Merge pull request #779 from Madjosz/713_jsonobject_nonfinite

add validity check for JSONObject constructors

Author: stleary

src/main/java/org/json/JSONObject.java

@@ -283,6 +283,7 @@ public JSONObject(Map<?, ?> m) {
         	    }
                 final Object value = e.getValue();
                 if (value != null) {
+                    testValidity(value);
                     this.map.put(String.valueOf(e.getKey()), wrap(value));
                 }
             }
@@ -346,6 +347,8 @@ public JSONObject(Map<?, ?> m) {
      * @param bean
      *            An object that has getter methods that should be used to make
      *            a JSONObject.
+     * @throws JSONException
+     *            If a getter returned a non-finite number.
      */
     public JSONObject(Object bean) {
         this();
@@ -1691,6 +1694,8 @@ public String optString(String key, String defaultValue) {
      *
      * @param bean
      *            the bean
+     * @throws JSONException
+     *            If a getter returned a non-finite number.
      */
     private void populateMap(Object bean) {
         populateMap(bean, Collections.newSetFromMap(new IdentityHashMap<Object, Boolean>()));
@@ -1726,6 +1731,7 @@ && isValidMethodName(method.getName())) {
 
                             objectsRecord.add(result);
 
+                            testValidity(result);
                             this.map.put(key, wrap(result, objectsRecord));
 
                             objectsRecord.remove(result);

src/test/java/org/json/junit/JSONObjectTest.java

@@ -9,6 +9,7 @@
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
@@ -1972,7 +1973,7 @@ public void jsonObjectToStringIndent() {
     @Test
     public void jsonObjectToStringSuppressWarningOnCastToMap() {
         JSONObject jsonObject = new JSONObject();
-        Map<String, String> map = new HashMap();
+        Map<String, String> map = new HashMap<>();
         map.put("abc", "def");
         jsonObject.put("key", map);
 
@@ -3283,7 +3284,7 @@ public void testSingletonEnumBean() {
     @SuppressWarnings("boxing")
     @Test
     public void testGenericBean() {
-        GenericBean<Integer> bean = new GenericBean(42);
+        GenericBean<Integer> bean = new GenericBean<>(42);
         final JSONObject jo = new JSONObject(bean);
         assertEquals(jo.keySet().toString(), 8, jo.length());
         assertEquals(42, jo.get("genericValue"));
@@ -3627,4 +3628,25 @@ public String toJSONString() {
                 .put("b", 2);
         assertFalse(jo1.similar(jo3));
     }
+
+    private static final Number[] NON_FINITE_NUMBERS = { Double.POSITIVE_INFINITY, Double.NEGATIVE_INFINITY, Double.NaN,
+            Float.POSITIVE_INFINITY, Float.NEGATIVE_INFINITY, Float.NaN };
+
+    @Test
+    public void issue713MapConstructorWithNonFiniteNumbers() {
+        for (Number nonFinite : NON_FINITE_NUMBERS) {
+            Map<String, Number> map = new HashMap<>();
+            map.put("a", nonFinite);
+
+            assertThrows(JSONException.class, () -> new JSONObject(map));
+        }
+    }
+
+    @Test
+    public void issue713BeanConstructorWithNonFiniteNumbers() {
+        for (Number nonFinite : NON_FINITE_NUMBERS) {
+            GenericBean<Number> bean = new GenericBean<>(nonFinite);
+            assertThrows(JSONException.class, () -> new JSONObject(bean));
+        }
+    }
 }

src/test/java/org/json/junit/data/GenericBean.java

@@ -9,7 +9,7 @@
  * @param <T>
  *            generic number value
  */
-public class GenericBean<T extends Number & Comparable<T>> implements MyBean {
+public class GenericBean<T extends Number> implements MyBean {
     /**
      * @param genericValue
      *            value to initiate with