JSON-threat-protection.rs

A Rust library to protect against malicious JSON payloads.

Features

This crate provides functionality to validate JSON payloads against a set of constraints.

• Maximum depth of the JSON structure.
• Maximum length of strings.
• Maximum number of entries in arrays.
• Maximum number of entries in objects.
• Maximum length of object entry names.
• Whether to allow duplicate object entry names.

Docs

https://docs.rs/json-threat-protection

Performance

This crate is designed to be fast and efficient, and has its own benchmark suite under the benches directory. You can run the benchmarks with the following command:

JSON_FILE=/path/to/file.json cargo bench --bench memory -- --verbose

This suite validates the JSON syntax using both this crate and serde_json, you could get your own performance number by specifying the JSON_FILE to your dataset.

Fuzzing

The library is fuzz tested using the cargo-fuzz tool. The fuzzing target is located in the fuzz directory.

THe initial set of corpus files are from nlohmann/json_test_data.

Thanks

• cargo-fuzz: For providing a simple way to fuzz test the library.
• nlohmann/json_test_data: For providing a initial set of corpus files for fuzzing.

License

This project is licensed under the MIT License - see the LICENSE file for details.