Missing byte array length of JSON parser Medium

Constructing a FastByteArrayInputStream from a byte array without specifying the length to create a JSON parser could cause deserialization problem. Specify the length of the byte array to avoid the issue.

Detector ID
java/json-parser-length@v1.0
Category
Common Weakness Enumeration (CWE) external icon
-

Noncompliant example

1  public void createJsonParserNoncompliant(Text text) throws IOException {
2      // Noncompliant: length of input byte array not specified.
3      new JsonFactory().createJsonParser(new FastByteArrayInputStream(text.getBytes()));
4  }

Compliant example

1public void createJsonParserCompliant(Text text) throws IOException {
2    // Compliant: length of input byte array specified.
3    new JsonFactory().createJsonParser(new FastByteArrayInputStream(text.getBytes(), text.getLength()));
4}