* Add Gson.fromJson(..., TypeToken) overloads
Previously only Gson.fromJson(..., Type) existed which is however not
type-safe since the generic type parameter T used for the return type is
not bound.
Since these methods are often used in the form
gson.fromJson(..., new TypeToken<...>(){}.getType())
this commit now adds overloads which accept a TypeToken and are therefore
more type-safe.
Additional changes:
- Fixed some grammar mistakes
- Added javadoc @see tags
- Consistently write "JSON" in uppercase
- More precise placement of @SuppressWarnings("unchecked")
* Add to Gson.fromJson javadoc that JSON is fully consumed
The newly added documentation deliberately does not state which exception
is thrown because Gson.assertFullConsumption could throw either a
JsonIOException or a JsonSyntaxException.
* Remove unnecessary wrapping and unwrapping as TypeToken in Gson.fromJson
Since the actual implementation of Gson.fromJson is TypeToken based, the
TypeToken variant overloads are now the "main" implementation and the other
overloads delegate to them.
Previously the Type variant overloads were the "main" implementation which
caused `TypeToken.getType()` followed by `TypeToken.get(...)` when the
TypeToken variant overloads were used.
* Trim source code whitespaces
* Fix Gson.fromJson(JsonReader, Class) not casting read Object
To be consistent with the other Gson.fromJson(..., Class) overloads the
method should cast the result.
* Replace User Guide link in Gson documentation
* Remove more references to fromJson(..., Type)
* Extend documentation for fromJson(JsonReader, ...)
* Replace some TypeToken.getType() usages
* Address feedback; improve documentation
* Remove fromJson(JsonReader, Class) again
As noticed during review adding this method is source incompatible.
* Verify that JsonTreeReader and JsonTreeWriter override all methods
If those classes do not override one of the JsonReader or JsonWriter methods
the user might encounter an AssertionError.
* Address review feedback
Previously when a GsonBuilder had created a Gson instance and was afterwards
reused and different type adapters were added, new GsonBuilder instances
obtained from the previous Gson instance through Gson.newBuilder() would have
been affected by the GsonBuilder changes.
This commit fixes this and additionally adds some more unit tests.
* Improve InternationalizationTest
- Remove "raw" tests since after compiling they are the same as the one with
escape sequences
- Add tests for supplementary code points (> \uFFFF)
* Improve variable names, fix incorrect escape sequences
* Convert null to JsonNull for `JsonArray.set`
All other methods perform the same implicit conversion.
* Mention null handling in JsonObject documentation
The JsonSerializer/Deserializer adapters used to ignore this attribute
which result in inconsistent behaviour for annotated adapters.
Fixes#1553
Signed-off-by: Dmitry Bufistov <dmitry@midokura.com>
Co-authored-by: Dmitry Bufistov <dmitry@midokura.com>
* Gson.toJson creates CharSequence which does not implement toString
* Improve Streams.AppendableWriter.CurrentWrite test
* Make setChars package-private
* Improve AppendableWriter performance
Override methods which by default create char arrays or convert
CharSequences to Strings.
This is not necessary for AppendableWriter because it can directly
append these values to the Appendable delegate.
* Add test for Streams.writerForAppendable
* Make Object and JsonElement deserialization iterative
Often when Object and JsonElement are deserialized the format of the JSON
data is unknown and it might come from an untrusted source. To avoid a
StackOverflowError from maliciously crafted JSON, deserialize Object and
JsonElement iteratively instead of recursively.
Concept based on 51fd2faab7
But implementation is not based on it.
* Improve imports grouping
* Address review feedback
Follow-up to comments on #2130, which introduced a new override which was not overridden by `JsonTreeWriter`. Also tweaks the doccomments for `float`, `double` and `Number` variants of `JsonWriter.value`.
Supplement to the fix for #1127.
* Add comments regarding multiple bounds of wildcard
* Remove WildcardType check in getCollectionElementType
The returned Type is never a wildcard due to the changes made to getSupertype
by commit b1fb9ca9a1.
* Remove redundant getRawType call from MapTypeAdapterFactory
getRawType(TypeToken.getType()) is the same as calling TypeToken.getRawType().
* Make TypeToken members private
* Remove incorrect statement about TypeToken wildcards
It is possible to use wildcards as part of the type argument, e.g.:
`new TypeToken<List<? extends CharSequence>>() {}`
* Only allow direct subclasses of TypeToken
Previously subclasses of subclasses (...) of TypeToken were allowed which
can behave incorrectly when retrieving the type argument, e.g.:
class SubTypeToken<T> extends TypeToken<Integer> {}
new SubTypeToken<String>() {}.getType()
This returned `String` despite the class extending TypeToken<Integer>.
* Throw exception when TypeToken captures type variable
Due to type erasure the runtime type argument for a type variable is not
available. Therefore there is no point in capturing a type variable and it
might even give a false sense of type-safety.
* Make $Gson$Types members private
* Rename $Gson$Types.getGenericSupertype parameter
Rename the method parameter to match the documentation of the method and
to be similar to getSupertype(...).
