From ed4d2a82b5e4be7dae75957c298a5d7d52b0548a Mon Sep 17 00:00:00 2001
From: Richard Startin <richard@startree.ai>
Date: Sun, 7 Nov 2021 15:46:32 +0000
Subject: [PATCH] prevent truncated subexpressions + misc code cleanup (#763)

---
 .../jsonpath/internal/path/PathCompiler.java  | 45 ++++++++++---------
 .../jsonpath/internal/function/Issue629.java  |  6 ++-
 2 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java b/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java
index d0af7c66..b7f4a91e 100644
--- a/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java
+++ b/json-path/src/main/java/com/jayway/jsonpath/internal/path/PathCompiler.java
@@ -72,8 +72,7 @@ public static Path compile(String path, final Predicate... filters) {
                 fail("Path must not end with a '.' or '..'");
             }
             LinkedList<Predicate> filterStack = new LinkedList<Predicate>(asList(filters));
-            Path p = new PathCompiler(ci, filterStack).compile();
-            return p;
+            return new PathCompiler(ci, filterStack).compile();
         } catch (Exception e) {
             InvalidPathException ipe;
             if (e instanceof InvalidPathException) {
@@ -135,21 +134,26 @@ private boolean readNextToken(PathTokenAppender appender) {
 
         switch (c) {
             case OPEN_SQUARE_BRACKET:
-                return readBracketPropertyToken(appender) ||
-                        readArrayToken(appender) ||
-                        readWildCardToken(appender) ||
-                        readFilterToken(appender) ||
-                        readPlaceholderToken(appender) ||
-                        fail("Could not parse token starting at position " + path.position() + ". Expected ?, ', 0-9, * ");
+                if (!readBracketPropertyToken(appender) && !readArrayToken(appender) && !readWildCardToken(appender)
+                    && !readFilterToken(appender) && !readPlaceholderToken(appender)) {
+                    fail("Could not parse token starting at position " + path.position() + ". Expected ?, ', 0-9, * ");
+                }
+                return true;
             case PERIOD:
-                return readDotToken(appender) ||
-                        fail("Could not parse token starting at position " + path.position());
+                if (!readDotToken(appender)) {
+                    fail("Could not parse token starting at position " + path.position());
+                }
+                return true;
             case WILDCARD:
-                return readWildCardToken(appender) ||
-                        fail("Could not parse token starting at position " + path.position());
+                if (!readWildCardToken(appender)) {
+                    fail("Could not parse token starting at position " + path.position());
+                }
+                return true;
             default:
-                return readPropertyOrFunctionToken(appender) ||
-                        fail("Could not parse token starting at position " + path.position());
+                if (!readPropertyOrFunctionToken(appender)) {
+                    fail("Could not parse token starting at position " + path.position());
+                }
+                return true;
         }
     }
 
@@ -286,8 +290,8 @@ private List<Parameter> parseFunctionParameters(String funcName) {
 
         // Parenthesis starts at 1 since we're marking the start of a function call, the close paren will denote the
         // last parameter boundary
-        Integer groupParen = 1, groupBracket = 0, groupBrace = 0, groupQuote = 0;
-        Boolean endOfStream = false;
+        int groupParen = 1, groupBracket = 0, groupBrace = 0, groupQuote = 0;
+        boolean endOfStream = false;
         char priorChar = 0;
         List<Parameter> parameters = new ArrayList<Parameter>();
         StringBuilder parameter = new StringBuilder();
@@ -312,9 +316,6 @@ else if (isPathContext(c)) {
             switch (c) {
                 case DOUBLE_QUOTE:
                     if (priorChar != '\\' && groupQuote > 0) {
-                        if (groupQuote == 0) {
-                            throw new InvalidPathException("Unexpected quote '\"' at character position: " + path.position());
-                        }
                         groupQuote--;
                     }
                     else {
@@ -349,7 +350,7 @@ else if (isPathContext(c)) {
                 case CLOSE_PARENTHESIS:
                     groupParen--;
                     //CS304 Issue link: https://github.com/json-path/JsonPath/issues/620
-                    if (0 > groupParen ) {
+                    if (0 > groupParen || priorChar == '(') {
                         parameter.append(c);
                     }
                 case COMMA:
@@ -367,7 +368,7 @@ else if (isPathContext(c)) {
                                     param = new Parameter(parameter.toString());
                                     break;
                                 case PATH:
-                                    LinkedList<Predicate> predicates = new LinkedList<Predicate>();
+                                    LinkedList<Predicate> predicates = new LinkedList<>();
                                     PathCompiler compiler = new PathCompiler(parameter.toString(), predicates);
                                     param = new Parameter(compiler.compile());
                                     break;
@@ -431,7 +432,7 @@ private boolean readPlaceholderToken(PathTokenAppender appender) {
 
         Collection<Predicate> predicates = new ArrayList<Predicate>();
         for (String token : tokens) {
-            token = token != null ? token.trim() : token;
+            token = token != null ? token.trim() : null;
             if (!"?".equals(token == null ? "" : token)) {
                 throw new InvalidPathException("Expected '?' but found " + token);
             }
diff --git a/json-path/src/test/java/com/jayway/jsonpath/internal/function/Issue629.java b/json-path/src/test/java/com/jayway/jsonpath/internal/function/Issue629.java
index b522c7d4..c1e18a33 100644
--- a/json-path/src/test/java/com/jayway/jsonpath/internal/function/Issue629.java
+++ b/json-path/src/test/java/com/jayway/jsonpath/internal/function/Issue629.java
@@ -6,13 +6,15 @@
 import java.io.IOException;
 
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
 
 public class Issue629 {
     @Test
     public void testUncloseParenthesis() throws IOException {
         try {
             JsonPath jsonPath = JsonPath.compile("$.A.B.C.D(");
-            assert(false);
+            fail("accepted jsonpath with unclosed parentheses");
         }
         catch (Exception e) {
             assertTrue(e.getMessage().startsWith("Arguments to function:"));
@@ -23,7 +25,7 @@ public void testUncloseParenthesis() throws IOException {
     public void testUncloseParenthesisWithNestedCall() throws IOException {
         try {
             JsonPath jsonPath = JsonPath.compile("$.A.B.C.sum(D()");
-            assert(false);
+            fail("accepted jsonpath with unclosed parentheses");
         }
         catch (Exception e) {
             assertTrue(e.getMessage().startsWith("Arguments to function:"));