This is an automated email from the ASF dual-hosted git repository. nfilotto pushed a commit to branch CAMEL-19130/upgrade-snakeyaml-2 in repository https://gitbox.apache.org/repos/asf/camel.git
commit e025fb85bb2deefdb766c3fb4e1b313077802f0a Author: Nicolas Filotto <[email protected]> AuthorDate: Fri Mar 17 19:32:04 2023 +0100 CAMEL-19130: camel-snakeyaml - Upgrade to snakeyaml 2.x --- .../component/snakeyaml/SnakeYAMLDataFormat.java | 15 +++++----- .../custom/CustomClassLoaderConstructor.java | 9 +++--- .../component/snakeyaml/SnakeYAMLDoSTest.java | 33 ++++++++++++---------- 3 files changed, 30 insertions(+), 27 deletions(-) diff --git a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java index 19cedf019f9..7a0b9d56a36 100644 --- a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java +++ b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java @@ -47,6 +47,7 @@ import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.BaseConstructor; import org.yaml.snakeyaml.constructor.Constructor; import org.yaml.snakeyaml.constructor.SafeConstructor; +import org.yaml.snakeyaml.inspector.TrustedTagInspector; import org.yaml.snakeyaml.nodes.Tag; import org.yaml.snakeyaml.representer.Representer; import org.yaml.snakeyaml.resolver.Resolver; @@ -142,6 +143,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor if (yaml == null) { LoaderOptions options = new LoaderOptions(); + options.setTagInspector(new TrustedTagInspector()); options.setAllowRecursiveKeys(allowRecursiveKeys); options.setMaxAliasesForCollections(maxAliasesForCollections); @@ -389,6 +391,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor } LoaderOptions options = new LoaderOptions(); + options.setTagInspector(new TrustedTagInspector()); options.setAllowRecursiveKeys(allowRecursiveKeys); options.setMaxAliasesForCollections(maxAliasesForCollections); @@ -406,9 +409,9 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor yamlConstructor = new SafeConstructor(options); } - if (typeDescriptions != null && yamlConstructor instanceof Constructor) { + if (typeDescriptions != null && yamlConstructor instanceof Constructor con) { for (TypeDescription typeDescription : typeDescriptions) { - ((Constructor) yamlConstructor).addTypeDescription(typeDescription); + con.addTypeDescription(typeDescription); } } @@ -416,7 +419,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor } private Representer defaultRepresenter(CamelContext context) { - Representer yamlRepresenter = new Representer(); + Representer yamlRepresenter = new Representer(new DumperOptions()); if (classTags != null) { for (Map.Entry<Class<?>, Tag> entry : classTags.entrySet()) { @@ -443,7 +446,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor // *************************** private static Constructor typeFilterConstructor(final Collection<TypeFilter> typeFilters, LoaderOptions options) { - Constructor constructor = new Constructor(options) { + return new Constructor(options) { @Override protected Class<?> getClassForName(String name) throws ClassNotFoundException { if (typeFilters.stream().noneMatch(f -> f.test(name))) { @@ -453,13 +456,12 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor return super.getClassForName(name); } }; - return constructor; } private static Constructor typeFilterConstructor( final ClassLoader classLoader, final Collection<TypeFilter> typeFilters, LoaderOptions options) { - CustomClassLoaderConstructor constructor = new CustomClassLoaderConstructor(classLoader, options) { + return new CustomClassLoaderConstructor(classLoader, options) { @Override protected Class<?> getClassForName(String name) throws ClassNotFoundException { if (typeFilters.stream().noneMatch(f -> f.test(name))) { @@ -469,6 +471,5 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor return super.getClassForName(name); } }; - return constructor; } } diff --git a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java index 6ab8ceb3554..6ce32af73c5 100644 --- a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java +++ b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java @@ -16,6 +16,8 @@ */ package org.apache.camel.component.snakeyaml.custom; +import java.util.Objects; + import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.constructor.Constructor; @@ -24,14 +26,11 @@ import org.yaml.snakeyaml.constructor.Constructor; */ public class CustomClassLoaderConstructor extends Constructor { - private ClassLoader loader = this.getClass().getClassLoader(); + private final ClassLoader loader; public CustomClassLoaderConstructor(ClassLoader theLoader, LoaderOptions options) { super(Object.class, options); - if (theLoader == null) { - throw new NullPointerException("Loader must be provided."); - } - this.loader = theLoader; + this.loader = Objects.requireNonNull(theLoader, "Loader must be provided."); } @Override diff --git a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java index 54320d9450a..386f16cb51b 100644 --- a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java +++ b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java @@ -26,6 +26,7 @@ import org.apache.camel.builder.RouteBuilder; import org.apache.camel.component.mock.MockEndpoint; import org.apache.camel.test.junit5.CamelTestSupport; import org.junit.jupiter.api.Test; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.SafeConstructor; @@ -42,14 +43,15 @@ public class SnakeYAMLDoSTest extends CamelTestSupport { assertNotNull(mock); mock.expectedMessageCount(1); - InputStream is = this.getClass().getClassLoader().getResourceAsStream("data.yaml"); + try (InputStream is = this.getClass().getClassLoader().getResourceAsStream("data.yaml")) { - ProducerTemplate template = context.createProducerTemplate(); - String result = template.requestBody("direct:back", is, String.class); - assertNotNull(result); - assertEquals("{name=Colm, location=Dublin}", result.trim()); + ProducerTemplate template = context.createProducerTemplate(); + String result = template.requestBody("direct:back", is, String.class); + assertNotNull(result); + assertEquals("{name=Colm, location=Dublin}", result.trim()); - mock.assertIsSatisfied(); + mock.assertIsSatisfied(); + } } @Test @@ -59,18 +61,19 @@ public class SnakeYAMLDoSTest extends CamelTestSupport { assertNotNull(mock); mock.expectedMessageCount(0); - InputStream is = this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml"); + try (InputStream is = this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml")) { - ProducerTemplate template = context.createProducerTemplate(); + ProducerTemplate template = context.createProducerTemplate(); - Exception ex = assertThrows(CamelExecutionException.class, - () -> template.requestBody("direct:back", is, String.class), - "Failure expected on an alias expansion attack"); + Exception ex = assertThrows(CamelExecutionException.class, + () -> template.requestBody("direct:back", is, String.class), + "Failure expected on an alias expansion attack"); - Throwable cause = ex.getCause(); - assertEquals("Number of aliases for non-scalar nodes exceeds the specified max=50", cause.getMessage()); + Throwable cause = ex.getCause(); + assertEquals("Number of aliases for non-scalar nodes exceeds the specified max=50", cause.getMessage()); - mock.assertIsSatisfied(); + mock.assertIsSatisfied(); + } } @Test @@ -139,7 +142,7 @@ public class SnakeYAMLDoSTest extends CamelTestSupport { f.put(f, "a"); f.put("g", root); - Yaml yaml = new Yaml(new SafeConstructor()); + Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions())); return yaml.dump(f); }
