I fully agree with Lukasz here .. so if we are indeed using beanutils for only this case, we should get rid of it. Less code in the classpath with stuff we actually don't need and which could possibly be a CVE problem.
So, I did a quick check, and indeed we only have one usage of something in "org.apache.commons.beanutils" So I opt for removing it. Chris -----Original Message----- From: Łukasz Dywicki <[email protected]> Sent: Freitag, 21. Januar 2022 12:19 To: [email protected] Subject: Re: [DISCUSS] Remove commons-beanutils dependency I could argue here as reducing external dependencies for smallish utilities is usually a good thing. If we can get rid of one dependency in favor of our own small targeted reflection helper which doesn't do much this change is good. Bringing 250kb commons for single class isn't something I would appreciate. Note I didn't track hoe extensively we use beanutils. Best, Łukasz On 21.01.2022 11:01, Sebastian Rühl wrote: > Hi Yang, > > could you please try bring that issue up to the upstream project? We don't > want to replicate this logic in PLC4X if this can be solved upstream (at > common-beanutils). Maybe there is a alternative implementation for java pojos > that I'am currently not aware of. Other than that it's better to use methods > supplied by org.apache.commons.lang3.reflect.FieldUtils rather than doing the > direct implementation like you suggested. > > - Sebastian > > On 2022/01/19 12:54:22 杨 林 wrote: >> Hi all, >> >> I’m using plc4j in Android, commons-beanutils is the only thing to obstacle >> me to do that ,because Android does not have java.beans.PropertyDescriptor. >> >> org.apache.commons.beanutils.BeanUtils is used only in >> org.apache.plc4x.java.spi.configuration.ConfigurationFactory (Line 93 and >> Line 103). I think It could be replace by simple reflect: >> >> field.setAccessible(true); >> >> if (field.getType() == String.class) { >> field.set(instance, valueString); } else if ((field.getType() == >> boolean.class) || (field.getType() == Boolean.class)) { >> field.setBoolean(instance, Boolean.parseBoolean(valueString)); >> } else if … >> >> Any help? >> >> Yang Lin >>
