Enforce recursion limit and more tidying

jg-rp · jg-rp · commit 9a73434e5823 · 2025-08-19T19:47:54.000+01:00
diff --git a/jsonpath/cli.py b/jsonpath/cli.py
@@ -1,4 +1,5 @@
 """JSONPath, JSON Pointer and JSON Patch command line interface."""
+
 import argparse
 import json
 import sys
@@ -289,7 +290,6 @@ def handle_pointer_command(args: argparse.Namespace) -> None:
     if args.pointer is not None:
         pointer = args.pointer
     else:
-        # TODO: is a property with a trailing newline OK?
         pointer = args.pointer_file.read().strip()
 
     try:
diff --git a/jsonpath/env.py b/jsonpath/env.py
@@ -124,6 +124,9 @@ class attributes `root_token`, `self_token` and `filter_context_token`.
             index. Defaults to `(2**53) - 1`.
         min_int_index (int): The minimum integer allowed when selecting array items by
             index. Defaults to `-(2**53) + 1`.
+        max_recursion_depth (int): The maximum number of dict/objects and/or arrays/
+            lists the recursive descent selector can visit before a
+            `JSONPathRecursionError` is thrown.
         parser_class: The parser to use when parsing tokens from the lexer.
         root_token (str): The pattern used to select the root node in a JSON document.
             Defaults to `"$"`.
@@ -132,8 +135,8 @@ class attributes `root_token`, `self_token` and `filter_context_token`.
         union_token (str): The pattern used as the union operator. Defaults to `"|"`.
     """
 
-    # These should be unescaped strings. `re.escape` will be called
-    # on them automatically when compiling lexer rules.
+    # These should be unescaped strings. `re.escape` will be called on them
+    # automatically when compiling lexer rules.
     pseudo_root_token = "^"
     filter_context_token = "_"
     intersection_token = "&"
@@ -146,6 +149,7 @@ class attributes `root_token`, `self_token` and `filter_context_token`.
 
     max_int_index = (2**53) - 1
     min_int_index = -(2**53) + 1
+    max_recursion_depth = 100
 
     # Override these to customize path tokenization and parsing.
     lexer_class: Type[Lexer] = Lexer
@@ -227,7 +231,6 @@ def compile(self, path: str) -> Union[JSONPath, CompoundJSONPath]:  # noqa: A003
                 "unexpected whitespace", token=stream.tokens[stream.pos - 1]
             )
 
-        # TODO: better!
         if stream.current().kind != TOKEN_EOF:
             _path = CompoundJSONPath(env=self, path=_path)
             while stream.current().kind != TOKEN_EOF:
diff --git a/jsonpath/exceptions.py b/jsonpath/exceptions.py
@@ -77,6 +77,19 @@ def __init__(self, *args: object, token: Token) -> None:
         self.token = token
 
 
+class JSONPathRecursionError(JSONPathError):
+    """An exception raised when the maximum recursion depth is reached.
+
+    Arguments:
+        args: Arguments passed to `Exception`.
+        token: The token that caused the error.
+    """
+
+    def __init__(self, *args: object, token: Token) -> None:
+        super().__init__(*args)
+        self.token = token
+
+
 class JSONPointerError(Exception):
     """Base class for all JSON Pointer errors."""
 
diff --git a/jsonpath/filter.py b/jsonpath/filter.py
@@ -529,11 +529,9 @@ def __str__(self) -> str:
         return "@" + str(self.path)[1:]
 
     def evaluate(self, context: FilterContext) -> object:
-        if isinstance(context.current, str):  # TODO: refactor
-            if self.path.empty():
-                return context.current
-            return NodeList()
-        if not isinstance(context.current, (Sequence, Mapping)):
+        if isinstance(context.current, str) or not isinstance(
+            context.current, (Sequence, Mapping)
+        ):
             if self.path.empty():
                 return context.current
             return NodeList()
@@ -546,11 +544,9 @@ def evaluate(self, context: FilterContext) -> object:
         )
 
