && value != null) builder.addAnnotation(timestamp, value);
+            builder.addAnnotation(timestamp, value);
           }
           reader.endArray();
         } else if (nextName.equals("tags")) {
@@ -112,9 +123,9 @@ static final class SimpleSpanReader implements JsonReaderAdapter<Span2> {
             builder.putTag(key, reader.nextString());
           }
           reader.endObject();
-        } else if (nextName.equals("debug") && reader.peek() != JsonToken.NULL) {
+        } else if (nextName.equals("debug")) {
           if (reader.nextBoolean()) builder.debug(true);
-        } else if (nextName.equals("shared") && reader.peek() != JsonToken.NULL) {
+        } else if (nextName.equals("shared")) {
           if (reader.nextBoolean()) builder.shared(true);
         } else {
           reader.skipValue();
@@ -132,19 +143,28 @@ static final class SimpleSpanReader implements JsonReaderAdapter<Span2> {
   static final JsonReaderAdapter<Endpoint> ENDPOINT_READER = reader -> {
     Endpoint.Builder result = Endpoint.builder().serviceName("");
     reader.beginObject();
+    boolean readField = false;
     while (reader.hasNext()) {
       String nextName = reader.nextName();
-      if (nextName.equals("serviceName") && reader.peek() != JsonToken.NULL) {
+      if (reader.peek() == JsonToken.NULL) {
+        reader.skipValue();
+        continue;
+      }
+      if (nextName.equals("serviceName")) {
         result.serviceName(reader.nextString());
+        readField = true;
       } else if (nextName.equals("ipv4") || nextName.equals("ipv6")) {
         result.parseIp(reader.nextString());
+        readField = true;
       } else if (nextName.equals("port")) {
         result.port(reader.nextInt());
+        readField = true;
       } else {
         reader.skipValue();
       }
     }
     reader.endObject();
+    if (!readField) throw new MalformedJsonException("Empty endpoint at " + reader.getPath());
     return result.build();
   };
 
diff --git a/zipkin/src/test/java/zipkin/internal/Span2JsonCodecTest.java b/zipkin/src/test/java/zipkin/internal/Span2JsonCodecTest.java
@@ -106,7 +106,7 @@ public class Span2JsonCodecTest {
       .isEqualTo(worstSpanInTheWorld);
   }
 
-  @Test public void niceErrorOnUppercaseTraceId() {
+  @Test public void niceErrorOnUppercase_traceId() {
     thrown.expect(IllegalArgumentException.class);
     thrown.expectMessage(
       "48485A3953BB6124 should be a 1 to 32 character lower-hex string with no prefix");
@@ -120,21 +120,21 @@ public class Span2JsonCodecTest {
     codec.readSpan(json.getBytes(UTF_8));
   }
 
-  @Test public void decentErrorMessageOnEmptyInput_span() throws IOException {
+  @Test public void niceErrorOnEmpty_inputSpan() throws IOException {
     thrown.expect(IllegalArgumentException.class);
     thrown.expectMessage("Empty input reading Span2");
 
     codec.readSpan(new byte[0]);
   }
 
-  @Test public void decentErrorMessageOnEmptyInput_spans() throws IOException {
+  @Test public void niceErrorOnEmpty_inputSpans() throws IOException {
     thrown.expect(IllegalArgumentException.class);
     thrown.expectMessage("Empty input reading List<Span2>");
 
     codec.readSpans(new byte[0]);
   }
 
-  @Test public void decentErrorMessageOnMalformedInput_span() throws IOException {
+  @Test public void niceErrorOnMalformed_inputSpan() throws IOException {
     thrown.expect(IllegalArgumentException.class);
     thrown.expectMessage("Malformed reading Span2 from ");
 
@@ -144,7 +144,7 @@ public class Span2JsonCodecTest {
   /**
    * Particulary, thrift can mistake malformed content as a huge list. Let's not blow up.
    */
-  @Test public void decentErrorMessageOnMalformedInput_spans() throws IOException {
+  @Test public void niceErrorOnMalformed_inputSpans() throws IOException {
     thrown.expect(IllegalArgumentException.class);
     thrown.expectMessage("Malformed reading List<Span2> from ");
 
@@ -187,78 +187,71 @@ public class Span2JsonCodecTest {
         .traceIdHigh(Util.lowerHexToUnsignedLong("48485a3953bb6124")).build());
   }
 
-  @Test public void ignoreNull_parentId() {
+  @Test public void ignoresNull_topLevelFields() {
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
-      + "  \"name\": \"get-traces\",\n"
+      + "  \"parentId\": null,\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"parentId\": null\n"
-      + "}";
-
-    codec.readSpan(json.getBytes(UTF_8));
-  }
-
-  @Test public void ignoreNull_timestamp() {
-    String json = "{\n"
-      + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
-      + "  \"name\": \"get-traces\",\n"
-      + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"timestamp\": null\n"
+      + "  \"name\": null,\n"
+      + "  \"timestamp\": null,\n"
+      + "  \"duration\": null,\n"
+      + "  \"localEndpoint\": null,\n"
+      + "  \"remoteEndpoint\": null,\n"
+      + "  \"annotations\": null,\n"
+      + "  \"tags\": null,\n"
+      + "  \"debug\": null,\n"
+      + "  \"shared\": null\n"
       + "}";
 
     codec.readSpan(json.getBytes(UTF_8));
   }
 
-  @Test public void ignoreNull_duration() {
+  @Test public void ignoresNull_endpoint_topLevelFields() {
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
       + "  \"name\": \"get-traces\",\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"duration\": null\n"
+      + "  \"localEndpoint\": {\n"
+      + "    \"serviceName\": null,\n"
+      + "    \"ipv4\": \"127.0.0.1\",\n"
+      + "    \"ipv6\": null,\n"
+      + "    \"port\": null\n"
+      + "  }\n"
       + "}";
 
