Harden Microsoft parser edge cases

Malformed provider payloads and non-int enum values were still able to slip through shared deserialization paths, which could throw or allocate more than necessary during Bing and Azure response parsing.

Author: niemyjski

.agents/skills/geocoding-library/SKILL.md

@@ -62,4 +62,4 @@ dotnet build samples/Example.Web/Example.Web.csproj
 - `.claude/agents` and repo-owned skills must stay Geocoding.net-specific
 - Reference only skills that exist in `.agents/skills/`
 - Reference only commands, paths, and tools that exist in this workspace
-- Keep customization workflows aligned with AGENTS.md
+- Keep customization workflows aligned with AGENTS.md

src/Geocoding.Core/Serialization/TolerantStringEnumConverter.cs

@@ -28,22 +28,21 @@ public override JsonConverter CreateConverter(Type typeToConvert, JsonSerializer
 
 internal sealed class TolerantStringEnumConverter<TEnum> : JsonConverter<TEnum> where TEnum : struct, Enum
 {
+    private static readonly Type EnumType = typeof(TEnum);
+    private static readonly Type UnderlyingType = Enum.GetUnderlyingType(EnumType);
     private static readonly TEnum FallbackValue = GetFallbackValue();
 
     public override TEnum Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
     {
         if (reader.TokenType == JsonTokenType.Number)
         {
-            if (reader.TryGetInt32(out int intValue))
-                return Enum.IsDefined(typeof(TEnum), intValue) ? (TEnum)(object)intValue : FallbackValue;
-
-            return FallbackValue;
+            return TryReadNumericValue(ref reader, out var value) ? value : FallbackValue;
         }
 
         if (reader.TokenType == JsonTokenType.String)
         {
             var value = reader.GetString();
-            if (Enum.TryParse<TEnum>(value, true, out var result) && Enum.IsDefined(typeof(TEnum), result))
+            if (Enum.TryParse<TEnum>(value, true, out var result) && Enum.IsDefined(EnumType, result))
                 return result;
 
             return FallbackValue;
@@ -59,14 +58,66 @@ public override void Write(Utf8JsonWriter writer, TEnum value, JsonSerializerOpt
 
     private static TEnum GetFallbackValue()
     {
-        foreach (string name in Enum.GetNames(typeof(TEnum)))
+        foreach (string name in Enum.GetNames(EnumType))
         {
             if (String.Equals(name, "Unknown", StringComparison.OrdinalIgnoreCase))
-                return (TEnum)Enum.Parse(typeof(TEnum), name);
+                return (TEnum)Enum.Parse(EnumType, name);
         }
 
         return default;
     }
+
+    private static bool TryReadNumericValue(ref Utf8JsonReader reader, out TEnum value)
+    {
+        value = FallbackValue;
+
+        object? rawValue = null;
+        switch (Type.GetTypeCode(UnderlyingType))
+        {
+            case TypeCode.SByte:
+                if (reader.TryGetInt64(out var sbyteValue) && sbyteValue >= sbyte.MinValue && sbyteValue <= sbyte.MaxValue)
+                    rawValue = (sbyte)sbyteValue;
+                break;
+            case TypeCode.Byte:
+                if (reader.TryGetUInt64(out var byteValue) && byteValue <= byte.MaxValue)
+                    rawValue = (byte)byteValue;
+                break;
+            case TypeCode.Int16:
+                if (reader.TryGetInt64(out var int16Value) && int16Value >= short.MinValue && int16Value <= short.MaxValue)
+                    rawValue = (short)int16Value;
+                break;
+            case TypeCode.UInt16:
+                if (reader.TryGetUInt64(out var uint16Value) && uint16Value <= ushort.MaxValue)
+                    rawValue = (ushort)uint16Value;
+                break;
+            case TypeCode.Int32:
+                if (reader.TryGetInt32(out var int32Value))
+                    rawValue = int32Value;
+                break;
+            case TypeCode.UInt32:
+                if (reader.TryGetUInt64(out var uint32Value) && uint32Value <= uint.MaxValue)
+                    rawValue = (uint)uint32Value;
+                break;
+            case TypeCode.Int64:
+                if (reader.TryGetInt64(out var int64Value))
+                    rawValue = int64Value;
+                break;
+            case TypeCode.UInt64:
+                if (reader.TryGetUInt64(out var uint64Value))
+                    rawValue = uint64Value;
+                break;
+        }
+
+        if (rawValue is null)
+            return false;
+
+        var enumValue = (TEnum)Enum.ToObject(EnumType, rawValue);
+        if (!Enum.IsDefined(EnumType, enumValue))
+            return false;
+
+        value = enumValue;
+        return true;
+    }
 }
 
