[
https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17743304#comment-17743304
]
ASF GitHub Bot commented on TINKERPOP-2948:
-------------------------------------------
vkagamlyk commented on code in PR #2139:
URL: https://github.com/apache/tinkerpop/pull/2139#discussion_r1264203017
##########
gremlin-core/src/test/java/org/apache/tinkerpop/gremlin/structure/io/graphson/GraphSONStreamConstraintsTest.java:
##########
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tinkerpop.gremlin.structure.io.graphson;
+
+import org.apache.tinkerpop.shaded.jackson.core.exc.StreamConstraintsException;
+import org.apache.tinkerpop.shaded.jackson.databind.JsonMappingException;
+import org.apache.tinkerpop.shaded.jackson.databind.ObjectMapper;
+import org.junit.Test;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+public class GraphSONStreamConstraintsTest extends AbstractGraphSONTest{
+
+ ObjectMapper defaultMapper =
GraphSONMapper.build().create().createMapper();
+
+ @Test
+ public void testMaxNumberLengthConfig() throws Exception {
+ final int serializedData = 1000;
+
+ ObjectMapper mapper =
GraphSONMapper.build().maxNumberLength(2).create().createMapper();
Review Comment:
finals are missing
> PRISMA security vulnerabilty for jackson-databind 2.14.0
> --------------------------------------------------------
>
> Key: TINKERPOP-2948
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2948
> Project: TinkerPop
> Issue Type: Bug
> Components: server
> Affects Versions: 3.6.3, 3.5.6
> Reporter: Aaron Coady
> Priority: Critical
>
>
> h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0
> [https://github.com/FasterXML/jackson-core/pull/827]
>
> com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are
> vulnerable to Denial of Service (DoS). The package does not properly restrict
> the size or amount of resources that are requested or influenced by an actor,
> which can be used to consume more resources than intended and leads to
> Uncontrolled Resource Consumption ('Resource Exhaustion')
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
