Fix (json) : Json Parse validation to be more comprehensive in certain json functions (facebookincubator#14558)

Krishna Pai · facebook-github-bot · commit cc5c25bd7cf4 · 2025-08-22T13:27:51.000-07:00
Summary: Pull Request resolved: facebookincubator#14558 Certain json functions (json_extract_scalar, is_json_scalar, json_array_contains etc) relied on simdjson's parseDocument to validate that the json is valid. simdjson's parse is not fool proof and there are several cases it will return as if the document is valid when in fact it is not. This change does a more comprehensive parse that ensures the document is valid. NOTE: Previously invalid json's like [01], or [9.6E400] would give results, with this change though these jsons which are invalid will result in a null value. Reviewed By: kevinwilfong Differential Revision: D80502803
diff --git a/velox/functions/prestosql/JsonFunctions.cpp b/velox/functions/prestosql/JsonFunctions.cpp
@@ -862,8 +862,52 @@ class JsonInternalCastFunction : public exec::VectorFunction {
   mutable JsonCastOperator jsonCastOperator_;
 };
 
+template <typename T>
+static simdjson::error_code validate(T value) {
+  SIMDJSON_ASSIGN_OR_RAISE(auto type, value.type());
+  switch (type) {
+    case simdjson::ondemand::json_type::array: {
+      SIMDJSON_ASSIGN_OR_RAISE(auto array, value.get_array());
+      for (auto elementOrError : array) {
+        SIMDJSON_ASSIGN_OR_RAISE(auto element, elementOrError);
+        SIMDJSON_TRY(validate(element));
+      }
+      return simdjson::SUCCESS;
+    }
+    case simdjson::ondemand::json_type::object: {
+      SIMDJSON_ASSIGN_OR_RAISE(auto object, value.get_object());
+      for (auto fieldOrError : object) {
+        SIMDJSON_ASSIGN_OR_RAISE(auto field, fieldOrError);
+        SIMDJSON_TRY(validate(field.value()));
+      }
+      return simdjson::SUCCESS;
+    }
+    case simdjson::ondemand::json_type::number:
+      return value.get_double().error();
+    case simdjson::ondemand::json_type::string:
+      return value.get_string().error();
+    case simdjson::ondemand::json_type::boolean:
+      return value.get_bool().error();
+    case simdjson::ondemand::json_type::null: {
+      SIMDJSON_ASSIGN_OR_RAISE(auto isNull, value.is_null());
+      return isNull ? simdjson::SUCCESS : simdjson::N_ATOM_ERROR;
+    }
+  }
+  VELOX_UNREACHABLE();
+}
+
 } // namespace
 
+simdjson::error_code jsonParsingError(const simdjson::padded_string& json) {
+  SIMDJSON_ASSIGN_OR_RAISE(auto doc, simdjsonParse(json));
+  SIMDJSON_TRY(validate<simdjson::ondemand::document&>(doc));
+  if (!doc.at_end()) {
+    return simdjson::TRAILING_CONTENT;
+  }
+
+  return simdjson::SUCCESS;
+}
+
 VELOX_DECLARE_VECTOR_FUNCTION(
     udf_json_format,
     JsonFormatFunction::signatures(),
diff --git a/velox/functions/prestosql/JsonFunctions.h b/velox/functions/prestosql/JsonFunctions.h
@@ -25,6 +25,12 @@
 
 namespace facebook::velox::functions {
 
+/// Utility function that takes a padded string and determines whether
+/// the json is valid or not.
+/// @returns simdjson::SUCCESS if passed json is valid else returns a
+/// failure code.
+simdjson::error_code jsonParsingError(const simdjson::padded_string& json);
+
 template <typename T>
 struct IsJsonScalarFunction {
   VELOX_DEFINE_FUNCTION_TYPES(T);
@@ -33,14 +39,17 @@ struct IsJsonScalarFunction {
     simdjson::ondemand::document jsonDoc;
 
     simdjson::padded_string paddedJson(json.data(), json.size());
-    if (auto errorCode = simdjsonParse(paddedJson).get(jsonDoc)) {
+    if (auto errorCode = jsonParsingError(paddedJson)) {
       if (threadSkipErrorDetails()) {
         return Status::UserError();
       }
       return Status::UserError(
           "Failed to parse JSON: {}", simdjson::error_message(errorCode));
     }
 
