[JsonPath] Handle special whitespaces in filters

alexandre-daubois · alexandre-daubois · commit ab0853aa2019 · 2025-06-11T08:37:05.000+02:00
diff --git a/src/Symfony/Component/JsonPath/JsonCrawler.php b/src/Symfony/Component/JsonPath/JsonCrawler.php
@@ -128,6 +128,7 @@ private function evaluateBracket(string $expr, mixed $value): array
             return [];
         }
 
+        $expr = JsonPathUtils::normalizeWhitespace($expr);
         if ('*' === $expr) {
             return array_values($value);
         }
@@ -150,8 +151,8 @@ private function evaluateBracket(string $expr, mixed $value): array
             }
 
             $result = [];
-            foreach (explode(',', $expr) as $index) {
-                $index = (int) trim($index);
+            foreach (explode(',', $expr) as $indexStr) {
+                $index = (int) trim($indexStr);
                 if ($index < 0) {
                     $index = \count($value) + $index;
                 }
@@ -163,8 +164,7 @@ private function evaluateBracket(string $expr, mixed $value): array
             return $result;
         }
 
-        // start, end and step
-        if (preg_match('/^(-?\d*):(-?\d*)(?::(-?\d+))?$/', $expr, $matches)) {
+        if (preg_match('/^(-?\d*+)\s*+:\s*+(-?\d*+)(?:\s*+:\s*+(-?\d++))?$/', $expr, $matches)) {
             if (!array_is_list($value)) {
                 return [];
             }
@@ -212,7 +212,7 @@ private function evaluateBracket(string $expr, mixed $value): array
 
         // filter expressions
         if (preg_match('/^\?(.*)$/', $expr, $matches)) {
-            $filterExpr = $matches[1];
+            $filterExpr = trim($matches[1]);
 
             if (preg_match('/^(\w+)\s*\([^()]*\)\s*([<>=!]+.*)?$/', $filterExpr)) {
                 $filterExpr = "($filterExpr)";
@@ -260,12 +260,12 @@ private function evaluateFilter(string $expr, mixed $value): array
 
     private function evaluateFilterExpression(string $expr, array $context): bool
     {
-        $expr = trim($expr);
+        $expr = JsonPathUtils::normalizeWhitespace($expr);
 
         if (str_contains($expr, '&&')) {
             $parts = array_map('trim', explode('&&', $expr));
             foreach ($parts as $part) {
-                if (!$this->evaluateFilterExpression($part, $context)) {
+                if (!$this->evaluateFilterExpression(trim($part), $context)) {
                     return false;
                 }
             }
@@ -277,7 +277,7 @@ private function evaluateFilterExpression(string $expr, array $context): bool
             $parts = array_map('trim', explode('||', $expr));
             $result = false;
             foreach ($parts as $part) {
-                $result = $result || $this->evaluateFilterExpression($part, $context);
+                $result = $result || $this->evaluateFilterExpression(trim($part), $context);
             }
 
             return $result;
@@ -301,8 +301,8 @@ private function evaluateFilterExpression(string $expr, array $context): bool
         }
 
         // function calls
-        if (preg_match('/^(\w+)\((.*)\)$/', $expr, $matches)) {
-            $functionName = $matches[1];
+        if (preg_match('/^(\w++)\s*+\((.*)\)$/', $expr, $matches)) {
+            $functionName = trim($matches[1]);
             if (!isset(self::RFC9535_FUNCTIONS[$functionName])) {
                 throw new JsonCrawlerException($expr, \sprintf('invalid function "%s"', $functionName));
             }
@@ -317,6 +317,8 @@ private function evaluateFilterExpression(string $expr, array $context): bool
 
     private function evaluateScalar(string $expr, array $context): mixed
     {
+        $expr = JsonPathUtils::normalizeWhitespace($expr);
+
         if (is_numeric($expr)) {
             return str_contains($expr, '.') ? (float) $expr : (int) $expr;
         }
@@ -346,8 +348,8 @@ private function evaluateScalar(string $expr, array $context): mixed
         }
 
         // function calls
-        if (preg_match('/^(\w+)\((.*)\)$/', $expr, $matches)) {
-            $functionName = $matches[1];
+        if (preg_match('/^(\w++)\s*+\((.*)\)$/', $expr, $matches)) {
+            $functionName = trim($matches[1]);
             if (!isset(self::RFC9535_FUNCTIONS[$functionName])) {
                 throw new JsonCrawlerException($expr, \sprintf('invalid function "%s"', $functionName));
             }
@@ -360,12 +362,15 @@ private function evaluateScalar(string $expr, array $context): mixed
 
     private function evaluateFunction(string $name, string $args, array $context): mixed
     {
-        $args = array_map(
-            fn ($arg) => $this->evaluateScalar(trim($arg), $context),
-            explode(',', $args)
-        );
+        $argList = [];
+        if (trim($args)) {
+            $argList = array_map(
+                fn ($arg) => $this->evaluateScalar(trim($arg), $context),
+                preg_split('/\s*,\s*/', trim($args))
+            );
+        }
 