 internal sealed class NullableTolerantStringEnumConverter<TEnum> : JsonConverter<TEnum?> where TEnum : struct, Enum

src/Geocoding.Microsoft/AzureMapsGeocoder.cs

@@ -39,6 +39,7 @@ public class AzureMapsGeocoder : IGeocoder
 
     /// <summary>
     /// Gets or sets the user IP address associated with the request.
+    /// Retained for API compatibility only. Azure Maps Search does not accept an explicit user-IP hint when using subscription-key authentication, so the value is ignored.
     /// </summary>
     public IPAddress? UserIP { get; set; }
 
@@ -228,13 +229,17 @@ private IEnumerable<AzureMapsAddress> ParseResponse(AzureSearchResponse response
                     continue;
 
                 var address = result.Address ?? new AzureAddressPayload();
+                var formattedAddress = FirstNonEmpty(address.FreeformAddress, address.StreetNameAndNumber, BuildStreetLine(address.StreetNumber, address.StreetName), result.Poi?.Name, result.Type, FirstNonEmpty(address.LocalName, address.Municipality, address.CountryTertiarySubdivision), address.Country);
+                if (String.IsNullOrWhiteSpace(formattedAddress))
+                    continue;
+
                 var locality = FirstNonEmpty(address.LocalName, address.Municipality, address.CountryTertiarySubdivision);
                 var neighborhood = IncludeNeighborhood
                     ? FirstNonEmpty(address.Neighbourhood, address.MunicipalitySubdivision)
                     : String.Empty;
 
                 yield return new AzureMapsAddress(
-                    FirstNonEmpty(address.FreeformAddress, address.StreetNameAndNumber, BuildStreetLine(address.StreetNumber, address.StreetName), result.Poi?.Name, result.Type, locality, address.Country),
+                    formattedAddress,
                     new Location(result.Position.Lat, result.Position.Lon),
                     BuildStreetLine(address.StreetNumber, address.StreetName),
                     FirstNonEmpty(address.CountrySubdivisionName, address.CountrySubdivision),
@@ -249,38 +254,46 @@ private IEnumerable<AzureMapsAddress> ParseResponse(AzureSearchResponse response
             yield break;
         }
 
-        if (response.Addresses is not null)
-        {
-            foreach (var reverseResult in response.Addresses)
-            {
-                if (reverseResult?.Address is null || reverseResult.Position is null || String.IsNullOrWhiteSpace(reverseResult.Position))
-                    continue;
-
-                var address = reverseResult.Address;
-                if (!TryParsePosition(reverseResult.Position!, out var lat, out var lon))
-                    continue;
-
-                var locality = FirstNonEmpty(address.LocalName, address.Municipality, address.CountryTertiarySubdivision);
-                var neighborhood = IncludeNeighborhood
-                    ? FirstNonEmpty(address.Neighbourhood, address.MunicipalitySubdivision)
-                    : String.Empty;
+        if (response.Addresses is null)
+            yield break;
 
