[anhldbk]

Thanks for sharing. Currently I'm looking for an elegant language for querying Json structures. In addition to JsonPath, JMESPath, Glush & GROQ is definitely worth a try

[sshine]

Have you considered jq?

https://stedolan.github.io/jq/

https://github.com/stedolan/jq

[naniwaduni]

Worth noting jq is not quite like what GP has tried, in that it seems to be designed as a command-line utility first with only incidental concessions to allow itself to be linked as a library. Its C API is poorly documented and essentially defined by the single implementation. The language itself is immensely powerful and not really sandboxable.

It's a nice language to work in but definitely not one I'd want to expose as a user interface.

[sshine]

I'm actually working on a separate implementation with the intent of making jq work as a library.

By "not really sandboxable", what powerful features of jq do you mean?

I'm not sure what's meant by "expose as a user interface". It's a pretty abstract DSL, so I would certainly only expose it to programmers.

[naniwaduni]

> By "not really sandboxable", what powerful features of jq do you mean?

On close inspection I can't find things as bad as I imagined, but there are still some unexpected barely-documented features like reading files from anywhere on disk[1] as long as they have the right extension, with much wider implications than one might expect at a glance. (Note the while the module path is relative and checked for path traversal, you can just set the search path. Undocumented is that the text needn't even parse as JSON because you can just set the raw flag.) In general, many language features are implemented by exposing a more powerful primitive than necessary to the language and documenting a less powerful wrapper but not the primitive itself; the security implications go more or less unexamined.

There seems to be no particular provision for executing any less than enough to generate the next output, so if you want to set limits on execution you'll have to do that at the process level. This is something you can probably do better in a separate implementation, though.

> I'm not sure what's meant by "expose as a user interface". It's a pretty abstract DSL, so I would certainly only expose it to programmers.

Only trusted users should have access to jq. I would assume that anyone who has access to executing jq code can execute arbitrary code in the interpreter's context. I'm less sure that it's true right now than I was when I made the post above, but it still seems pretty likely.

[1]: https://stedolan.github.io/jq/manual/#importRelativePathStri...;

[namibj]

I can recommend jtc as something nice to use for extracting stuff from deep json structures. It should be quite feasible to integrate as a library if one so desires.

https://github.com/ldn-softdev/jtc/blob/master/User%20Guide....

[devj]

Try jsonata.org