-        $value = $args[0] ?? null;
+        $value = $argList[0] ?? null;
 
         return match ($name) {
             'length' => match (true) {
@@ -375,11 +380,11 @@ private function evaluateFunction(string $name, string $args, array $context): m
             },
             'count' => \is_array($value) ? \count($value) : 0,
             'match' => match (true) {
-                \is_string($value) && \is_string($args[1] ?? null) => (bool) @preg_match(\sprintf('/^%s$/', $args[1]), $value),
+                \is_string($value) && \is_string($argList[1] ?? null) => (bool) @preg_match(\sprintf('/^%s$/', $argList[1]), $value),
                 default => false,
             },
             'search' => match (true) {
-                \is_string($value) && \is_string($args[1] ?? null) => (bool) @preg_match("/$args[1]/", $value),
+                \is_string($value) && \is_string($argList[1] ?? null) => (bool) @preg_match("/{$argList[1]}/", $value),
                 default => false,
             },
             'value' => $value,
diff --git a/src/Symfony/Component/JsonPath/JsonPathUtils.php b/src/Symfony/Component/JsonPath/JsonPathUtils.php
@@ -159,4 +159,18 @@ private static function unescapeUnicodeSequence(string $str, int $length, int &$
 
         return mb_chr($codepoint, 'UTF-8');
     }
+
+    /**
+     * @see https://datatracker.ietf.org/doc/rfc9535/, section 2.1.1
+     */
+    public static function normalizeWhitespace(string $input): string
+    {
+        $normalized = strtr($input, [
+            "\t" => ' ',
+            "\n" => ' ',
+            "\r" => ' ',
+        ]);
+
+        return trim($normalized);
+    }
 }
diff --git a/src/Symfony/Component/JsonPath/Tests/JsonCrawlerTest.php b/src/Symfony/Component/JsonPath/Tests/JsonCrawlerTest.php
@@ -419,6 +419,37 @@ public function testLengthFunctionWithOuterParentheses()
         $this->assertSame('J. R. R. Tolkien', $result[1]['author']);
     }
 
+    public function testFilterWithSpecialWhitespaces()
+    {
+        $result = self::getBookstoreCrawler()->find("$.store.book[?(length\n(@.author\t)>\r\n12)]");
+
+        $this->assertCount(2, $result);
+        $this->assertSame('Herman Melville', $result[0]['author']);
+        $this->assertSame('J. R. R. Tolkien', $result[1]['author']);
+    }
+
+    public function testMatchFunctionWithMultipleSpacesTrimmed()
+    {
+        $result = self::getBookstoreCrawler()->find("$.store.book[?(match(@.title, 'Sword   of  Honour'))]");
+
+        $this->assertSame([], $result);
+    }
+
+    public function testFilterMultiline()
+    {
+        $result = self::getBookstoreCrawler()->find(
+            '$
+                    .store
+                    .book[?
+                      length(@.author)>12
+                    ]'
+        );
+
+        $this->assertCount(2, $result);
+        $this->assertSame('Herman Melville', $result[0]['author']);
+        $this->assertSame('J. R. R. Tolkien', $result[1]['author']);
+    }
+
     public function testCountFunction()
     {
         $result = self::getBookstoreCrawler()->find('$.store.book[?count(@.extra) != 0]');
diff --git a/src/Symfony/Component/JsonPath/Tests/Tokenizer/JsonPathTokenizerTest.php b/src/Symfony/Component/JsonPath/Tests/Tokenizer/JsonPathTokenizerTest.php
@@ -355,9 +355,7 @@ public static function provideInvalidUtf8PropertyName(): array
             'special char first' => ['#test'],
             'start with digit' => ['123test'],
             'asterisk' => ['test*test'],
-            'space not allowed' => [' test'],
             'at sign not allowed' => ['@test'],
-            'start control char' => ["\0test"],
             'ending control char' => ["test\xFF\xFA"],
             'dash sign' => ['-test'],
         ];
diff --git a/src/Symfony/Component/JsonPath/Tokenizer/JsonPathTokenizer.php b/src/Symfony/Component/JsonPath/Tokenizer/JsonPathTokenizer.php
@@ -21,6 +21,8 @@
  */
 final class JsonPathTokenizer
 {
+    private const RFC9535_WHITESPACE_CHARS = [' ', "\t", "\n", "\r"];
+
     /**
      * @return JsonPathToken[]
      */
@@ -42,14 +44,26 @@ public static function tokenize(JsonPath $query): array
             throw new InvalidJsonPathException('empty JSONPath expression.');
         }
 