     async def evaluate_async(self, context: FilterContext) -> object:
-        if isinstance(context.current, str):  # TODO: refactor
-            if self.path.empty():
-                return context.current
-            return NodeList()
-        if not isinstance(context.current, (Sequence, Mapping)):
+        if isinstance(context.current, str) or not isinstance(
+            context.current, (Sequence, Mapping)
+        ):
             if self.path.empty():
                 return context.current
             return NodeList()
@@ -660,15 +656,19 @@ def evaluate(self, context: FilterContext) -> object:
         try:
             func = context.env.function_extensions[self.name]
         except KeyError:
-            return UNDEFINED  # TODO: should probably raise an exception
+            # This can only happen if the environment's function register has been
+            # changed since the query was parsed.
+            return UNDEFINED
         args = [arg.evaluate(context) for arg in self.args]
         return func(*self._unpack_node_lists(func, args))
 
     async def evaluate_async(self, context: FilterContext) -> object:
         try:
             func = context.env.function_extensions[self.name]
         except KeyError:
-            return UNDEFINED  # TODO: should probably raise an exception
+            # This can only happen if the environment's function register has been
+            # changed since the query was parsed.
+            return UNDEFINED
         args = [await arg.evaluate_async(context) for arg in self.args]
         return func(*self._unpack_node_lists(func, args))
 
diff --git a/jsonpath/parse.py b/jsonpath/parse.py
@@ -722,7 +722,6 @@ def parse_relative_query(self, stream: TokenStream) -> BaseExpression:
     def parse_singular_query_selector(
         self, stream: TokenStream
     ) -> SingularQuerySelector:
-        # TODO: optionally require root identifier
         token = (
             stream.next() if stream.current().kind == TOKEN_ROOT else stream.current()
         )
diff --git a/jsonpath/path.py b/jsonpath/path.py
@@ -474,9 +474,6 @@ def intersection(self, path: JSONPath) -> CompoundJSONPath:
             paths=self.paths + ((self.env.intersection_token, path),),
         )
 
-    # TODO: implement empty and singular for CompoundJSONPath
-    # TODO: add a `segments` property returning segments from all paths
-
 
 T = TypeVar("T")
 
diff --git a/jsonpath/segments.py b/jsonpath/segments.py
@@ -11,6 +11,8 @@
 from typing import Sequence
 from typing import Tuple
 
+from .exceptions import JSONPathRecursionError
+
 if TYPE_CHECKING:
     from .env import JSONPathEnvironment
     from .match import JSONPathMatch
@@ -99,7 +101,8 @@ async def resolve_async(
 
     def _visit(self, node: JSONPathMatch, depth: int = 1) -> Iterable[JSONPathMatch]:
         """Depth-first, pre-order node traversal."""
-        # TODO: check for recursion limit
+        if depth > self.env.max_recursion_depth:
+            raise JSONPathRecursionError("recursion limit exceeded", token=self.token)
 
         yield node
 
diff --git a/tests/test_compliance.py b/tests/test_compliance.py
@@ -78,15 +78,7 @@ def test_compliance_strict(env: JSONPathEnvironment, case: Case) -> None:
 
     assert case.document is not None
     nodes = NodeList(env.finditer(case.selector, case.document))
-
-    if case.results is not None:
-        assert case.results_paths is not None
-        assert nodes.values() in case.results
-        assert nodes.paths() in case.results_paths
-    else:
-        assert case.result_paths is not None
-        assert nodes.values() == case.result
-        assert nodes.paths() == case.result_paths
+    case.assert_nodes(nodes)
 
 
 @pytest.mark.parametrize("case", valid_cases(), ids=operator.attrgetter("name"))
@@ -100,15 +92,7 @@ async def coro() -> NodeList:
         return NodeList([node async for node in it])
 
     nodes = asyncio.run(coro())
-
-    if case.results is not None:
-        assert case.results_paths is not None
-        assert nodes.values() in case.results
-        assert nodes.paths() in case.results_paths
-    else:
-        assert case.result_paths is not None
-        assert nodes.values() == case.result
-        assert nodes.paths() == case.result_paths
+    case.assert_nodes(nodes)
 
