You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by ac...@apache.org on 2022/01/11 09:27:18 UTC

[camel] branch main updated: CAMEL-17471 - Snakeyaml: Use safe constructor where the default one has been used

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new 5fd1d2d  CAMEL-17471 - Snakeyaml: Use safe constructor where the default one has been used
5fd1d2d is described below

commit 5fd1d2dc8d5a65459cbbaae187929cc0cc3c5e3c
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue Jan 11 09:57:26 2022 +0100

    CAMEL-17471 - Snakeyaml: Use safe constructor where the default one has been used
---
 .../org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
index 8489340..0410e99 100644
--- a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
+++ b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
@@ -57,6 +57,7 @@ import org.apache.maven.plugins.annotations.Parameter;
 import org.apache.maven.project.MavenProject;
 import org.twdata.maven.mojoexecutor.MojoExecutor;
 import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 
 import static org.apache.commons.lang3.StringUtils.isNotEmpty;
 import static org.twdata.maven.mojoexecutor.MojoExecutor.artifactId;
@@ -339,7 +340,7 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
 
         String suffix = ".yaml";
         if (specificationUri.regionMatches(true, specificationUri.length() - suffix.length(), suffix, 0, suffix.length())) {
-            Yaml loader = new Yaml();
+            Yaml loader = new Yaml(new SafeConstructor());
             Map map = loader.load(is);
             JsonNode node = mapper.convertValue(map, JsonNode.class);
             return (OasDocument) Library.readDocument(node);