From e569a3ade3a627205b4dcff466dc3c6af1517e8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=B6ller?= <am@localheinz.com>
Date: Sat, 31 Dec 2022 13:40:06 +0100
Subject: [PATCH] Fix: Reject JSON when it is not an object

---
 CHANGELOG.md                                  |  2 +
 psalm-baseline.xml                            |  3 +-
 .../Composer/ComposerJsonNormalizer.php       |  4 -
 .../Json/IsArray/original.json                |  0
 .../Json/IsScalar/Boolean/False/original.json |  0
 .../Json/IsScalar/Boolean/True/original.json  |  0
 .../Json/IsScalar/Null/original.json          |  0
 .../Json/IsScalar/Number/Float/original.json  |  0
 .../Json/IsScalar/Number/Int/original.json    |  0
 .../Json/IsScalar/String/original.json        |  0
 .../Composer/ComposerJsonNormalizerTest.php   | 78 ++++++++++++++++++-
 11 files changed, 79 insertions(+), 8 deletions(-)
 rename test/Fixture/Vendor/Composer/ComposerJsonNormalizer/{NormalizeNormalizes => NormalizeRejectsJson}/Json/IsArray/original.json (100%)
 rename test/Fixture/Vendor/Composer/ComposerJsonNormalizer/{NormalizeNormalizes => NormalizeRejectsJson}/Json/IsScalar/Boolean/False/original.json (100%)
 rename test/Fixture/Vendor/Composer/ComposerJsonNormalizer/{NormalizeNormalizes => NormalizeRejectsJson}/Json/IsScalar/Boolean/True/original.json (100%)
 rename test/Fixture/Vendor/Composer/ComposerJsonNormalizer/{NormalizeNormalizes => NormalizeRejectsJson}/Json/IsScalar/Null/original.json (100%)
 rename test/Fixture/Vendor/Composer/ComposerJsonNormalizer/{NormalizeNormalizes => NormalizeRejectsJson}/Json/IsScalar/Number/Float/original.json (100%)
 rename test/Fixture/Vendor/Composer/ComposerJsonNormalizer/{NormalizeNormalizes => NormalizeRejectsJson}/Json/IsScalar/Number/Int/original.json (100%)
 rename test/Fixture/Vendor/Composer/ComposerJsonNormalizer/{NormalizeNormalizes => NormalizeRejectsJson}/Json/IsScalar/String/original.json (100%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f314454e..66af0247 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ For a full diff see [`3.0.0...main`][3.0.0...main].
 - Adjusted `Vendor\Composer\BinNormalizer`, `Vendor\Composer\PackageHashNormalizer`, `Vendor\Composer\VersionConstraintNormalizer`, and `SchemaNormalizer` to encode JSON with `JSON_PRETTY_PRINT` flag ([#795]), by [@localheinz]
 - Adjusted `Vendor\Composer\BinNormalizer`, `Vendor\Composer\PackageHashNormalizer`, `Vendor\Composer\VersionConstraintNormalizer`, and `SchemaNormalizer` to encode JSON with `JSON_UNESCAPED_SLASHES` flag ([#801]), by [@localheinz]
 - Adjusted `Vendor\Composer\BinNormalizer`, `Vendor\Composer\PackageHashNormalizer`, `Vendor\Composer\VersionConstraintNormalizer`, and `SchemaNormalizer` to encode JSON with `JSON_UNESCAPED_UNICODE` flag ([#802]), by [@localheinz]
+- Adjusted `Vendor\Composer\ComposerJsonNormalizer` to reject JSON when it is not an object ([#804]), by [@localheinz]
 
 ### Fixed
 
@@ -552,6 +553,7 @@ For a full diff see [`5d8b3e2...0.1.0`][5d8b3e2...0.1.0].
 [#795]: https://github.com/ergebnis/json-normalizer/pull/795
 [#801]: https://github.com/ergebnis/json-normalizer/pull/801
 [#802]: https://github.com/ergebnis/json-normalizer/pull/802
+[#804]: https://github.com/ergebnis/json-normalizer/pull/804
 
 [@BackEndTea]: https://github.com/BackEndTea
 [@dependabot]: https://github.com/dependabot
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
index d5c1ec2f..cac9f529 100644
--- a/psalm-baseline.xml
+++ b/psalm-baseline.xml
@@ -82,7 +82,8 @@
     </MixedAssignment>
   </file>
   <file src="test/Unit/Vendor/Composer/ComposerJsonNormalizerTest.php">
-    <MixedAssignment occurrences="1">
+    <MixedAssignment occurrences="2">
+      <code>$fileInfo</code>
       <code>$fileInfo</code>
     </MixedAssignment>
   </file>
diff --git a/src/Vendor/Composer/ComposerJsonNormalizer.php b/src/Vendor/Composer/ComposerJsonNormalizer.php
index b3327916..53b76a5f 100644
--- a/src/Vendor/Composer/ComposerJsonNormalizer.php
+++ b/src/Vendor/Composer/ComposerJsonNormalizer.php
@@ -80,10 +80,6 @@ public function __construct(string $schemaUri)
 