 
 @pytest.mark.parametrize("case", invalid_cases(), ids=operator.attrgetter("name"))
diff --git a/tests/test_errors.py b/tests/test_errors.py
@@ -1,10 +1,12 @@
 from operator import attrgetter
+from typing import Any
 from typing import List
 from typing import NamedTuple
 
 import pytest
 
 from jsonpath import JSONPathEnvironment
+from jsonpath.exceptions import JSONPathRecursionError
 from jsonpath.exceptions import JSONPathSyntaxError
 from jsonpath.exceptions import JSONPathTypeError
 
@@ -77,3 +79,29 @@ def test_filter_literals_must_be_compared(
 ) -> None:
     with pytest.raises(JSONPathSyntaxError):
         env.compile(case.query)
+
+
+def test_recursive_data() -> None:
+    class MockEnv(JSONPathEnvironment):
+        nondeterministic = False
+
+    env = MockEnv()
+    query = "$..a"
+    arr: List[Any] = []
+    data: Any = {"foo": arr}
+    arr.append(data)
+
+    with pytest.raises(JSONPathRecursionError):
+        env.findall(query, data)
+
+
+def test_low_recursion_limit() -> None:
+    class MockEnv(JSONPathEnvironment):
+        max_recursion_depth = 3
+
+    env = MockEnv()
+    query = "$..a"
+    data = {"foo": [{"bar": [1, 2, 3]}]}
+
+    with pytest.raises(JSONPathRecursionError):
+        env.findall(query, data)
diff --git a/tests/test_match_function.py b/tests/test_match_function.py
diff --git a/tests/test_strictness.py b/tests/test_strictness.py
@@ -36,3 +36,28 @@ def test_alternative_or(env: JSONPathEnvironment) -> None:
     query = "$[?@.a or @.c]"
     data = [{"a": True, "b": False}, {"c": 99}]
     assert env.findall(query, data) == [{"a": True, "b": False}, {"c": 99}]
+
+
+def test_implicit_root_identifier(
+    env: JSONPathEnvironment,
+) -> None:
+    query = "a['p']"
+    data = {
+        "a": {"j": [1, 2, 3], "p": {"q": [4, 5, 6]}},
+        "b": ["j", "p", "q"],
+    }
+
+    assert env.findall(query, data) == [{"q": [4, 5, 6]}]
+
+
+def test_singular_path_selector_without_root_identifier(
+    env: JSONPathEnvironment,
+) -> None:
+    query = "$.a[b[1]]"
+    data = {
+        "a": {"j": [1, 2, 3], "p": {"q": [4, 5, 6]}},
+        "b": ["j", "p", "q"],
+        "c d": {"x": {"y": 1}},
+    }
+
+    assert env.findall(query, data) == [{"q": [4, 5, 6]}]

Original file line number	Diff line number	Diff line change
`@@ -722,7 +722,6 @@ def parse_relative_query(self, stream: TokenStream) -> BaseExpression:`
`722`	`722`	`def parse_singular_query_selector(`
`723`	`723`	`self, stream: TokenStream`
`724`	`724`	`) -> SingularQuerySelector:`
`725`		`- # TODO: optionally require root identifier`
`726`	`725`	`token = (`
`727`	`726`	`stream.next() if stream.current().kind == TOKEN_ROOT else stream.current()`
`728`	`727`	`)`
Original file line number	Diff line number	Diff line change
`@@ -474,9 +474,6 @@ def intersection(self, path: JSONPath) -> CompoundJSONPath:`
`474`	`474`	`paths=self.paths + ((self.env.intersection_token, path),),`
`475`	`475`	`)`
`476`	`476`
`477`		`- # TODO: implement empty and singular for CompoundJSONPath`
`478`		- # TODO: add a `segments` property returning segments from all paths
`479`		`-`
`480`	`477`
`481`	`478`	`T = TypeVar("T")`
`482`	`479`