-                yield return new AzureMapsAddress(
-                    FirstNonEmpty(address.FreeformAddress, address.StreetNameAndNumber, BuildStreetLine(address.StreetNumber, address.StreetName), locality, address.Country),
-                    new Location(lat, lon),
-                    BuildStreetLine(address.StreetNumber, address.StreetName),
-                    FirstNonEmpty(address.CountrySubdivisionName, address.CountrySubdivision),
-                    address.CountrySecondarySubdivision,
-                    address.Country,
-                    locality,
-                    neighborhood,
-                    address.PostalCode,
-                    EntityType.Address,
-                    ConfidenceLevel.High);
-            }
+        foreach (var reverseResult in response.Addresses.Where(result => result?.Address is not null && !String.IsNullOrWhiteSpace(result.Position)))
+        {
+            var reverseAddress = CreateReverseAddress(reverseResult);
+            if (reverseAddress is not null)
+                yield return reverseAddress;
         }
     }
 
+    private AzureMapsAddress? CreateReverseAddress(AzureReverseResult? reverseResult)
+    {
+        if (reverseResult?.Address is null || !TryParsePosition(reverseResult.Position!, out var lat, out var lon))
+            return null;
+
+        var address = reverseResult.Address;
+        var formattedAddress = FirstNonEmpty(address.FreeformAddress, address.StreetNameAndNumber, BuildStreetLine(address.StreetNumber, address.StreetName), FirstNonEmpty(address.LocalName, address.Municipality, address.CountryTertiarySubdivision), address.Country);
+        if (String.IsNullOrWhiteSpace(formattedAddress))
+            return null;
+
+        var locality = FirstNonEmpty(address.LocalName, address.Municipality, address.CountryTertiarySubdivision);
+        var neighborhood = IncludeNeighborhood
+            ? FirstNonEmpty(address.Neighbourhood, address.MunicipalitySubdivision)
+            : String.Empty;
+
+        return new AzureMapsAddress(
+            formattedAddress,
+            new Location(lat, lon),
+            BuildStreetLine(address.StreetNumber, address.StreetName),
+            FirstNonEmpty(address.CountrySubdivisionName, address.CountrySubdivision),
+            address.CountrySecondarySubdivision,
+            address.Country,
+            locality,
+            neighborhood,
+            address.PostalCode,
+            EntityType.Address,
+            ConfidenceLevel.High);
+    }
+
     private static bool TryParsePosition(string position, out double latitude, out double longitude)
     {
         latitude = 0;

src/Geocoding.Microsoft/BingMapsGeocoder.cs

@@ -245,20 +245,28 @@ protected virtual IEnumerable<BingAddress> ParseResponse(Json.Response response)
 
         foreach (var resourceSet in response.ResourceSets)
         {
-            if (resourceSet is null || resourceSet.Locations.IsNullOrEmpty())
+            if (resourceSet is null)
                 continue;
 
-            foreach (var location in resourceSet.Locations)
+            var locations = resourceSet.Locations;
+            if (locations.IsNullOrEmpty())
+                continue;
+
+            foreach (var location in locations)
             {
-                if (location.Point is null || location.Address is null || location.Point.Coordinates.Length < 2)
+                if (location.Point is null || location.Address is null)
+                    continue;
+
+                var coordinates = location.Point.Coordinates;
+                if (coordinates is null || coordinates.Length < 2 || String.IsNullOrWhiteSpace(location.Address.FormattedAddress))
                     continue;
 
                 if (!Enum.TryParse(location.EntityType, out EntityType entityType))
                     entityType = EntityType.Unknown;
 
                 list.Add(new BingAddress(
                     location.Address.FormattedAddress!,
-                    new Location(location.Point.Coordinates[0], location.Point.Coordinates[1]),
+                    new Location(coordinates[0], coordinates[1]),
                     location.Address.AddressLine,
                     location.Address.AdminDistrict,
                     location.Address.AdminDistrict2,
@@ -312,17 +320,16 @@ private HttpClient BuildClient()
 
