Does JSON Jackson Library have JSON Sanitizing capability like the OWASP JSON Sanitizer ? I went through Jackson documentation but, couldn't find any reference about it. It only talks about Streaming, Traversing and Binding of JSON data and nothing about sanitizing or similar functionality.
Could someone please confirm.
I need a library that can check the JSON data for any malicious or vulnerable content/code.
What does such sanitization mean? Page you linked to does not actually explain what it is supposed to do. But I am guessing it would be used to verify that input is valid JSON, and not something that just resembles JSON, such as Javascript code.
Now: if the idea is to take arbitrary content that alleges to be JSON, you could use Jackson in streaming mode for reading and then writing content. Since Jackson:
combination of reading+writing should sanitize input. You could do something like:
JsonFactory f = new JsonFactory();
JsonParser p = f.createParser(inputFile);
JsonGenerator g = f.createGenerator(outputFile);
while (p.nextToken() != null) {
g.copyCurrentStructure(p);
}
p.close();
g.close();
which is a very fast method of ensuring that invalid content does not get through system.