From fac39d6bdefd10052f6b575446286e1f0da7c610 Mon Sep 17 00:00:00 2001
From: RadiumByte <anton.fedyashov@gmail.com>
Date: Tue, 19 Jan 2021 14:58:07 +0300
Subject: [PATCH] decodeJSON is now checking buffer data after JSON payload

---
 binding/json.go      | 5 +++++
 binding/json_test.go | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/binding/json.go b/binding/json.go
index d62e0705..b2b92b14 100644
--- a/binding/json.go
+++ b/binding/json.go
@@ -52,5 +52,10 @@ func decodeJSON(r io.Reader, obj interface{}) error {
 	if err := decoder.Decode(obj); err != nil {
 		return err
 	}
+
+	if decoder.More() {
+		return fmt.Errorf("invalid character after the JSON data")
+	}
+
 	return validate(obj)
 }
diff --git a/binding/json_test.go b/binding/json_test.go
index fbd5c527..acb504ef 100644
--- a/binding/json_test.go
+++ b/binding/json_test.go
@@ -28,3 +28,9 @@ func TestJSONBindingBindBodyMap(t *testing.T) {
 	assert.Equal(t, "FOO", s["foo"])
 	assert.Equal(t, "world", s["hello"])
 }
+
+func TestJSONForeignSymbols(t *testing.T) {
+	s := make(map[string]string)
+	err := jsonBinding{}.BindBody([]byte(`{}text`), &s)
+	require.Error(t, err)
+}