New patches: [add test op to cl-json rpgoldman@sift.info**20100102211745 Made it easier to test cl-json by adding an asdf test-op to the asdf system definition, and providing a PERFORM method for it. Now one can simply say (asdf:oos 'asdf:test-op :cl-json) to load the system and run the FiveAM based tests. ] { hunk ./cl-json.asd 26 + :in-order-to ((test-op (test-op "cl-json.test"))) hunk ./cl-json.asd 41 + ;; newer ASDF versions have this implicitly, but I know of no good way to detect this. [2010/01/02:rpg] + :in-order-to ((test-op (load-op "cl-json.test"))) hunk ./cl-json.asd 50 +(defmethod perform ((op test-op) (c (eql (find-system :cl-json.test)))) + (funcall (intern (symbol-name '#:run!) :it.bese.FiveAM) + (intern (symbol-name '#:json) :json-test))) + + } [revise json file loading for tests rpgoldman@sift.info**20100102214917 With asdf-binary-locations on, as it will be in new versions of ASDF, it is no longer possible to use load-pathname or load-truename to find files from loaded binaries. In the general case, binaries may not be located in the same directory as the source files from which they are compiled. We avoid this problem by caching the value of *load-truename* inside code that is run in the .asd file, and then referring to it later on. The *load-truename* of the .asd file will remain constant. ] { hunk ./cl-json.asd 53 + +(defparameter *cl-json-directory* (make-pathname :directory (pathname-directory *load-truename*))) + +(defmethod perform :after ((op load-op) (comp (eql (find-system :cl-json.test)))) + (eval `(setf ,(intern (symbol-name '#:*json-test-files-path*) :json-test) + (merge-pathnames "t/" *cl-json-directory*)))) + + hunk ./t/testdecoder.lisp 169 -An attack could exploit this by submitting something that is passed +An attack could exploit this by submitting something that is passed hunk ./t/testdecoder.lisp 247 - (is (= (decode-json-from-string "-2.3e3") -2.3e3)) + (is (= (decode-json-from-string "-2.3e3") -2.3e3)) hunk ./t/testdecoder.lisp 249 - (is (= (decode-json-from-string "3e4") 3e4)) + (is (= (decode-json-from-string "3e4") 3e4)) hunk ./t/testdecoder.lisp 269 -(defparameter *json-test-files-path* *load-pathname*) +(defvar *json-test-files-path*) hunk ./t/testdecoder.lisp 307 - (is-true t) - (5am:signals error + (is-true t) + (5am:signals error hunk ./t/testdecoder.lisp 317 -(test decoder-performance +(test decoder-performance hunk ./t/testdecoder.lisp 323 - (dotimes (x count) + (dotimes (x count) hunk ./t/testdecoder.lisp 338 - (dotimes (x count) + (dotimes (x count) hunk ./t/testdecoder.lisp 353 -;; (dotimes (x count) +;; (dotimes (x count) } Context: [Doc add info about the known bug json-bind-in-bind Henrik Hjelte **20091202132732 Ignore-this: b92b3c9703303475dcbce97aff3dee09 ] [comment in doc about new encoder Henrik Hjelte **20091202125416 Ignore-this: f7692a5e60ad7d4ea71264847566341e ] [Feature to turn off clos Henrik Hjelte**20091012232210 Ignore-this: 5d9ff167ffa4ed5b91b0e934362def3e ] [testcase for a bug with nested json-bind Henrik Hjelte **20091009190902 Ignore-this: 4905daaa94ef2e2604df5de6bb092c64 ] [explict decoder can handle null values as well Henrik Hjelte **20091009190817 Ignore-this: 9beb1705b45b3692776de2f3731112b7 ] [Now you can select encoder for json-rpc, streaming guessing or explicit Henrik Hjelte **20091009145907 Ignore-this: 360302b256b196d7186d7b1bbc6384d2 ] [new encoder: the explicit encoder, the old one now named guessing-encoder. Henrik Hjelte **20091009032101 Ignore-this: 555b36f352707e7baec21f2638f60d0b With testcases. ] [Don't use with-substitute-printed-representation-restart inside encode-json Henrik Hjelte **20091009021546 Ignore-this: 50a860841d16fc5333f17b6392c006f6 beacuse it establishes a new restart for every recursion. My top count was 8000+ restarts. Instead, export it and let the user use it outside any encode-json calls if he or she wants it. ] [allow embedded nil in encode-json-alist Henrik Hjelte **20091009015850 Ignore-this: 1e809eead41e2f6bc8d1e3e490c80cfe ] [kill-yank decoder-performance-with simplifed-camel-case Henrik Hjelte **20090810191200 Ignore-this: bbaab17c2f5c0d09fe96cde11e2b9e1b ] [docs added info about new things in version history Henrik Hjelte **20090810185953 Ignore-this: 7979e4788b9459bcfe03dd506e4a8f6a ] [docs added info about simplified-camel-case-to-lisp Henrik Hjelte **20090810185705 Ignore-this: b36c062ffe85417b49022e6965862d46 ] [docs comment about safe-json-intern in Security considerations section Henrik Hjelte **20090810185540 Ignore-this: 4b55104417e786b43eb5fc0146ad6636 ] [added Leslie. P Polzer and Red Daly to contributors Henrik Hjelte **20090810175728 Ignore-this: 8cf5258eb91b9f6e95f8636616255889 ] [simplified-camel-case by Leslie P. Polzer Henrik Hjelte **20090810175353 Ignore-this: 8d2d1d112d69b0abfe2194010da5cc35 ] [safe-json-intern a version that does not intern. Henrik Hjelte **20090810134132 Ignore-this: 44ab030099e2258d7acb37b647911fe4 The default json-intern is not safe (spotted by Red Daly). Interns of many unique symbols could potentially use a lot of memory. An attack could exploit this by submitting something that is passed through cl-json that has many very large, unique symbols. This version is safe in that respect because it only allows symbols that already exists. ] [From Red Daly, *identifier-name-to-key* Henrik Hjelte **20090810130334 Ignore-this: a4a08ed5960fb2417c584d6a86277291 ] [Removed unused li from html doc Henrik Hjelte **20090525202150 Ignore-this: cb45eef6e051c10793826ebadeb50544 ] [TAG 0.4.0 henrik@evahjelte.com**20090525190005 Ignore-this: cb4f0fc56b8bfd3d1e46dd9257ae4e3a ] Patch bundle hash: 08be140ac2ee1e1b8b92c788a265f2b3b4f5a7a3