revert JSON validation

[18202781743]

• Revert "fix: improve JSON string handling in variant conversion"
• Revert "fix: fix JSON validation to accept plain strings"
• Revert "fix: add JSON validation for text input fields"

Summary by Sourcery

Adjust JSON value validation and string conversion behavior while updating related CLI output and tests.

Bug Fixes:

• Treat plain text values as valid input in JSON validation while still rejecting malformed object/array-like strings.
• Ensure CLI output for non-numeric values is consistently quoted to avoid ambiguity.

Enhancements:

• Simplify QVariant-to-JSON string conversion helpers by relying directly on QJsonDocument without special-casing strings.

Build:

• Drop the removed helper test source from the tests CMake configuration.

Tests:

• Re-enable user data removal tests and align test paths with expected subpath semantics.
• Remove obsolete helper unit tests from the test suite configuration.

[sourcery-ai]

Reviewer's Guide

Reverts prior changes to JSON string handling and validation logic while keeping the updated JSON validation behavior, re-enables previously skipped user-data removal tests, adjusts a subpath used in tests, wraps non-numeric command output in quotes, and drops an obsolete helper unit test file from the test build.

Class diagram for helper functions and CommandManager usage

classDiagram
    class Helper {
        +static QString qvariantToString(QVariant v)
        +static QString qvariantToStringCompact(QVariant v)
        +static QVariant stringToQVariant(QString s)
        +static bool isValidTextJsonValue(QString s)
    }

    class CommandManager {
        +int getCommand()
    }

    CommandManager ..> Helper : uses

Loading

File-Level Changes

Change	Details	Files
Simplify QVariant↔JSON string conversion and adjust JSON validation to accept more plain text while still rejecting clearly malformed JSON structures.	Remove special-casing that converted string QVariants to explicitly quoted JSON strings in qvariantToString and qvariantToStringCompact, falling back to QJsonDocument::fromVariant or QVariant::toString Update stringToQVariant to first parse as a JSON document and, on failure, wrap the input in a JSON array to support single JSON values before returning the raw string as a fallback Update isValidTextJsonValue to accept valid JSON documents or wrapped single JSON values, reject obviously malformed JSON that starts with '{' or '[', and otherwise treat arbitrary text as valid	dconfig-center/common/helper.hpp
Adjust command output formatting for non-numeric results to ensure they are printed as quoted strings.	Wrap qvariantToString(result) in explicit double quotes when printing non-numeric command results in CommandManager::getCommand	dconfig-center/dde-dconfig/main.cpp
Re-enable and slightly adjust user data removal tests to run against the updated behavior.	Remove GTEST_SKIP calls to allow removeUserData unit tests to execute Change the subpath argument in removeUserDataWithSubpath from an absolute-style path to a relative-style subpath string	dconfig-center/tests/ut_dconfigserver.cpp
Prune an unused helper unit test from the test suite configuration.	Remove ut_helper.cpp from the tests CMake source list Delete the ut_helper.cpp test file	dconfig-center/tests/CMakeLists.txt dconfig-center/tests/ut_helper.cpp

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In isValidTextJsonValue, you mix raw s and trimmed (parsing uses s, structural checks use trimmed); consider consistently using the trimmed version for both parsing and the {/[ prefix check to avoid subtle whitespace-dependent behavior.
• Wrapping qvariantToString(result) in extra quotes in CommandManager::getCommand may double-encode JSON values (objects/arrays/numbers) while also changing how plain strings are represented; it may be safer to only add quotes when the underlying QVariant is a plain string and otherwise preserve the original JSON/text representation.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `isValidTextJsonValue`, you mix raw `s` and `trimmed` (parsing uses `s`, structural checks use `trimmed`); consider consistently using the trimmed version for both parsing and the `{`/`[` prefix check to avoid subtle whitespace-dependent behavior.
- Wrapping `qvariantToString(result)` in extra quotes in `CommandManager::getCommand` may double-encode JSON values (objects/arrays/numbers) while also changing how plain strings are represented; it may be safer to only add quotes when the underlying QVariant is a plain string and otherwise preserve the original JSON/text representation.

## Individual Comments

### Comment 1
<location> `dconfig-center/dde-dconfig/main.cpp:229` </location>
<code_context>
                     outpuSTD(QString::number(result.toDouble()));
                 } else {
-                    outpuSTD(qvariantToString(result));
+                    outpuSTD(QString("\"%1\"").arg(qvariantToString(result)));
                 }
             } else if (method == "name") {
</code_context>

<issue_to_address>
**issue (bug_risk):** Wrapping `qvariantToString` in quotes without escaping introduces malformed output for strings containing quotes or newlines.

With the new behavior:

- `qvariantToString(result)` now returns the raw string (no JSON-style escaping).
- This call wraps that raw value in `"%1"` without escaping.

So for a value like `foo"bar`, the output becomes:

```text
"foo"bar"
```

which is not a valid single quoted string and will break consumers expecting JSON-like or shell-safe output. This is a regression from the previous implementation, where `QJsonValue::fromVariant` handled quoting/escaping.

If the intent is JSON-like output, the escaping/quoting should live in one place only, e.g.:
- Make `qvariantToString` return a proper JSON string literal for string variants, and call it directly here, or
- Add a helper dedicated to producing correctly escaped/quoted CLI output instead of wrapping the raw string locally.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Wrapping qvariantToString in quotes without escaping introduces malformed output for strings containing quotes or newlines.

