Python: Serialize large integers as strings in RPC to avoid Jackson limits

knutwannheden · knutwannheden · commit fac8559960ed · 2026-02-26T13:50:31.000+01:00
Jackson 2.15+ rejects JSON numbers exceeding 1000 digits via
StreamReadConstraints.getMaxNumberLength(). Python integers have
no size limit, so a literal like paramiko's 4096-bit DH prime
(1234 decimal digits) was serialized as a raw JSON number, causing
deserialization to fail on the Java side.

Convert integers exceeding Java's long range to strings before
serialization. The original source representation is preserved in
the literal's valueSource field, so printing is unaffected.
diff --git a/rewrite-python/rewrite/src/rewrite/rpc/send_queue.py b/rewrite-python/rewrite/src/rewrite/rpc/send_queue.py
@@ -316,7 +316,14 @@ def _get_primitive_value(self, obj: Any) -> Any:
             return None
         if isinstance(obj, bool):
             return obj
-        if isinstance(obj, (int, str)):
+        if isinstance(obj, int):
+            # Integers exceeding Java's long range cannot be serialized as
+            # JSON numbers (Jackson's StreamReadConstraints rejects them).
+            # Convert to string — the original source is preserved in valueSource.
+            if obj > 9223372036854775807 or obj < -9223372036854775808:
+                return str(obj)
+            return obj
+        if isinstance(obj, str):
             return obj
         if isinstance(obj, float):
             # Special float values (inf, nan) are not valid JSON
diff --git a/rewrite-python/rewrite/tests/python/all/test_large_literal.py b/rewrite-python/rewrite/tests/python/all/test_large_literal.py
@@ -0,0 +1,75 @@
+# Copyright 2025 the original author or authors.
+# <p>
+# Licensed under the Moderne Source Available License (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# <p>
+# https://docs.moderne.io/licensing/moderne-source-available-license
+# <p>
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Tests for parsing files with large literals (e.g. paramiko/kex_group16.py)."""
+
+import ast
+import json
+import time
+
+from rewrite.python._parser_visitor import ParserVisitor
+from rewrite.rpc.send_queue import RpcSendQueue
+
+
+SOURCE = """\
+from hashlib import sha512
+
+
+class KexGroup16SHA512:
+    name = "diffie-hellman-group16-sha512"
+    # http://tools.ietf.org/html/rfc3526#section-5
+    P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF  # noqa
+    G = 2
+
+    name = "diffie-hellman-group16-sha512"
+    hash_algo = sha512
+"""
+
+
+class TestLargeLiteralSerialization:
+
+    def test_serialize_large_hex_literal(self):
+        """Time each step: parse, RPC serialize, JSON encode."""
+
+        # Step 1: Parse
+        t0 = time.perf_counter()
+        tree = ast.parse(SOURCE, "kex_group16.py")
+        cu = ParserVisitor(SOURCE, "kex_group16.py").visit(tree)
+        t1 = time.perf_counter()
+        print(f"\nParse:         {t1 - t0:.4f}s")
+
+        # Step 2: RPC serialize (generate RpcObjectData list)
+        q = RpcSendQueue(source_file_type="org.openrewrite.python.tree.Py$CompilationUnit")
+        t2 = time.perf_counter()
+        rpc_data = q.generate(cu)
+        t3 = time.perf_counter()
+        print(f"RPC serialize: {t3 - t2:.4f}s  ({len(rpc_data)} messages)")
+
+        # Step 3: JSON encode
+        t4 = time.perf_counter()
+        json_bytes = json.dumps(rpc_data)
+        t5 = time.perf_counter()
+        print(f"JSON encode:   {t5 - t4:.4f}s  ({len(json_bytes)} bytes)")
+
+        # Total
+        print(f"Total:         {t5 - t0:.4f}s")
+
+        # Verify the large int was serialized as a string, not a JSON number.
+        # There should be no JSON numbers exceeding 19 digits in the output.
+        data = json.loads(json_bytes)
+        for msg in data:
+            v = msg.get('value')
+            if isinstance(v, int):
+                assert -9223372036854775808 <= v <= 9223372036854775807, \
+                    f"Found int value exceeding Java long range: {v}"
