Sanitize JSON using Java

Introduction

Here I am going to tell you how to sanitize JSON (JavaScript Object Notation) string using Java program. Given JSON-like content, convert it to valid JSON. The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline to help satisfy Postel’s principle: be conservative in what you do, be liberal in what you accept from others.

When applied to JSON-like content from others, this project will produce well-formed JSON that should satisfy any parser you use. When applied to your output before you send, it will coerce minor mistakes in encoding and make it easier to embed your JSON in HTML and XML.

Prerequisites

Java at least .8, Maven 3.6.3 or Gradle 5.6 – 6.7.1, JSON Sanitizer Library 1.2.1 – 1.2.2

Project Setup

You can create maven or gradle based project in your favorite IDE or tool. The name of the project is java-sanitize-json.

If you are using maven as a build tool then you can use the below pom.xml file:

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>com.roytuts</groupId>
	<artifactId>java-json-sanitizer</artifactId>
	<version>0.0.1-SNAPSHOT</version>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<maven.compiler.source>12</maven.compiler.source>
		<maven.compiler.target>12</maven.compiler.target>
	</properties>

	<dependencies>
		<dependency>
			<groupId>com.mikesamuel</groupId>
			<artifactId>json-sanitizer</artifactId>
			<version>1.2.1 - 1.2.2</version>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>3.8.1</version>
			</plugin>
		</plugins>
	</build>
</project>

If you are using gradle as a build tool then you can use below build.gradle script:

plugins {
    id 'java-library'
}

repositories {
    jcenter()
}

dependencies {
	implementation 'com.mikesamuel:json-sanitizer:1.2.1' //1.2.2
}

Sanitize JSON String

Create a JSON sanitizer class for sanitizing JSON string. You can pass invalid or valid JSON string as a parameter in the method jsonSanitize().

If you pass invalid JSON string then this library will make it valid JSON.

package com.roytuts.java.sanitize.json;

public class JsonSanitizer {

	public static String sanitizeJson(String jsonString) {
		String wellFormedJson = com.google.json.JsonSanitizer.sanitize(jsonString);
		return wellFormedJson;
	}

}

Test Class for Sanitization

Create a test class which will test whether it is sanitizing of the given JSON string or not. Here I will create a class with main method. You can also create Junit test class to test the above JSON sanitizer class.

In the below test class I am passing invalid JSON string for sanitization.

package com.roytuts.java.sanitize.json;

public class JsonSanitizerTest {

	public static void main(String[] args) {
		String jsonString = "{\"key1\":\"value1\",\"type\":\"Booking\",\"sid\":\"A43521\",\"region\":\"ASIA\","
				+ "\"fetchFromFile\":\"false\",\"service\":\"true\",\"isEom\":\"true\",*#@!}";

		String response = JsonSanitizer.sanitizeJson(jsonString);

		System.out.println(response);

		jsonString = "{\r\n" + 
				"    \"json_pino\" : {\r\n" + 
				"        \"title\" : \"JSON Pino log\",\r\n" + 
				"        \"description\" : \"JSON Pino log\",\r\n" + 
				"        \"hide-extra\": false,\r\n" + 
				"        \"multiline\": false,\r\n" + 
				"        \"json\" : true,\r\n" + 
				"        \"file-pattern\" : \"\\\\.json\",\r\n" + 
				"        \"level-field\" : \"level\",\r\n" + 
				"        \"level\": {\r\n" + 
				"            \"fatal\": 60,\r\n" + 
				"            \"error\": 50,\r\n" + 
				"            \"warning\": 40,\r\n" + 
				"            \"info\": 30,\r\n" + 
				"            \"debug\": 20,\r\n" + 
				"            \"trace\": 10\r\n" + 
				"        },\r\n" + 
				"        \"value\": {\r\n" + 
				"            \"pid\": { \"kind\": \"integer\", \"identifier\": true },\r\n" + 
				"            \"hostname\": { \"kind\": \"string\", \"identifier\": true },\r\n" + 
				"            \"level\": { \"kind\": \"integer\", \"identifier\": true },\r\n" + 
				"            \"time\": { \"kind\": \"integer\" },\r\n" + 
				"            \"msg\": { \"kind\": \"string\" },\r\n" + 
				"            \"v\": { \"kind\": \"integer\" },\r\n" + 
				"            \"responseTime\": { \"kind\": \"integer\" }\r\n" + 
				"        },\r\n" + 
				"        \"timestamp-field\": \"time\", hdjhdkjf\r\n" + 
				"        \"body-field\": \"msg\",\r\n" + 
				"        \"opid-field\": \"pid\",\r\n" + 
				"        \"line-format\" : [\r\n" + 
				"            { \"field\" : \"time\" , oiewui87325732},\r\n" + 
				"            \" \",\r\n" + 
				"            { \"field\" : \"msg\", \"default-value\": \"\" , jehjrgyutuew}\r\n" + 
				"        ],\r\n" + 
				"        \"sample\": [\r\n" + 
				"            {\r\n" + 
				"                \"line\": \"{\\\"pid\\\":31839,\\\"hostname\\\":\\\"ip-172-31-11-174\\\",\\\"level\\\":30,\\\"time\\\":1494255536591,\\\"msg\\\":\\\"request completed\\\",\\\"responseTime\\\":1,\\\"v\\\":1, hgdsfd7635732}\"\r\n" + 
				"            }\r\n" + 
				"        ]\r\n" + 
				"    }\r\n" + 
				"}";

		response = JsonSanitizer.sanitizeJson(jsonString);

		System.out.println(response);
	}

}

Testing the JSON sanitizer

Once you run the test class, you will see the output in the console.

{"key1":"value1","type":"Booking","sid":"A43521","region":"ASIA","fetchFromFile":"false","service":"true","isEom":"true"}
{
    "json_pino" : {
        "title" : "JSON Pino log",
        "description" : "JSON Pino log",
        "hide-extra": false,
        "multiline": false,
        "json" : true,
        "file-pattern" : "\\.json",
        "level-field" : "level",
        "level": {
            "fatal": 60,
            "error": 50,
            "warning": 40,
            "info": 30,
            "debug": 20,
            "trace": 10
        },
        "value": {
            "pid": { "kind": "integer", "identifier": true },
            "hostname": { "kind": "string", "identifier": true },
            "level": { "kind": "integer", "identifier": true },
            "time": { "kind": "integer" },
            "msg": { "kind": "string" },
            "v": { "kind": "integer" },
            "responseTime": { "kind": "integer" }
        },
        "timestamp-field": "time", "hdjhdkjf"
        :"body-field" ,"msg"
        :"opid-field" ,"pid"
        :"line-format"  ,"":[
            { "field" : "time" , "oiewui87325732":null},
            " ",
            { "field" : "msg", "default-value": "" , "jehjrgyutuew":null}
        ],
        "sample": [
            {
                "line": "{\"pid\":31839,\"hostname\":\"ip-172-31-11-174\",\"level\":30,\"time\":1494255536591,\"msg\":\"request completed\",\"responseTime\":1,\"v\":1, hgdsfd7635732}"
            }
        ]
    }
}

Source Code

Download

1 thought on “Sanitize JSON using Java

  1. Hi,
    How to sanitize an object .
    Suppose that i have a class Person class to be sent as a json response from my REST call then how can i sanitize this Java class.

Leave a Reply

Your email address will not be published. Required fields are marked *