From 742013673e832e9544069d2c7401754c36a3817a Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Tue, 10 Oct 2023 11:10:08 +0200
Subject: [PATCH] PropertyModifierJsonDecode: explicitly fail for...

...non-string inputs

fixes #2810
---
 doc/82-Changelog.md                           |  1 +
 .../PropertyModifierJsonDecode.php            | 25 +++++++++++--------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/doc/82-Changelog.md b/doc/82-Changelog.md
index bf8c7658..415d90e1 100644
--- a/doc/82-Changelog.md
+++ b/doc/82-Changelog.md
@@ -38,6 +38,7 @@ This version hasn't been released yet
 * FIX: synchronizing Service (and -Set) Templates has been fixed (#2745, #2217)
 * FIX: null properties with Sync policy "ignore" are now being ignored (#2657)
 * FIX: Import Source shows available columns for Core API Import (#2763)
+* FIX: JSON-decode now explicitly fails for non-string inputs (#2810)
 
 # Configuration Baskets
 * FEATURE: it's now possible to upload snapshots for existing baskets (#1952)
diff --git a/library/Director/PropertyModifier/PropertyModifierJsonDecode.php b/library/Director/PropertyModifier/PropertyModifierJsonDecode.php
index f6b9af87..4ab119a9 100644
--- a/library/Director/PropertyModifier/PropertyModifierJsonDecode.php
+++ b/library/Director/PropertyModifier/PropertyModifierJsonDecode.php
@@ -2,8 +2,9 @@
 
 namespace Icinga\Module\Director\PropertyModifier;
 
+use Exception;
+use gipfl\Json\JsonString;
 use Icinga\Exception\InvalidPropertyException;
-use Icinga\Module\Director\Exception\JsonException;
 use Icinga\Module\Director\Hook\PropertyModifierHook;
 use Icinga\Module\Director\Web\Form\QuickForm;
 
@@ -38,16 +39,22 @@ class PropertyModifierJsonDecode extends PropertyModifierHook
     /**
      * @param $value
      * @return mixed|null
-     * @throws InvalidPropertyException
+     * @throws InvalidPropertyException|\gipfl\Json\JsonDecodeException
      */
     public function transform($value)
     {
         if (null === $value) {
-            return $value;
+            return null;
         }
-
-        $decoded = @json_decode($value);
-        if ($decoded === null && JSON_ERROR_NONE !== json_last_error()) {
+        try {
+            if (is_string($value)) {
+                $decoded = JsonString::decode($value);
+            } else {
+                throw new InvalidPropertyException(
+                    'JSON decode expects a string, got ' . gettype($value)
+                );
+            }
+        } catch (Exception $e) {
             switch ($this->getSetting('on_failure')) {
                 case 'null':
                     return null;
@@ -55,11 +62,7 @@ class PropertyModifierJsonDecode extends PropertyModifierHook
                     return $value;
                 case 'fail':
                 default:
-                    throw new InvalidPropertyException(
-                        'JSON decoding failed with "%s" for %s',
-                        JsonException::getJsonErrorMessage(json_last_error()),
-                        substr($value, 0, 128)
-                    );
+                    throw $e;
             }
         }