-    codec.readSpan(json.getBytes(UTF_8));
+    assertThat(codec.readSpan(json.getBytes(UTF_8)).localEndpoint())
+      .isEqualTo(Endpoint.create("", 127 << 24 | 1));
   }
 
-  @Test public void ignoreNull_debug() {
-    String json = "{\n"
-      + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
-      + "  \"name\": \"get-traces\",\n"
-      + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"debug\": null\n"
-      + "}";
-
-    codec.readSpan(json.getBytes(UTF_8));
-  }
+  @Test public void niceErrorOnIncomplete_endpoint() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("Empty endpoint at $.localEndpoint reading Span2 from json");
 
-  @Test public void ignoreNull_shared() {
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
       + "  \"name\": \"get-traces\",\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"shared\": null\n"
+      + "  \"localEndpoint\": {\n"
+      + "    \"serviceName\": null,\n"
+      + "    \"ipv4\": null,\n"
+      + "    \"ipv6\": null,\n"
+      + "    \"port\": null\n"
+      + "  }\n"
       + "}";
-
     codec.readSpan(json.getBytes(UTF_8));
   }
 
-  @Test public void ignoreNull_localEndpoint() {
-    String json = "{\n"
-      + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
-      + "  \"name\": \"get-traces\",\n"
-      + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"localEndpoint\": null\n"
-      + "}";
-
-    codec.readSpan(json.getBytes(UTF_8));
-  }
+  @Test public void niceErrorOnIncomplete_annotation() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("Incomplete annotation at $.annotations[0]");
 
-  @Test public void ignoreNull_remoteEndpoint() {
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
       + "  \"name\": \"get-traces\",\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"remoteEndpoint\": null\n"
+      + "  \"annotations\": [\n"
+      + "    { \"timestamp\": 1472470996199000}\n"
+      + "  ]\n"
       + "}";
 
     codec.readSpan(json.getBytes(UTF_8));
@@ -290,7 +283,7 @@ public class Span2JsonCodecTest {
     codec.readSpan(json.getBytes(UTF_8));
   }
 
-  @Test public void missingValue() {
+  @Test public void niceErrorOnNull_tagValue() {
     thrown.expect(IllegalArgumentException.class);
     thrown.expectMessage("No value at $.tags.foo");
 
@@ -306,56 +299,58 @@ public class Span2JsonCodecTest {
     codec.readSpan(json.getBytes(UTF_8));
   }
 
-  @Test public void readSpan_localEndpoint_noServiceName() {
+  @Test public void niceErrorOnNull_annotationValue() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("$.annotations[0].value");
+
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
       + "  \"name\": \"get-traces\",\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"localEndpoint\": {\n"
-      + "    \"ipv4\": \"127.0.0.1\"\n"
-      + "  }\n"
+      + "  \"annotations\": [\n"
+      + "    { \"timestamp\": 1472470996199000, \"value\": NULL}\n"
+      + "  ]\n"
       + "}";
 
-    assertThat(codec.readSpan(json.getBytes(UTF_8)).localEndpoint())
-      .isEqualTo(Endpoint.create("", 127 << 24 | 1));
+    codec.readSpan(json.getBytes(UTF_8));
   }
 
-  @Test public void readSpan_localEndpoint_nullServiceName() {
+  @Test public void niceErrorOnNull_annotationTimestamp() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("$.annotations[0].timestamp");
+
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
       + "  \"name\": \"get-traces\",\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"localEndpoint\": {\n"
-      + "    \"serviceName\": null,\n"
-      + "    \"ipv4\": \"127.0.0.1\"\n"
-      + "  }\n"
+      + "  \"annotations\": [\n"
+      + "    { \"timestamp\": NULL, \"value\": \"foo\"}\n"
+      + "  ]\n"
       + "}";
 
-    assertThat(codec.readSpan(json.getBytes(UTF_8)).localEndpoint())
-      .isEqualTo(Endpoint.create("", 127 << 24 | 1));
+    codec.readSpan(json.getBytes(UTF_8));
   }
 
-  @Test public void readSpan_remoteEndpoint_noServiceName() {
+  @Test public void readSpan_localEndpoint_noServiceName() {
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
       + "  \"name\": \"get-traces\",\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
-      + "  \"remoteEndpoint\": {\n"
+      + "  \"localEndpoint\": {\n"
       + "    \"ipv4\": \"127.0.0.1\"\n"
       + "  }\n"
       + "}";
 
-    assertThat(codec.readSpan(json.getBytes(UTF_8)).remoteEndpoint())
+    assertThat(codec.readSpan(json.getBytes(UTF_8)).localEndpoint())
       .isEqualTo(Endpoint.create("", 127 << 24 | 1));
   }
 
-  @Test public void readSpan_remoteEndpoint_nullServiceName() {
+  @Test public void readSpan_remoteEndpoint_noServiceName() {
     String json = "{\n"
       + "  \"traceId\": \"6b221d5bc9e6496c\",\n"
       + "  \"name\": \"get-traces\",\n"
       + "  \"id\": \"6b221d5bc9e6496c\",\n"
       + "  \"remoteEndpoint\": {\n"
-      + "    \"serviceName\": null,\n"
       + "    \"ipv4\": \"127.0.0.1\"\n"
       + "  }\n"
       + "}";
