feat: GsonFactory to have read leniency option

Author: suztomo

google-http-client-gson/src/main/java/com/google/api/client/json/gson/GsonFactory.java

@@ -52,6 +52,8 @@ public static GsonFactory getDefaultInstance() {
     return InstanceHolder.INSTANCE;
   }
 
+  private boolean readLeniency = false;
+
   /** Holder for the result of {@link #getDefaultInstance()}. */
   @Beta
   static class InstanceHolder {
@@ -90,4 +92,16 @@ public JsonGenerator createJsonGenerator(OutputStream out, Charset enc) {
   public JsonGenerator createJsonGenerator(Writer writer) {
     return new GsonGenerator(this, new JsonWriter(writer));
   }
+
+  /** Returns true if it gives leniency to reading JSON value. */
+  boolean getReadLeniency() {
+    return readLeniency;
+  }
+
+  /** Returns copy of GsonFactory instance that is lenient when reading JSON value. */
+  public GsonFactory withReadLeniency() {
+    GsonFactory copy = new GsonFactory();
+    copy.readLeniency = true;
+    return copy;
+  }
 }

google-http-client-gson/src/main/java/com/google/api/client/json/gson/GsonParser.java

@@ -43,7 +43,7 @@ class GsonParser extends JsonParser {
   GsonParser(GsonFactory factory, JsonReader reader) {
     this.factory = factory;
     this.reader = reader;
-    reader.setLenient(false);
+    reader.setLenient(factory.getReadLeniency());
   }
 
   @Override

google-http-client-gson/src/test/java/com/google/api/client/json/gson/GsonFactoryTest.java

@@ -14,10 +14,16 @@
 
 package com.google.api.client.json.gson;
 
+import com.google.api.client.json.GenericJson;
 import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.JsonObjectParser;
 import com.google.api.client.json.JsonParser;
 import com.google.api.client.test.json.AbstractJsonFactoryTest;
+import com.google.gson.stream.MalformedJsonException;
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 
 /**
@@ -94,4 +100,30 @@ public final void testGetByteValue() throws IOException {
       assertNotNull(ex.getMessage());
     }
   }
+
+  public final void testReaderLeniency_lenient() throws IOException {
+    JsonObjectParser parser =
+        new JsonObjectParser(GsonFactory.getDefaultInstance().withReadLeniency());
+
+    // This prefix in JSON body is used to prevent Cross-site script inclusion (XSSI).
+    InputStream inputStream =
+        new ByteArrayInputStream((")]}'\n" + JSON_ENTRY_PRETTY).getBytes(StandardCharsets.UTF_8));
+    GenericJson json = parser.parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
+
+    assertEquals("foo", json.get("title"));
+  }
+
+  public final void testReaderLeniency_not_lenient() throws IOException {
+    JsonObjectParser parser = new JsonObjectParser(GsonFactory.getDefaultInstance());
+
+    try {
+      // This prefix in JSON body is used to prevent Cross-site script inclusion (XSSI).
+      InputStream inputStream =
+          new ByteArrayInputStream((")]}'\n" + JSON_ENTRY_PRETTY).getBytes(StandardCharsets.UTF_8));
+      parser.parseAndClose(inputStream, StandardCharsets.UTF_8, GenericJson.class);
+      fail("The read leniency should fail the malformed JSON input.");
+    } catch (MalformedJsonException ex) {
+      assertNotNull(ex.getMessage());
+    }
+  }
 }