[JIRA] (JENKINS-54224) Rework all json construction

2018-10-27 Thread lucamilane...@java.net (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 lucamilanesio commented on  JENKINS-54224  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: Rework all json construction   
 

  
 
 
 
 

 
 Yes, I agree in using the Gerrit API (REST Client API layer).  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54224) Rework all json construction

2018-10-27 Thread alon.bar...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Alon Bar-Lev started work on  JENKINS-54224  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
Change By: 
 Alon Bar-Lev  
 
 
Status: 
 Open In Progress  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54224) Rework all json construction

2018-10-27 Thread alon.bar...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Alon Bar-Lev updated  JENKINS-54224  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-54224  
 
 
  Rework all json construction   
 

  
 
 
 
 

 
Change By: 
 Alon Bar-Lev  
 
 
Status: 
 In  Progress  Review  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54224) Rework all json construction

2018-10-27 Thread alon.bar...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Alon Bar-Lev updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-54224  
 
 
  Rework all json construction   
 

  
 
 
 
 

 
Change By: 
 Alon Bar-Lev  
 
 
URL: 
 https://github.com/jenkinsci/gerrit-code-review-plugin/pull/24  
 
 
Labels: 
 patch  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54224) Rework all json construction

2018-10-27 Thread alon.bar...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Alon Bar-Lev commented on  JENKINS-54224  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: Rework all json construction   
 

  
 
 
 
 

 
 there is no need to use custom serialization as the gerrit api is perfectly capable of doing everything.  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54224) Rework all json construction

2018-10-24 Thread alon.bar...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Alon Bar-Lev created an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-54224  
 
 
  Rework all json construction   
 

  
 
 
 
 

 
Issue Type: 
  Bug  
 
 
Assignee: 
 lucamilanesio  
 
 
Components: 
 gerrit-code-review-plugin  
 
 
Created: 
 2018-10-24 15:01  
 
 
Priority: 
  Major  
 
 
Reporter: 
 Alon Bar-Lev  
 

  
 
 
 
 

 
 Hi, While going over the code I noticed that you use string construction for json requests to gerrit. This is highly risky as users may put special characters within the variables and alter the request to gain access to other functionality the user is authorized. For example message="\", something=\"xxx" will add 'something' to the json as own field. The code must be refactored to use jackson or any json serialization that handles proper escaping. Jackson support pojos and serialize into json, the pojo can be a simple map of Map if you do not want to have pojo per use case. Then use mapper.writeValueAsString(pojo) to construct json. 

 

@JsonInclude(JsonInclude.Include.NON_NULL)
class C {
@JsonProperty
String property1;
@JsonProperty
String property2;
};
ObjectMapper mapper = new ObjectMapper();
C c1 = new C();
c1.property1 = "value1";
String json = mapper.writeValueasString(c1); // request
C c2 = mapper.readValue(json, C.class)   // response