Introduction

Given JSON-like content, convert it to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline to help satisfy Postel’s principle: be conservative in what you do, be liberal in what you accept from others. When applied to JSON-like content from others, this project will produce well-formed JSON that should satisfy any parser you use. When applied to your output before you send, it will coerce minor mistakes in encoding and make it easier to embed your JSON in HTML and XML.

For more info please read https://www.owasp.org/index.php/OWASP_JSON_Sanitizer
For downloading source please navigate to https://github.com/owasp/json-sanitizer

Prerequisites

The following configurations are required in order to run the application

Eclipse
JDK 1.8
Have maven installed and configured
JSON sanitizer dependency in pom.xml

Example with Source Code

Creating Project

Now we will see the below steps how to create a maven based spring project in Eclipse. Create a standalone maven project in Eclipse.

Go to File -> New -> Other. On popup window under Maven select Maven Project. Then click on Next. Select the workspace location – either default or browse the location. Click on Next. Now in next window select the row as highlighted from the below list of archtypes and click on Next button.

maven-arctype-quickstart

Now enter the required fields (Group Id, Artifact Id) as shown below

Group Id : com.jeejava
Artifact Id : json-sanitizer

Updating pom.xml

In the below pom.xml file we have added JSON sanitizer dependency.

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>com.jeejava</groupId>
	<artifactId>json-sanitizer</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>

	<name>json-sanitizer</name>
	<url>http://maven.apache.org</url>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<jdk.version>1.8</jdk.version>
		<json-sanitizer.version>1.0</json-sanitizer.version>
	</properties>

	<dependencies>
		<!-- JSON sanitizer -->
		<dependency>
			<groupId>com.mikesamuel</groupId>
			<artifactId>json-sanitizer</artifactId>
			<version>${json-sanitizer.version}</version>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>${jdk.version}</source>
					<target>${jdk.version}</target>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

Configuring JDK in Build Path

If you see JRE System Library[J2SE-1.4] then change the version by below process:

Do right-click on the project and go to Build -> Configure build path, under Libraries tab click on JRE System Library[J2SE-1.4], click on Edit button and select the appropriate jdk 1.7 from the next window. Click on Finish then Ok.

Creating Sanitizer Class

Create a JSON sanitizer class for sanitizing external JSON string.

package com.roytuts.json;

public class JsonSanitizer {

  public static String jsonSanitizeOne(String jsonString) {
    String wellFormedJson = com.google.json.JsonSanitizer.sanitize(jsonString);
    return wellFormedJson;
  }

  protected static String jsonSanitizeTwo(String jsonString) {
    String wellFormedJson = com.google.json.JsonSanitizer.sanitize(jsonString);
    String responseThree = jsonSanitizeThree(jsonString);
    System.out.println(responseThree);
    return wellFormedJson;
  }

  private static String jsonSanitizeThree(String jsonString) {
    return jsonString;
  }

}

Creating Test Class

Create a test class which will test whether it is sanitizing of the given JSON string or not. Here we will create a class with main method. You can also create Junit test class to test the above JSON sanitizer class.

package com.jeejava.json.sanitizer;

public class JsonSanitizerTest {

	public static void main(String[] args) {
		String jsonString = "{\"key1\":\"value1\",\"type\":\"Booking\",\"sid\":\"A43521\",\"region\":\"ASIA\","
				+ "\"fetchFromFile\":\"false\",\"service\":\"true\",\"isEom\":\"true\",*#@!}";

		String responseOne = JsonSanitizer.jsonSanitizeOne(jsonString);
		System.out.println(responseOne);

		String responseTwo = JsonSanitizer.jsonSanitizeTwo(jsonString);
		System.out.println(responseTwo);
	}
}

Testing the JSON sanitizer

Once you run the test class, you will see the output in the console.

{"key1":"value1","type":"Booking","sid":"A43521","region":"ASIA","fetchFromFile":"false","service":"true","isEom":"true"}
{"key1":"value1","type":"Booking","sid":"A43521","region":"ASIA","fetchFromFile":"false","service":"true","isEom":"true",*#@!}
{"key1":"value1","type":"Booking","sid":"A43521","region":"ASIA","fetchFromFile":"false","service":"true","isEom":"true"}

Source Code

You can download source code.

Thanks for reading.

Tags:

I am a professional Web developer, Enterprise Application developer, Software Engineer and Blogger. Connect me on Roy Tutorials | TwitterFacebook Google PlusLinkedin | Reddit

2 thoughts on “Sanitize JSON using Java

  1. Hi,
    How to sanitize an object .
    Suppose that i have a class Person class to be sent as a json response from my REST call then how can i sanitize this Java class.

Leave a Reply

Your email address will not be published. Required fields are marked *