     public function normalize(Json $json): Json
     {
-        if (!\is_object($json->decoded())) {
-            return $json;
-        }
-
         return $this->normalizer->normalize($json);
     }
 }
diff --git a/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsArray/original.json b/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsArray/original.json
similarity index 100%
rename from test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsArray/original.json
rename to test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsArray/original.json
diff --git a/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Boolean/False/original.json b/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Boolean/False/original.json
similarity index 100%
rename from test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Boolean/False/original.json
rename to test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Boolean/False/original.json
diff --git a/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Boolean/True/original.json b/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Boolean/True/original.json
similarity index 100%
rename from test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Boolean/True/original.json
rename to test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Boolean/True/original.json
diff --git a/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Null/original.json b/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Null/original.json
similarity index 100%
rename from test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Null/original.json
rename to test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Null/original.json
diff --git a/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Number/Float/original.json b/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Number/Float/original.json
similarity index 100%
rename from test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Number/Float/original.json
rename to test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Number/Float/original.json
diff --git a/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Number/Int/original.json b/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Number/Int/original.json
similarity index 100%
rename from test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/Number/Int/original.json
rename to test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/Number/Int/original.json
diff --git a/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/String/original.json b/test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/String/original.json
similarity index 100%
rename from test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeNormalizes/Json/IsScalar/String/original.json
rename to test/Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson/Json/IsScalar/String/original.json
diff --git a/test/Unit/Vendor/Composer/ComposerJsonNormalizerTest.php b/test/Unit/Vendor/Composer/ComposerJsonNormalizerTest.php
index 7ed173e2..24f33600 100644
--- a/test/Unit/Vendor/Composer/ComposerJsonNormalizerTest.php
+++ b/test/Unit/Vendor/Composer/ComposerJsonNormalizerTest.php
@@ -14,6 +14,7 @@
 namespace Ergebnis\Json\Normalizer\Test\Unit\Vendor\Composer;
 
 use Ergebnis\Json\Json;
+use Ergebnis\Json\Normalizer\Exception;
 use Ergebnis\Json\Normalizer\Test;
 use Ergebnis\Json\Normalizer\Vendor;
 use PHPUnit\Framework;
@@ -25,6 +26,7 @@
  * @covers \Ergebnis\Json\Normalizer\Vendor\Composer\ComposerJsonNormalizer
  *
  * @uses \Ergebnis\Json\Normalizer\ChainNormalizer
+ * @uses \Ergebnis\Json\Normalizer\Exception\OriginalInvalidAccordingToSchema
  * @uses \Ergebnis\Json\Normalizer\Format\JsonEncodeOptions
  * @uses \Ergebnis\Json\Normalizer\SchemaNormalizer
  * @uses \Ergebnis\Json\Normalizer\Vendor\Composer\PackageHashNormalizer
@@ -35,9 +37,79 @@ final class ComposerJsonNormalizerTest extends Framework\TestCase
     use Test\Util\Helper;
 
     /**
-     * @dataProvider provideScenario
+     * @dataProvider provideScenarioWhereJsonIsInvalidAccordingToSchema
      */
-    public function testNormalizeNormalizes(Test\Fixture\Vendor\Composer\Scenario $scenario): void
+    public function testNormalizeRejectsJsonWhenItIsInvalidAccordingToSchema(Test\Fixture\Vendor\Composer\Scenario $scenario): void
+    {
+        $json = $scenario->original();
+
+        $normalizer = new Vendor\Composer\ComposerJsonNormalizer(\sprintf(
+            'file://%s',
+            \realpath(__DIR__ . '/../../../Fixture/Vendor/Composer/schema.json'),
+        ));
+
+        $this->expectException(Exception\OriginalInvalidAccordingToSchema::class);
+
+        $normalizer->normalize($json);
+    }
+
+    /**
+     * @return \Generator<string, array{0: Test\Fixture\Vendor\Composer\Scenario}>
+     */
+    public static function provideScenarioWhereJsonIsInvalidAccordingToSchema(): \Generator
+    {
+        $basePath = __DIR__ . '/../../../';
+
+        $iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator(__DIR__ . '/../../../Fixture/Vendor/Composer/ComposerJsonNormalizer/NormalizeRejectsJson'));
+
+        foreach ($iterator as $fileInfo) {
+            /** @var \SplFileInfo $fileInfo */
+            if (!$fileInfo->isFile()) {
+                continue;
+            }
+
+            if ('original.json' !== $fileInfo->getBasename()) {
+                continue;
+            }
+
+            $originalFile = $fileInfo->getRealPath();
+
+            $normalizedFile = \preg_replace(
+                '/original\.json$/',
+                'normalized.json',
+                $originalFile,
+            );
+
+            if (!\is_string($normalizedFile)) {
+                throw new \RuntimeException(\sprintf(
+                    'Unable to deduce normalized JSON file name from original JSON file name "%s".',
+                    $originalFile,
+                ));
+            }
+
+            if (!\file_exists($normalizedFile)) {
+                $normalizedFile = $originalFile;
+            }
+
+            $key = \substr(
+                $fileInfo->getPath(),
+                \strlen($basePath),
+            );
+
+            yield $key => [
+                Test\Fixture\Vendor\Composer\Scenario::create(
+                    $key,
+                    Json::fromFile($originalFile),
+                    Json::fromFile($normalizedFile),
+                ),
+            ];
+        }
+    }
+
+    /**
+     * @dataProvider provideScenarioWhereJsonIsValidAccordingToSchema
+     */
+    public function testNormalizeNormalizesJsonWhenItIsValidAccordingToSchema(Test\Fixture\Vendor\Composer\Scenario $scenario): void
     {
         $json = $scenario->original();
 
@@ -54,7 +126,7 @@ public function testNormalizeNormalizes(Test\Fixture\Vendor\Composer\Scenario $s
     /**
      * @return \Generator<string, array{0: Test\Fixture\Vendor\Composer\Scenario}>
      */
-    public static function provideScenario(): \Generator
+    public static function provideScenarioWhereJsonIsValidAccordingToSchema(): \Generator
     {
         $basePath = __DIR__ . '/../../../';