Syntax - Creating functions

[SubhenduShekhar]

User should be able to evaluate functions which can be executed based on language used.
Below is the format:

`public static String getGender(int genderCode) {
    if(genderCode == 0)
        return 'F';
    else
        return 'M';
}`

User should be able to use the defined function as below:

{
    "file1": {
        "hello": "world",
        "name": "Shan"
    },
    "gender": "using java:getGender(0)",
    "age": 21
}

[Ozzard]

Are you absolutely sure you want to do this? Security is a huge issue as soon as you allow arbitrary user code - if an attacker can inject any content that gets parsed through cjson into the system, then they can run any public function in your executable.

If you do add it to the system, how do I turn it off completely when I use this very helpful project? :-)

[SubhenduShekhar]

Hi @Ozzard,

1. That's a good question. Function injection is only allowed in CJSON's lexical scope. i.e., functions which are defined within CJSON file is only allowed for execution. No external function execution is allowed.
2. If someone injects a function using inject(), deserializer will throw SyntaxNotAllowedException.
3. Once this feature is released, you can host a rules.json file through which you can control the keywords and restrictions.

Regards,
CJSON Team