* Improve tests and handle raw TypeToken supertype better
* Make some $Gson$Types members package-private again to prevent synthetic accessors
* Remove TypeToken check for type variable
As mentioned in review comments, there are cases during serialization where
usage of the type variable is not so problematic (but still not ideal).
* Add support for reflection access filter
* Improve documentation
* Fix compilation errors
* Relax handling for BLOCK_ALL when invoking default constructor
* Improve handling for inherited fields
* Fix accessible test failing for static fields
* Simplify ReflectiveTypeAdapterFactory field writing
* Fix GsonBuilder changes affecting created Gson instances
* Improve documentation
* Improve handling for IllegalAccessException
For Java < 9, AccessibleObject.canAccess is not available and therefore checks
might pass even if object is not accessible, causing IllegalAccessException
later.
* Fix incorrect GsonBuilder.addReflectionAccessFilter documentation
* Add CodeQL GitHub code scanning workflow
* Only compile main sources for code scanning
* Move test .proto files to test sources
`annotations.proto` also seems to be only relevant for tests because the test
explicitly registers them as extensions. By default the Proto adapter does not
consider them.
* Address some code scanning findings
* Fix some more findings
* Put module-info.class into Multi-Release JAR folder
Uses ModiTect to place module-info.class under Multi-Release JAR folder
`META-INF/versions/9`.
* Adjust pom.xml to drop support for Java 6
* Change doclint setting
All Javadoc errors have been solved previously; doclint can now be enabled
without causing build failures.
* Improve README Java requirements
* Remove UnsafeReflectionAccessor
Revert #1218
Usage of sun.misc.Unsafe to change internal AccessibleObject.override field
to suppress JPMS warnings goes against the intentions of the JPMS and does not
work anymore in newer versions, see #1540.
Therefore remove it and instead create a descriptive exception when making a
member accessible fails. If necessary users can also still use `java` command
line flags to open external modules.
* Fix failing to serialize Collection or Map with inaccessible constructor
Also remove tests which rely on Java implementation details.
* Don't keep reference to access exception of ConstructorConstructor
This also avoids a confusing stack trace, since the previously caught
exception might have had a complete unrelated stack trace.
* Remove Maven toolchain requirement
* Address review feedback
* Add back test for Security Manager
* Improve Gson newJsonWriter and newJsonReader documentation
* Consider lenient and HTML-safe setting for Gson.newJsonWriter
* Remove empty line between imports
* #1981: Avoid OSGi bundle's dependency on sun.misc package
* Specify optional dependency on sun.misc.Unsafe
* Adjusting the test to sun.misc import being optional
* Using Collections.list and for loop
* Let the fail message include name of package
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
* Closing the input stream
* Dedicated assertSubstring method
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Adversaries might be able to forge data which can be abused for DoS attacks.
These classes are already writing a replacement JDK object during serialization
for a long time, so this change should not cause any issues.
Gson does not actually use the specified LongSerializationPolicy but instead
uses type adapters which emulate the behavior. However, previously Gson's
implementation did not match LongSerializationPolicy regarding null handling.
Because it is rather unlikely that LongSerializationPolicy has been used on
its own, this commit adjusts its implementation to match Gson's behavior
(instead of the other way around).
* Object and Number type adapters number deserialization can be configured
* Change wording of ToNumberStrategy documentation
* Use inline links in doc sparingly
If the element has already been linked before, don't create a link for
every subsequent occurrence.
See also (slightly dated)
https://www.oracle.com/technical-resources/articles/java/javadoc-tool.html#inlinelinks
* Link to default to-number policies in ToNumberStrategy doc
* Reduce code duplication for deserializing Number
* Hide default factory constants of NumberTypeAdapter and ObjectTypeAdapter
This encapsulates the logic a little bit better.
Additionally refactored factory created by NumberTypeAdapter to only create
TypeAdapter once and then have factory reuse that adapter for better
performance.
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Previously ISO8601UtilsTest.testDateFormatString() would fail on systems
where the time zone is UTC+X because getTime() returned "2018-06-24" for them.
Additionally the tests which previously changed the system locale and time
zone have been rewritten to create a UTC calendar instead. Setting locale
seems to not be necessary because ISO8601Utils.parse(...) does not do that
either.
When a type variable is referenced multiple times it needs to resolve
to the same value. Previously, the second attempt would abort
resolution early in order to protect against infinite recursion.
On some versions of Android (probably on some variants of the popular Samsung S4 phone), an older version of Gson is suspected to be bundled in, and gets picked up from the system classpath.
For those versions, the applications that include the latest Gson fail unexpectedly. This debug print will help confirm this issue.
* Fixed https://github.com/google/gson/issues/1310
Also renamed VersionUtils to more readable abstraction JavaVersion
Added support for debian naming convention
Using min supported version (6) as the default if JDK version can't be figured out
* Moved JavaVersion to an internal package
* Added test which shows that lenient JsonWriter fails writing infinite primitive doubles, but does not fail writing boxed doubles, as stated in #1090.
* Fixed JsonWriter#value(double) to write infinite and NaN values when lenient, as JsonWriter#value(Number) does. (fixes#1090)