PHP Classes

iaso PHP JSON Parser Library: Parse JSON strings immune to hash-DoS attacks

Recommend this page to a friend!
  Info   View files Documentation   View files View files (22)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog (1)    
Ratings Unique User Downloads Download Rankings
Not enough user ratingsTotal: 81 This week: 1All time: 10,067 This week: 560Up
Version License PHP version Categories
iaso 1.0.0MIT/X Consortium ...5Parsers, PHP 7
Description 

Author

This package can parse JSON strings immune to hash-DoS attacks.

It can take a string in JSON format to parse it and return a PHP data structure.

The package can parse JSON strings and store the JSON object variables without using regular PHP arrays to make the result immune to hash-DoS attacks.

Innovation Award
PHP Programming Innovation award nominee
May 2022
Number 2
A Hash DoS attack is a security attack that may affect PHP applications that use arrays or objects to pass parameters from clients to PHP using HTTP request variables.

This vulnerability may affect PHP versions that do not avoid collisions of hash data structures that may take many keys that result in the same hash value to determine how arrays and objects are stored internally by PHP.

PHP provides better alternative methods to store arrays and objects more immune to this vulnerability.

This package implements a parser for JSON strings that uses an alternative method to store values or JSON objects passed to PHP from HTTP requests like those used to call APIs implemented in PHP.

Manuel Lemos
Picture of Scott Arciszewski
  Performance   Level  
Name: Scott Arciszewski <contact>
Classes: 36 packages by
Country: United States United States
Age: ???
All time rank: 1180171 in United States United States
Week rank: 52 Up6 in United States United States Up
Innovation award
Innovation award
Nominee: 28x

Winner: 1x

Documentation

Iaso

Build Status Latest Stable Version Latest Unstable Version License

Iaso is a powerful JSON toolkit for PHP 7+, intended for any organization that builds or consumes JSON-based APIs.

Iaso was developed by Paragon Initiative Enterprises to allow projects to build APIs without being vulnerable to hash-collision denial of service attacks from PHP's JSON functions.

Features

  • HDoS resistant data structure (`ResultSet`)
  • Basic JSON parser (returns `ResultSet` objects) * `Assoc` is a JSON object * `Ordered` is a JSON array

Roadmap

  • Contract-enforced JSON parser * Allows strict types, data limits * Throws an exception if any violations are found

Usage Examples

Simple JSON Parsing

use ParagonIE\Iaso\JSON;
use ParagonIE\Iaso\ResultSet;

$data = JSON::parse($string);
var_dump($data instanceof ResultSet); /bool(true)/

  Files folder image Files  
File Role Description
Files folder imagesrc (6 files, 2 directories)
Files folder imagetests (3 files, 1 directory)
Accessible without login Plain text file .travis.yml Data Auxiliary data
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file phpunit.xml.dist Data Auxiliary data
Accessible without login Plain text file psalm.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  src  
File Role Description
Files folder imageContract (2 files)
Files folder imageResult (3 files)
  Accessible without login Plain text file Contract.php Class Class source
  Accessible without login Plain text file JSON.php Class Class source
  Accessible without login Plain text file JSONError.php Class Class source
  Accessible without login Plain text file Parser.php Class Class source
  Accessible without login Plain text file ParseState.php Class Class source
  Accessible without login Plain text file ResultSet.php Class Class source

  Files folder image Files  /  src  /  Contract  
File Role Description
  Accessible without login Plain text file Blank.php Class Class source
  Accessible without login Plain text file TypeInterface.php Class Class source

  Files folder image Files  /  src  /  Result  
File Role Description
  Accessible without login Plain text file Assoc.php Class Class source
  Accessible without login Plain text file Bare.php Class Class source
  Accessible without login Plain text file Ordered.php Class Class source

  Files folder image Files  /  tests  
File Role Description
Files folder imagebenchmarks (2 files)
  Accessible without login Plain text file JSONTest.php Class Class source
  Accessible without login Plain text file ParserTest.php Class Class source
  Accessible without login Plain text file ResultSetTest.php Class Class source

  Files folder image Files  /  tests  /  benchmarks  
File Role Description
  Accessible without login Plain text file average-case.php Aux. Auxiliary script
  Accessible without login Plain text file hashdos.php Aux. Auxiliary script

 Version Control Unique User Downloads Download Rankings  
 100%
Total:81
This week:1
All time:10,067
This week:560Up
User Comments (2)
Thats a very great class ;-)
1 year ago (José Filipe Lopes Santos)
70%StarStarStarStar
Thats a very great class ;-)
1 year ago (José Filipe Lopes Santos)
70%StarStarStarStar