-        if ('$' !== $chars[0]) {
+        $i = self::skipWhitespace($chars, 0, $length);
+        if ($i >= $length || '$' !== $chars[$i]) {
             throw new InvalidJsonPathException('expression must start with $.');
         }
 
         for ($i = 0; $i < $length; ++$i) {
             $char = $chars[$i];
             $position = $i;
 
+            if (!$inQuote && !$inBracket && self::isWhitespace($char)) {
+                if ('' !== $current) {
+                    $tokens[] = new JsonPathToken(TokenType::Name, $current);
+                    $current = '';
+                }
+
+                $i = self::skipWhitespace($chars, $i, $length) - 1; // -1 because loop will increment
+
+                continue;
+            }
+
             if (('"' === $char || "'" === $char) && !$inQuote) {
                 $inQuote = true;
                 $quoteChar = $char;
@@ -59,7 +73,7 @@ public static function tokenize(JsonPath $query): array
 
             if ($inQuote) {
                 $current .= $char;
-                if ($char === $quoteChar && '\\' !== $chars[$i - 1]) {
+                if ($char === $quoteChar && (0 === $i || '\\' !== $chars[$i - 1])) {
                     $inQuote = false;
                 }
                 if ($i === $length - 1 && $inQuote) {
@@ -80,6 +94,8 @@ public static function tokenize(JsonPath $query): array
 
                 $inBracket = true;
                 ++$bracketDepth;
+                $i = self::skipWhitespace($chars, $i + 1, $length) - 1; // -1 because loop will increment
+
                 continue;
             }
 
@@ -94,11 +110,11 @@ public static function tokenize(JsonPath $query): array
                 }
 
                 if (0 === $bracketDepth) {
-                    if ('' === $current) {
+                    if ('' === trim($current)) {
                         throw new InvalidJsonPathException('empty brackets are not allowed.', $position);
                     }
 
-                    $tokens[] = new JsonPathToken(TokenType::Bracket, $current);
+                    $tokens[] = new JsonPathToken(TokenType::Bracket, trim($current));
                     $current = '';
                     $inBracket = false;
                     $inFilter = false;
@@ -108,11 +124,15 @@ public static function tokenize(JsonPath $query): array
             }
 
             if ('?' === $char && $inBracket && !$inFilter) {
-                if ('' !== $current) {
+                if ('' !== trim($current)) {
                     throw new InvalidJsonPathException('unexpected characters before filter expression.', $position);
                 }
+
+                $current = '?';
                 $inFilter = true;
                 $filterParenthesisDepth = 0;
+
+                continue;
             }
 
             if ($inFilter) {
@@ -123,6 +143,15 @@ public static function tokenize(JsonPath $query): array
                         throw new InvalidJsonPathException('unmatched closing parenthesis in filter.', $position);
                     }
                 }
+                $current .= $char;
+
+                continue;
+            }
+
+            if ($inBracket && self::isWhitespace($char)) {
+                $current .= $char;
+
+                continue;
             }
 
             // recursive descent
@@ -158,6 +187,7 @@ public static function tokenize(JsonPath $query): array
             throw new InvalidJsonPathException('unclosed string literal.', $length - 1);
         }
 
+        $current = trim($current);
         if ('' !== $current) {
             // final validation of the whole name
             if (!preg_match('/^(?:\*|[a-zA-Z_\x{0080}-\x{D7FF}\x{E000}-\x{10FFFF}][a-zA-Z0-9_\x{0080}-\x{D7FF}\x{E000}-\x{10FFFF}]*)$/u', $current)) {
@@ -169,4 +199,18 @@ public static function tokenize(JsonPath $query): array
 
         return $tokens;
     }
+
+    private static function isWhitespace(string $char): bool
+    {
+        return \in_array($char, self::RFC9535_WHITESPACE_CHARS, true);
+    }
+
+    private static function skipWhitespace(array $chars, int $index, int $length): int
+    {
+        while ($index < $length && self::isWhitespace($chars[$index])) {
+            ++$index;
+        }
+
+        return $index;
+    }
 }