     private ConfidenceLevel EvaluateConfidence(string? confidence)
     {
-        switch (confidence?.ToLower())
-        {
-            case "low":
-                return ConfidenceLevel.Low;
-            case "medium":
-                return ConfidenceLevel.Medium;
-            case "high":
-                return ConfidenceLevel.High;
-            default:
-                return ConfidenceLevel.Unknown;
-        }
+        if (String.Equals(confidence, "low", StringComparison.OrdinalIgnoreCase))
+            return ConfidenceLevel.Low;
+
+        if (String.Equals(confidence, "medium", StringComparison.OrdinalIgnoreCase))
+            return ConfidenceLevel.Medium;
+
+        if (String.Equals(confidence, "high", StringComparison.OrdinalIgnoreCase))
+            return ConfidenceLevel.High;
+
+        return ConfidenceLevel.Unknown;
     }
 
     private string BingUrlEncode(string toEncode)

src/Geocoding.Microsoft/Json.cs

@@ -507,7 +507,7 @@ public override Resource[] Read(ref Utf8JsonReader reader, Type typeToConvert, J
         foreach (var element in document.RootElement.EnumerateArray())
         {
             var resourceType = ResolveResourceType(element);
-            var resource = (Resource?)JsonSerializer.Deserialize(element.GetRawText(), resourceType, options);
+            var resource = (Resource?)element.Deserialize(resourceType, options);
             if (resource is not null)
                 resources.Add(resource);
         }

test/Geocoding.Tests/AzureMapsAsyncTest.cs

@@ -1,3 +1,6 @@
+using System.Collections;
+using System.Reflection;
+using System.Text.Json;
 using Geocoding.Microsoft;
 using Xunit;
 
@@ -38,4 +41,70 @@ public void Constructor_EmptyApiKey_ThrowsArgumentException()
         // Act & Assert
         Assert.Throws<ArgumentException>(() => new AzureMapsGeocoder(String.Empty));
     }
-}
+
+    [Fact]
+    public void ParseResponse_SearchResultWithoutUsableFormattedAddress_SkipsEntry()
+    {
+        // Arrange
+        var geocoder = new AzureMapsGeocoder("azure-key");
+
+        const string json = """
+                {
+                    "results": [
+                        {
+                            "position": { "lat": 38.8976777, "lon": -77.036517 },
+                            "address": {
+                                "freeformAddress": "   ",
+                                "municipality": "   ",
+                                "country": "   "
+                            }
+                        }
+                    ]
+                }
+                """;
+
+        // Act
+        var results = ParseResponse(geocoder, json);
+
+        // Assert
+        Assert.Empty(results);
+    }
+
+    [Fact]
+    public void ParseResponse_ReverseResultWithoutUsableFormattedAddress_SkipsEntry()
+    {
+        // Arrange
+        var geocoder = new AzureMapsGeocoder("azure-key");
+
+        const string json = """
+                {
+                    "addresses": [
+                        {
+                            "position": "38.8976777,-77.036517",
+                            "address": {
+                                "freeformAddress": "   ",
+                                "municipality": "   ",
+                                "country": "   "
+                            }
+                        }
+                    ]
+                }
+                """;
+
+        // Act
+        var results = ParseResponse(geocoder, json);
+
+        // Assert
+        Assert.Empty(results);
+    }
+
+    private static AzureMapsAddress[] ParseResponse(AzureMapsGeocoder geocoder, string json)
+    {
+        var responseType = typeof(AzureMapsGeocoder).GetNestedType("AzureSearchResponse", BindingFlags.NonPublic)!;
+        var response = JsonSerializer.Deserialize(json, responseType);
+        var parseMethod = typeof(AzureMapsGeocoder).GetMethod("ParseResponse", BindingFlags.Instance | BindingFlags.NonPublic)!;
+
+        var results = (IEnumerable)parseMethod.Invoke(geocoder, [response!])!;
+        return results.Cast<AzureMapsAddress>().ToArray();
+    }
+}