Merge pull request #1160 from PowerGridModel/feature/sanitize-json-deserialization-error

TonyXiang8787 · web-flow · commit e7675f7d52de · 2025-10-21T12:34:04.000Z
fix JSON deserializer message dump when token is extremely long
diff --git a/power_grid_model_c/power_grid_model/include/power_grid_model/auxiliary/serialization/deserializer.hpp b/power_grid_model_c/power_grid_model/include/power_grid_model/auxiliary/serialization/deserializer.hpp
@@ -48,6 +48,8 @@ struct JsonMapArrayData {
 };
 
 struct JsonSAXVisitor {
+    static constexpr size_t max_error_message_token_length = 100;
+
     msgpack::packer<msgpack::sbuffer> top_packer() {
         if (data_buffers.empty()) {
             throw SerializationError{"Json root should be a map!\n"};
@@ -122,12 +124,13 @@ struct JsonSAXVisitor {
         return true;
     }
 
-    [[noreturn]] static bool parse_error(std::size_t position, std::string const& last_token,
-                                         json::exception const& ex) {
-        std::stringstream ss;
-        ss << "Parse error in JSON. Position: " << position << ", last token: " << last_token
-           << ". Exception message: " << ex.what() << '\n';
-        throw SerializationError{ss.str()};
+    [[noreturn]] static bool parse_error(std::size_t position, std::string_view last_token, json::exception const& ex) {
+        throw SerializationError{
+            std::format("Parse error in JSON. Position: {}, Last token: {}. Exception message: {}", position,
+                        last_token.size() > max_error_message_token_length
+                            ? std::format("{}...[truncated]", last_token.substr(0, max_error_message_token_length))
+                            : last_token,
+                        ex.what())};
     }
 
     std::stack<JsonMapArrayData> data_buffers;
diff --git a/tests/cpp_unit_tests/test_deserializer.cpp b/tests/cpp_unit_tests/test_deserializer.cpp
@@ -252,7 +252,7 @@ constexpr std::string_view json_batch = R"(
 }
 )";
 
-void check_error(std::string_view json, char const* err_msg) {
+void check_error(std::string_view json, std::string_view err_msg) {
     std::vector<NodeInput> node(1);
 
     auto const run = [&]() {
@@ -261,9 +261,8 @@ void check_error(std::string_view json, char const* err_msg) {
         deserializer.parse();
     };
 
-    CHECK_THROWS_WITH_AS(run(), doctest::Contains(err_msg), std::exception);
+    CHECK_THROWS_WITH_AS(run(), doctest::Contains(err_msg.data()), std::exception);
 }
-
 } // namespace
 
 TEST_CASE("Deserializer") {
@@ -633,6 +632,46 @@ true}]}})";
 true}]}]})";
         check_error(wrong_type_dict, "Position of error: data/0/node/0/id");
     }
+
+    SUBCASE("Last token") {
+        CHECK(detail::JsonSAXVisitor::max_error_message_token_length == 100);
+
+        SUBCASE("Token is way too long") {
+            constexpr std::string_view json_invalid =
+                R"({"version": "1.0", "type": "input", "is_batch": false, "attributes": {}, "data": {"this is an extremely long token that exceeds the maximum length allowed by the deserializer which is set to one hundred characters":})";
+
+            std::string const short_token_string{"\"this is an extremely long token that exceeds the maximum length "
+                                                 "allowed by the deserializer which i"};
+            CHECK(short_token_string.size() == detail::JsonSAXVisitor::max_error_message_token_length);
+
+            check_error(json_invalid,
+                        std::format("Last token: {}...[truncated]. Exception message:", short_token_string));
+        }
+        SUBCASE("Token is just too long") {
+            constexpr std::string_view json_invalid =
+                R"({"version": "1.0", "type": "input", "is_batch": false, "attributes": {}, "data": {"this is a token that is just too long. It barely exceeds the maximum length allowed in the errors":})";
+
+            std::string const full_token_string{"\"this is a token that is just too long. It barely exceeds the "
+                                                "maximum length allowed in the errors\":}"};
+            std::string const truncated_token_string{
+                full_token_string.substr(0, detail::JsonSAXVisitor::max_error_message_token_length)};
+            CHECK(full_token_string.size() == detail::JsonSAXVisitor::max_error_message_token_length + 1);
+            CHECK(truncated_token_string.size() == detail::JsonSAXVisitor::max_error_message_token_length);
+
+            check_error(json_invalid,
+                        std::format("Last token: {}...[truncated]. Exception message:", truncated_token_string));
+        }
+        SUBCASE("Token is barely short enough") {
+            constexpr std::string_view json_invalid =
+                R"({"version": "1.0", "type": "input", "is_batch": false, "attributes": {}, "data": {"this is a token that is just too long. It fits barely in the maximum length allowed in the error":})";
+
+            std::string const full_token_string{"\"this is a token that is just too long. It fits barely in the "
+                                                "maximum length allowed in the error\":}"};
+            CHECK(full_token_string.size() == detail::JsonSAXVisitor::max_error_message_token_length);
+
+            check_error(json_invalid, std::format("Last token: {}. Exception message:", full_token_string));
+        }
+    }
 }
 
 } // namespace power_grid_model::meta_data
