Expand description
Strict admission parser for untrusted JSON input.
All public functions in this module enforce the same RFC 8785 / I-JSON invariants used by the strict canonical-emit pipeline:
- Duplicate property names are rejected at parse time. Object
members are tracked in a
BTreeSet(deterministic) so the rejection error path itself is order-stable. - Forbidden Unicode noncharacters in strings and property names
reject. Specifically: the range
U+FDD0..=U+FDEF, plus any code point with the bottom 16 bits matchingU+xFFFEorU+xFFFF. - Nesting depth is capped at
crate::MAX_NESTING_DEPTH. The limit is enforced via a sentinel-encoded serde error thatparse_json_value_no_duplicatesunwraps back intoJcsError::NestingDepthExceeded.
Sibling crate vertrule-schemas consumes deserialize_json_value_no_duplicates,
validate_string_contents, and is_safe_integer for its own
schema-validation pipeline.
§The '$'-prefix exception
serde_json with arbitrary_precision enabled uses internal
sentinel keys like "$serde_json::private::Number" during number
deserialization. Those sentinels would otherwise look like ordinary
property names to this visitor. We bypass validate_string_contents
for any key starting with '$' so the sentinel survives. This
intentionally over-matches — a user key like "$ref" containing a
noncharacter would not be validated. Acceptable because forbidden
noncharacters in '$'-prefixed keys are vanishingly unlikely in
practice.
Constants§
- MAX_
SAFE_ INTEGER - I-JSON safe integer ceiling (
2^53 - 1).
Functions§
- deserialize_
json_ value_ no_ duplicates - Deserialize a JSON value while rejecting duplicate property names.
- is_
safe_ integer - Check if an integer is in the I-JSON safe integer range
[-2^53+1, 2^53-1]. - parse_
json_ value_ no_ duplicates - Parse untrusted JSON bytes, rejecting duplicate property names and
I-JSON-forbidden code points, enforcing
MAX_NESTING_DEPTH. - validate_
string_ contents - Validate that a string contains no I-JSON forbidden noncharacters.