mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-10-27 06:31:23 +01:00
Code Issues Projects Releases Wiki Activity

DOC: config: clarify some known limitations of the json_query() converter

Browse Source 
Oula Kivalo reported that different JSON libraries may process duplicate
keys differently and that most JSON libraries usually decode the stream
before extracting keys, while the current mjson implementation decodes the
contents during extraction instead. Let's document this point so that
users are aware of the limitations and do not rely on the current behavior
and do not use it for what it's not made for (e.g. content sanitization).

This is also the case for jwt_header_query(), jwt_payload_query() and
jwt_verify(), which already refer to this converter for specificities.
This commit is contained in:
Willy Tarreau 2025-10-02 04:52:33 +02:00 committed by Christopher Faulet
parent b71bb6c2ae
commit 67603162c1
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/configuration.txt
View File

@ -20699,6 +20699,12 @@ json_query(<json_path>[,<output_type>])
<json_path> must be a valid JSON Path string as defined in <json_path> must be a valid JSON Path string as defined in
https://datatracker.ietf.org/doc/draft-ietf-jsonpath-base/ https://datatracker.ietf.org/doc/draft-ietf-jsonpath-base/
Note: depending on the context and the underlying implementation, extraction
of duplicate JSON keys is undefined and might return the first, last,
or any other occurrence of the same key from the input content, and if
key names are passed encoded, they might not always be matched. In
short, this converter is not suitable for content sanitization.
Example: Example:
# get a integer value from the request body # get a integer value from the request body
# "{"integer":4}" => 5 # "{"integer":4}" => 5