This is an automated email from the ASF dual-hosted git repository. jcabrerizo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
The following commit(s) were added to refs/heads/master by this push: new 0c34ed594c update snakeyaml to latest version; same for jackson and cxf to use latest snakeyaml new 96cad205cf Merge pull request #1413 from ahgittin/bump-snakeyaml-22 0c34ed594c is described below commit 0c34ed594caba03a6aa8f8ab558cd3201eebbe16 Author: Alex Heneveld <a...@cloudsoft.io> AuthorDate: Thu Jan 4 16:23:40 2024 +0000 update snakeyaml to latest version; same for jackson and cxf to use latest snakeyaml --- .../core/json/ConfigurableSerializerProvider.java | 7 ++++ pom.xml | 6 ++-- .../brooklyn/tasks/kubectl/KubeJobFileCreator.java | 22 +++++++----- .../java/org/apache/brooklyn/util/yaml/Yamls.java | 41 +++++++++++----------- .../org/apache/brooklyn/util/yaml/YamlsTest.java | 33 +++++++++++++++-- 5 files changed, 74 insertions(+), 35 deletions(-) diff --git a/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java b/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java index f2b45831c3..8cba89ff8b 100644 --- a/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java +++ b/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java @@ -20,6 +20,7 @@ package org.apache.brooklyn.util.core.json; import java.io.IOException; +import com.fasterxml.jackson.databind.cfg.CacheProvider; import org.apache.brooklyn.util.exceptions.Exceptions; import com.fasterxml.jackson.core.JsonGenerator; @@ -47,6 +48,12 @@ final class ConfigurableSerializerProvider extends DefaultSerializerProvider { return new ConfigurableSerializerProvider(config, this, jsf); } + @Override + public DefaultSerializerProvider withCaches(CacheProvider cacheProvider) { + // would need to support fluency in this class to support + throw new IllegalStateException("Caches not supported for this serializer provider"); + } + public ConfigurableSerializerProvider(SerializationConfig config, ConfigurableSerializerProvider src, SerializerFactory jsf) { super(src, config, jsf); unknownTypeSerializer = src.unknownTypeSerializer; diff --git a/pom.xml b/pom.xml index 440e84e64d..1b130c7293 100644 --- a/pom.xml +++ b/pom.xml @@ -130,7 +130,7 @@ <jakarta.activation.version>1.2.2</jakarta.activation.version> <jakarta.mail.version>1.6.5</jakarta.mail.version> <!-- used by karaf --> <!-- double-check downstream projects before changing jackson version --> - <fasterxml.jackson.version>2.14.1</fasterxml.jackson.version> + <fasterxml.jackson.version>2.16.1</fasterxml.jackson.version> <cxf.version>3.4.10</cxf.version> <httpcomponents.httpclient.version>4.5.13</httpcomponents.httpclient.version> <!-- To match apache-cxf-3.4.10-features.xml --> <httpcomponents.httpcore.version>4.4.15</httpcomponents.httpcore.version> <!-- To match cxf --> @@ -140,8 +140,8 @@ <groovy.version>2.4.21</groovy.version> <!-- 2.4 seems to be an LTS; later versions switch to using a pom not a jar for groovy all, then in 4 to using modules and hosted at apache rather than codehaus; note the groovy-eclipse-complier versions below --> <groovy-eclipse-compiler.version>2.9.1-01</groovy-eclipse-compiler.version> <!-- see https://github.com/groovy/groovy-eclipse/wiki/Groovy-Eclipse-2.9.1-Release-Notes --> <groovy-eclipse-batch.version>2.4.21-01</groovy-eclipse-batch.version> - <snakeyaml.version>1.33</snakeyaml.version> <!-- align with cxf, jackson-dataformat-yaml --> - <snakeyaml.jclouds.version>1.26</snakeyaml.jclouds.version> <!-- jclouds 2.4 imports this --> + <snakeyaml.version>2.2</snakeyaml.version> <!-- should match: cxf-parent, jackson-dataformat-yaml (both of which seem to update regularly) --> + <snakeyaml.jclouds.version>1.26</snakeyaml.jclouds.version> <!-- jclouds 2.4 imports this; used for exclusion; yaml in jclouds might be broken as we are long past this --> <!-- Next version of swagger requires changes to how path mapping and scanner injection are done. --> <swagger.version>1.6.2</swagger.version> <mx4j.version>3.0.1</mx4j.version> diff --git a/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java b/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java index ac411c34d1..a769578880 100644 --- a/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java +++ b/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java @@ -18,6 +18,18 @@ */ package org.apache.brooklyn.tasks.kubectl; +import java.io.File; +import java.io.IOException; +import java.io.PrintWriter; +import java.io.StringWriter; +import java.io.Writer; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + import com.google.common.collect.Lists; import com.google.common.collect.Maps; import org.apache.brooklyn.core.mgmt.ha.BrooklynBomOsgiArchiveInstaller; @@ -31,14 +43,6 @@ import org.yaml.snakeyaml.nodes.NodeTuple; import org.yaml.snakeyaml.nodes.Tag; import org.yaml.snakeyaml.representer.Representer; -import java.io.File; -import java.io.IOException; -import java.io.PrintWriter; -import java.io.StringWriter; -import java.io.Writer; -import java.util.