+    if (simdjsonParse(paddedJson).get(jsonDoc)) {
+      return Status::UserError("Failed to parse JSON");
+    }
     result =
         (jsonDoc.type() == simdjson::ondemand::json_type::number ||
          jsonDoc.type() == simdjson::ondemand::json_type::string ||
@@ -68,9 +77,13 @@ struct JsonArrayContainsFunction {
     simdjson::ondemand::document jsonDoc;
 
     simdjson::padded_string paddedJson(json.data(), json.size());
+    if (jsonParsingError(paddedJson)) {
+      return false;
+    }
     if (simdjsonParse(paddedJson).get(jsonDoc)) {
       return false;
     }
+
     if (jsonDoc.type().error()) {
       return false;
     }
@@ -133,6 +146,9 @@ struct JsonArrayGetFunction {
     simdjson::ondemand::document jsonDoc;
 
     simdjson::padded_string paddedJson(jsonArray.data(), jsonArray.size());
+    if (jsonParsingError(paddedJson)) {
+      return false;
+    }
     if (simdjsonParse(paddedJson).get(jsonDoc)) {
       return false;
     }
@@ -229,12 +245,8 @@ struct JsonExtractScalarFunction {
 
     // Check for valid json
     simdjson::padded_string paddedJson(json.data(), json.size());
-    {
-      SIMDJSON_ASSIGN_OR_RAISE(auto jsonDoc, simdjsonParse(paddedJson));
-      simdjson::ondemand::document parsedDoc;
-      if (simdjsonParse(paddedJson).get(parsedDoc)) {
-        return simdjson::TAPE_ERROR;
-      }
+    if (auto val = jsonParsingError(paddedJson)) {
+      return val;
     }
 
     bool isDefinitePath = true;
@@ -328,6 +340,10 @@ struct JsonArrayLengthFunction {
     simdjson::ondemand::document jsonDoc;
 
     simdjson::padded_string paddedJson(json.data(), json.size());
+    // Check for valid json
+    if (jsonParsingError(paddedJson)) {
+      return false;
+    }
     if (simdjsonParse(paddedJson).get(jsonDoc)) {
       return false;
     }
diff --git a/velox/functions/prestosql/tests/JsonExtractScalarTest.cpp b/velox/functions/prestosql/tests/JsonExtractScalarTest.cpp
@@ -239,6 +239,18 @@ TEST_F(JsonExtractScalarTest, wildcardSelect) {
       std::nullopt);
 }
 
+TEST_F(JsonExtractScalarTest, nanJson) {
+  std::vector<std::string> badReplacements = {"garbage", "NaN", "}", "0/0"};
+
+  for (const auto& badReplacement : badReplacements) {
+    std::string js = fmt::format(
+        fmt::runtime(
+            "{{\"hands_v1\": {}, \"over_occlusion_rate\": 0.0358322490205352}}"),
+        badReplacement);
+    EXPECT_EQ(jsonExtractScalar(js, "$.over_occlusion_rate"), std::nullopt);
+  }
+}
+
 } // namespace
 
 } // namespace facebook::velox::functions::prestosql
diff --git a/velox/functions/prestosql/tests/JsonFunctionsTest.cpp b/velox/functions/prestosql/tests/JsonFunctionsTest.cpp
@@ -175,6 +175,12 @@ class JsonFunctionsTest : public functions::test::FunctionBaseTest {
     return evaluateJsonVectorFunction("json_array_get", json, index, wrapInTry);
   }
 
+  const std::vector<std::string> badReplacements_ = {
+      "garbage",
+      "NaN",
+      "}",
+      "0/0"};
+
  private:
   // Utility function to evaluate a function both with and without constant
   // inputs. Ensures that the results are same in both cases. 'wrapInTry' is
@@ -684,6 +690,16 @@ TEST_F(JsonFunctionsTest, isJsonScalar) {
   EXPECT_EQ(isJsonScalar(R"({"k1":""})"), false);
 }
 
+TEST_F(JsonFunctionsTest, isJsonScalarBadJsons) {
+  for (const auto& badReplacement : badReplacements_) {
+    std::string js = fmt::format(
+        fmt::runtime(
+            "{{\"hands_v1\": {}, \"over_occlusion_rate\": 0.0358322490205352}}"),
+        badReplacement);
+    EXPECT_THROW(isJsonScalar(js), VeloxUserError);
+  }
+}
+
 TEST_F(JsonFunctionsTest, jsonArrayLength) {
   EXPECT_EQ(jsonArrayLength(R"([])"), 0);
   EXPECT_EQ(jsonArrayLength(R"([1])"), 1);
@@ -703,6 +719,14 @@ TEST_F(JsonFunctionsTest, jsonArrayLength) {
 
   // Malformed Json.
   EXPECT_EQ(jsonArrayLength(R"((})"), std::nullopt);
+
+  for (const auto& badReplacement : badReplacements_) {
+    std::string js = fmt::format(
+        fmt::runtime(
+            "{{\"hands_v1\": {}, \"over_occlusion_rate\": 0.0358322490205352}}"),
+        badReplacement);
+    EXPECT_EQ(jsonArrayLength(js), std::nullopt);
+  }
 }
 