With the new behavior:

• qvariantToString(result) now returns the raw string (no JSON-style escaping).
• This call wraps that raw value in "%1" without escaping.

So for a value like foo"bar, the output becomes:

"foo"bar"

which is not a valid single quoted string and will break consumers expecting JSON-like or shell-safe output. This is a regression from the previous implementation, where QJsonValue::fromVariant handled quoting/escaping.

If the intent is JSON-like output, the escaping/quoting should live in one place only, e.g.:

• Make qvariantToString return a proper JSON string literal for string variants, and call it directly here, or
• Add a helper dedicated to producing correctly escaped/quoted CLI output instead of wrapping the raw string locally.

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 18202781743, mhduiy

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-ci-robot]

deepin pr auto review

代码审查报告

总体概述

这段代码主要修改了配置中心(dconfig-center)中关于JSON值处理和验证的逻辑，简化了部分函数实现，移除了对JSON值的严格验证，并调整了相关测试用例。

详细审查意见

1. 语法和逻辑问题

1.1 stringToQVariant 函数简化过度

位置: dconfig-center/common/helper.hpp

static QVariant stringToQVariant(const QString &s)
{
    QJsonParseError error;
    const auto &doc = QJsonDocument::fromJson(s.toUtf8(), &error);
    if (error.error == QJsonParseError::NoError)
        return doc.toVariant();
    return s;
}

问题:

• 移除了对单个JSON值(如字符串、数字、布尔值)的解析逻辑
• 现在只有完整的JSON对象或数组能被正确解析，单个值会被当作纯文本字符串处理

建议:

static QVariant stringToQVariant(const QString &s)
{
    QJsonParseError error;
    const auto &doc = QJsonDocument::fromJson(s.toUtf8(), &error);
    if (error.error == QJsonParseError::NoError)
        return doc.toVariant();
    
    // 尝试解析单个JSON值
    QString wrapped = QString("[%1]").arg(s);
    const auto &arrayDoc = QJsonDocument::fromJson(wrapped.toUtf8(), &error);
    if (error.error == QJsonParseError::NoError) {
        QJsonArray array = arrayDoc.array();
        if (!array.isEmpty()) {
            return array.first().toVariant();
        }
    }
    
    return s;
}

1.2 qvariantToString 和 qvariantToStringCompact 函数逻辑变更

位置: dconfig-center/common/helper.hpp

问题:

• 移除了对字符串值的特殊处理(添加引号)
• 这可能导致字符串值在序列化后丢失引号，影响后续解析

建议:

static QString qvariantToString(const QVariant &v)
{
    const QJsonValue jsonVal = QJsonValue::fromVariant(v);
    if (jsonVal.isString()) {
        return QString("\"%1\"").arg(jsonVal.toString());
    }
    const auto &doc = QJsonDocument::fromVariant(v);
    return doc.isNull() ? v.toString() : doc.toJson();
}

2. 代码质量问题

2.1 移除了JSON值验证逻辑

位置:

• dconfig-center/dde-dconfig-editor/mainwindow.cpp
• dconfig-center/dde-dconfig-editor/oemdialog.cpp
• dconfig-center/dde-dconfig/main.cpp

问题:

• 移除了isValidTextJsonValue函数及其调用
• 这可能导致用户输入无效JSON值而不被检测到

建议:

• 保留至少基本的JSON格式验证
• 可以简化验证逻辑，但不应完全移除

2.2 测试用例删除

位置: dconfig-center/tests/ut_helper.cpp

问题:

• 完全删除了helper函数的单元测试
• 这降低了代码的可维护性和可靠性

建议:

• 保留关键测试用例，特别是关于JSON转换的测试
• 可以简化测试用例，但不应完全删除

3. 代码性能问题

3.1 字符串处理优化

位置: dconfig-center/common/helper.hpp

建议:

• 在stringToQVariant中，可以预先检查字符串是否以{或[开头，避免不必要的解析尝试
• 对于简单的字符串值，可以直接返回而不进行JSON解析

4. 代码安全问题

4.1 输入验证不足

位置: 多处

问题:

• 移除了JSON值验证可能导致无效数据被存储
• 可能导致后续解析错误或安全漏洞

建议:

• 保留基本的输入验证
• 对用户输入进行适当的转义和清理

4.2 测试用例跳过

位置: dconfig-center/tests/ut_dconfigserver.cpp

问题:

• 移除了测试用例的跳过标记，但没有确保这些测试能够通过

建议:

• 确保所有测试用例都能通过后再移除跳过标记
• 或者保留跳过标记并添加注释说明原因

其他建议

1. 文档更新:

   • 更新相关函数的注释，说明其行为变化
   • 添加关于JSON值处理的说明文档

2. 向后兼容性:

   • 考虑这些变更是否会影响现有配置文件
   • 可能需要添加迁移逻辑

3. 错误处理:

   • 增强错误处理逻辑，提供更详细的错误信息
   • 考虑添加日志记录，便于调试

总结

这段代码主要简化了JSON值处理逻辑，但过度简化可能导致功能退化。建议:

1. 恢复对单个JSON值的解析支持
2. 保留基本的输入验证
3. 恢复关键测试用例
4. 更新相关文档

这些修改将提高代码的健壮性和可维护性，同时保持合理的性能。