Merge pull request #999 from marilynel/master

stleary · web-flow · commit 0a9364e92085 · 2025-07-16T20:12:57.000-05:00
fixed some strict mode issues
diff --git a/src/main/java/org/json/JSONObject.java b/src/main/java/org/json/JSONObject.java
@@ -213,6 +213,7 @@ public JSONObject(JSONTokener x, JSONParserConfiguration jsonParserConfiguration
         this();
         char c;
         String key;
+        Object obj;
 
         boolean isInitial = x.getPrevious() == 0;
 
@@ -230,7 +231,20 @@ public JSONObject(JSONTokener x, JSONParserConfiguration jsonParserConfiguration
                 }
                 return;
             default:
-                key = x.nextSimpleValue(c).toString();
+                obj = x.nextSimpleValue(c);
+                key = obj.toString();
+            }
+
+            if (jsonParserConfiguration != null && jsonParserConfiguration.isStrictMode()) {
+                if(obj instanceof Boolean) {
+                    throw x.syntaxError(String.format("Strict mode error: key '%s' cannot be boolean", key));
+                }
+                if(obj == JSONObject.NULL) {
+                    throw x.syntaxError(String.format("Strict mode error: key '%s' cannot be null", key));
+                }
+                if(obj instanceof Number) {
+                    throw x.syntaxError(String.format("Strict mode error: key '%s' cannot be number", key));
+                }
             }
 
             // The key is followed by ':'.
diff --git a/src/main/java/org/json/JSONTokener.java b/src/main/java/org/json/JSONTokener.java
@@ -511,11 +511,21 @@ Object nextSimpleValue(char c) {
             throw this.syntaxError("Missing value");
         }
         Object obj = JSONObject.stringToValue(string);
-        // Strict mode only allows strings with explicit double quotes
+        // if obj is a boolean, look at string
         if (jsonParserConfiguration != null &&
-                jsonParserConfiguration.isStrictMode() &&
-                obj instanceof String) {
-            throw this.syntaxError(String.format("Strict mode error: Value '%s' is not surrounded by quotes", obj));
+                jsonParserConfiguration.isStrictMode()) {
+            if (obj instanceof Boolean && !"true".equals(string) && !"false".equals(string)) {
+                // Strict mode only allows lowercase true or false
+                throw this.syntaxError(String.format("Strict mode error: Value '%s' is not lowercase boolean", obj));
+            }
+            else if (obj == JSONObject.NULL && !"null".equals(string)) {
+                // Strint mode only allows lowercase null
+                throw this.syntaxError(String.format("Strict mode error: Value '%s' is not lowercase null", obj));
+            }
+            else if (obj instanceof String) {
+                // Strict mode only allows strings with explicit double quotes
+                throw this.syntaxError(String.format("Strict mode error: Value '%s' is not surrounded by quotes", obj));
+            }
         }
         return obj;
     }
diff --git a/src/test/java/org/json/junit/JSONObjectTest.java b/src/test/java/org/json/junit/JSONObjectTest.java
@@ -3997,6 +3997,45 @@ public void testStrictModeJSONTokener_expectException(){
         assertThrows(JSONException.class, () -> { new JSONObject(tokener); });
     }
 
+    @Test
+    public void test_strictModeWithMisCasedBooleanOrNullValue(){
+        JSONParserConfiguration jsonParserConfiguration = new JSONParserConfiguration().withStrictMode();
+
+        try{
+            JSONObject j1 = new JSONObject("{\"a\":True}", jsonParserConfiguration);
+            fail("Expected an exception");
+        } catch (JSONException e) { }
+        try{
+            JSONObject j2 = new JSONObject("{\"a\":TRUE}", jsonParserConfiguration);
+            fail("Expected an exception");
+        } catch (JSONException e) { }
+        try{
+            JSONObject j2 = new JSONObject("{\"a\":nUlL}", jsonParserConfiguration);
+            fail("Expected an exception");
+        } catch (JSONException e) { }
+    }
+
+    @Test
+    public void test_strictModeWithInappropriateKey(){
+        JSONParserConfiguration jsonParserConfiguration = new JSONParserConfiguration().withStrictMode();
+
+        // Parsing the following objects should fail
+        try{
+            JSONObject j3 = new JSONObject("{true : 3}", jsonParserConfiguration);
+            fail("Expected an exception");
+        } catch (JSONException e) { }
+        try{
+            JSONObject j4 = new JSONObject("{TRUE : 3}", jsonParserConfiguration);
+            fail("Expected an exception");
+        } catch (JSONException e) { }
+        try{
+            JSONObject j5 = new JSONObject("{1 : 3}", jsonParserConfiguration);
+            fail("Expected an exception");
+        } catch (JSONException e) { }
+
+    }
+
+
     /**
      * Method to build nested map of max maxDepth
      *