*; -import java.util.stream.Collectors; - /** * This was needed to ensure our Kubernetes Yaml Job configurations are valid. */ @@ -210,7 +214,7 @@ public class KubeJobFileCreator { options.setIndent(2); options.setPrettyFlow(true); options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK); - Representer representer = new Representer(){ + Representer representer = new Representer(options){ @Override protected NodeTuple representJavaBeanProperty(Object javaBean, Property property, Object propertyValue, Tag customTag) { // if value of property is null, ignore it. diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java index 05a016726e..aa11aa548f 100644 --- a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java +++ b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java @@ -18,7 +18,6 @@ */ package org.apache.brooklyn.util.yaml; -import com.google.common.base.Function; import java.io.Reader; import java.io.StringReader; import java.util.ArrayList; @@ -28,11 +27,13 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.concurrent.atomic.AtomicBoolean; - import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.annotation.Nullable; +import com.google.common.annotations.Beta; +import com.google.common.base.Function; +import com.google.common.collect.Iterables; import org.apache.brooklyn.util.collections.Jsonya; import org.apache.brooklyn.util.collections.MutableList; import org.apache.brooklyn.util.exceptions.Exceptions; @@ -42,20 +43,18 @@ import org.apache.brooklyn.util.javalang.coerce.PrimitiveStringTypeCoercions; import org.apache.brooklyn.util.text.Strings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; -import org.yaml.snakeyaml.constructor.BaseConstructor; import org.yaml.snakeyaml.constructor.Constructor; import org.yaml.snakeyaml.constructor.SafeConstructor; import org.yaml.snakeyaml.error.Mark; +import org.yaml.snakeyaml.inspector.TagInspector; import org.yaml.snakeyaml.nodes.MappingNode; import org.yaml.snakeyaml.nodes.Node; import org.yaml.snakeyaml.nodes.NodeId; import org.yaml.snakeyaml.nodes.NodeTuple; import org.yaml.snakeyaml.nodes.ScalarNode; import org.yaml.snakeyaml.nodes.SequenceNode; - -import com.google.common.annotations.Beta; -import com.google.common.collect.Iterables; import org.yaml.snakeyaml.nodes.Tag; public class Yamls { @@ -63,27 +62,27 @@ public class Yamls { private static final Logger log = LoggerFactory.getLogger(Yamls.class); private static Yaml newYaml() { - BaseConstructor constructor; - if (BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled()) { - // allows instantiation of arbitrary Java types; - constructor = new Constructor() { - - }; - } else { - constructor = new SafeConstructor() { + LoaderOptions loaderOptions = new LoaderOptions(); - }; + if (BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled()) { + loaderOptions.setTagInspector(new TagInspector() { + @Override + public boolean isGlobalTagAllowed(Tag tag) { + return true; + } + }); } + return new Yaml( BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled() - ? new ConstructorExcludingNonNumbers() // allows instantiation of arbitrary Java types - : new SafeConstructorExcludingNonNumbers() // allows instantiation of limited set of types only + ? new ConstructorExcludingNonNumbers(loaderOptions) // allows instantiation of arbitrary Java types + : new SafeConstructorExcludingNonNumbers(loaderOptions) // allows instantiation of limited set of types only ); } private static class ConstructorExcludingNonNumbers extends Constructor { - public ConstructorExcludingNonNumbers() { - super(); + public ConstructorExcludingNonNumbers(LoaderOptions loaderOptions) { + super(loaderOptions); this.yamlConstructors.put(Tag.FLOAT, new ConstructYamlFloatExcludingNonNumbers()); } class ConstructYamlFloatExcludingNonNumbers extends ConstructYamlFloat { @@ -95,8 +94,8 @@ public class Yamls { } private static class SafeConstructorExcludingNonNumbers extends SafeConstructor { - public SafeConstructorExcludingNonNumbers() { - super(); + public SafeConstructorExcludingNonNumbers(LoaderOptions loaderOptions) { + super(loaderOptions); this.yamlConstructors.put(Tag.FLOAT, new ConstructYamlFloatExcludingNonNumbers()); } class ConstructYamlFloatExcludingNonNumbers extends ConstructYamlFloat { diff --git a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java index b1d868b289..b80e8d0ba4 100644 --- a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java +++ b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java @@ -21,6 +21,7 @@ package org.apache.brooklyn.util.yaml; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; +import java.util.Date; import java.util.Iterator; import java.util.List; @@ -36,6 +37,7 @@ import org.yaml.snakeyaml.constructor.ConstructorException; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; +import org.yaml.snakeyaml.error.MarkedYAMLException; public class YamlsTest { @@ -196,8 +198,35 @@ public class YamlsTest { "month: 12\n" + "year: 2016"); Asserts.shouldHaveFailedPreviously("Expected exception: " + ConstructorException.class.getCanonicalName()); - } catch(ConstructorException e) { - Asserts.expectedFailureContains(e, "could not determine a constructor"); + } catch (MarkedYAMLException e) { + Asserts.expectedFailureContains(e, + // with 2.2: + "Global tag is not allowed", "tag:yaml.org,2002:java.util.Date" + // with 1.33: "could not determine a constructor" + ); + } + } + + @Test + public void testUnsafeYaml() throws Exception { + assertFalse(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled(), + "Set property to false (or do not set at all): " + BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName()); + + try { + System.setProperty(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName(), "true"); + Asserts.assertTrue(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled()); + + Object d = Yamls.parseAll("!!java.util.Date\n" + + "date: 25\n" + + "month: 12\n" + + "year: 2016").iterator().next(); + Asserts.assertInstanceOf(d, Date.class); + + } finally { + System.clearProperty(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName()); + + assertFalse(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled(), + "Set property to false (or do not set at all): " + BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName()); } }