Perform input validation in JsonPoiner

Author: stefankoegl

jsonpointer.py

@@ -167,8 +167,16 @@ class JsonPointer(object):
     # Array indices must not contain:
     # leading zeros, signs, spaces, decimals, etc
     _RE_ARRAY_INDEX = re.compile('0|[1-9][0-9]*$')
+    _RE_INVALID_ESCAPE = re.compile('(~[^01]|~$)')
 
     def __init__(self, pointer):
+
+        # validate escapes
+        invalid_escape = self._RE_INVALID_ESCAPE.search(pointer)
+        if invalid_escape:
+            raise JsonPointerException('Found invalid escape {0}'.format(
+                invalid_escape.group()))
+
         parts = pointer.split('/')
         if parts.pop(0) != '':
             raise JsonPointerException('location must starts with /')

tests.py

@@ -126,6 +126,12 @@ def test_oob(self):
         doc = [0, 1, 2]
         self.assertRaises(JsonPointerException, resolve_pointer, doc, '/10')
 
+    def test_training_escape(self):
+        self.assertRaises(JsonPointerException, JsonPointer, '/foo/bar~')
+
+    def test_invalid_escape(self):
+        self.assertRaises(JsonPointerException, JsonPointer, '/foo/bar~2')
+
 
 class ToLastTests(unittest.TestCase):