 TEST_F(JsonFunctionsTest, jsonArrayGet) {
@@ -753,6 +777,15 @@ TEST_F(JsonFunctionsTest, jsonArrayGet) {
     EXPECT_FALSE(arrayGet("[1, 2, ...", 1, type).has_value());
     EXPECT_FALSE(arrayGet("not json", 1, type).has_value());
   }
+
+  // Test it fails on bad jsons
+  for (const auto& badReplacement : badReplacements_) {
+    std::string js = fmt::format(
+        fmt::runtime(
+            "{{\"hands_v1\": {}, \"over_occlusion_rate\": 0.0358322490205352}}"),
+        badReplacement);
+    EXPECT_EQ(arrayGet(js.data(), 1, JSON()), std::nullopt);
+  }
 }
 
 TEST_F(JsonFunctionsTest, jsonArrayContainsBool) {
@@ -792,8 +825,9 @@ true, true, true, true, true, true, true, true, true, true, true])",
 
   // Test errors of getting the specified type of json value.
   // Error code is "INCORRECT_TYPE".
-  EXPECT_EQ(jsonArrayContains<bool>(R"([truet])", false), false);
-  EXPECT_EQ(jsonArrayContains<bool>(R"([truet, false])", false), true);
+  // Bad jsons will return null.
+  EXPECT_EQ(jsonArrayContains<bool>(R"([truet])", false), std::nullopt);
+  EXPECT_EQ(jsonArrayContains<bool>(R"([truet, false])", false), std::nullopt);
 }
 
 TEST_F(JsonFunctionsTest, jsonArrayContainsBigint) {
@@ -841,8 +875,8 @@ TEST_F(JsonFunctionsTest, jsonArrayContainsBigint) {
   EXPECT_EQ(
       jsonArrayContains<int64_t>(R"([-9223372036854775809,-9])", -9), true);
   // Error code is "NUMBER_ERROR".
-  EXPECT_EQ(jsonArrayContains<int64_t>(R"([01])", 4), false);
-  EXPECT_EQ(jsonArrayContains<int64_t>(R"([01, 4])", 4), true);
+  EXPECT_EQ(jsonArrayContains<int64_t>(R"([01])", 4), std::nullopt);
+  EXPECT_EQ(jsonArrayContains<int64_t>(R"([01, 4])", 4), std::nullopt);
 }
 
 TEST_F(JsonFunctionsTest, jsonArrayContainsDouble) {
@@ -890,8 +924,8 @@ TEST_F(JsonFunctionsTest, jsonArrayContainsDouble) {
 
   // Test errors of getting the specified type of json value.
   // Error code is "NUMBER_ERROR".
-  EXPECT_EQ(jsonArrayContains<double>(R"([9.6E400])", 4.2), false);
-  EXPECT_EQ(jsonArrayContains<double>(R"([9.6E400,4.2])", 4.2), true);
+  EXPECT_EQ(jsonArrayContains<double>(R"([9.6E400])", 4.2), std::nullopt);
+  EXPECT_EQ(jsonArrayContains<double>(R"([9.6E400,4.2])", 4.2), std::nullopt);
 }
 
 TEST_F(JsonFunctionsTest, jsonArrayContainsString) {
@@ -959,6 +993,14 @@ TEST_F(JsonFunctionsTest, jsonArrayContainsMalformed) {
       evaluateOnce<bool>(
           "json_array_contains(c0, 'a')", makeRowVector({jsonVector})),
       std::nullopt);
+
+  for (const auto& badReplacement : badReplacements_) {
+    std::string js = fmt::format(
+        fmt::runtime(
+            "{{\"hands_v1\": {}, \"over_occlusion_rate\": 0.0358322490205352}}"),
+        badReplacement);
+    EXPECT_EQ(jsonArrayContains<std::string>(js, {""}), std::nullopt);
+  }
 }
 
 TEST_F(JsonFunctionsTest, jsonSize) {
@@ -975,6 +1017,14 @@ TEST_F(JsonFunctionsTest, jsonSize) {
       jsonSize(
           R"({"k1":{"k2": 999, "k3": [{"k4": [1, 2, 3]}]}})", "$.k1.k3[0].k4"),
       3);
+
+  for (const auto& badReplacement : badReplacements_) {
+    std::string js = fmt::format(
+        fmt::runtime(
+            "{{\"hands_v1\": {}, \"over_occlusion_rate\": 0.0358322490205352}}"),
+        badReplacement);
+    EXPECT_EQ(jsonSize(js, "$.k1"), std::nullopt);
+  }
 }
 
 TEST_F(JsonFunctionsTest, invalidPath) {
