You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@iceberg.apache.org by GitBox <gi...@apache.org> on 2022/06/15 11:50:50 UTC

[GitHub] [iceberg] findepi opened a new pull request, #5048: Check for trailing content when parsing JSON

findepi opened a new pull request, #5048:
URL: https://github.com/apache/iceberg/pull/5048

   Before the change, various JSON parsing routines would ignore content
   after a `}` matching to the opening `{` is found. This commit changes
   the common parsing pattern to use a newly introduced utility method
   which checks for trailing payload and fails if any is found.
   
   Follows https://github.com/apache/iceberg/pull/4537#discussion_r897834674


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] findepi commented on pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

findepi commented on PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#issuecomment-1168467016

   @rdblue thank for spending time and reviewing my PR.
   
   > Did you see this in practice with a corrupt file?
   
   I haven't.
   Iceberg library doesn't write such invalid content.
   
   i also don't see currently that this could be exploited for security reasons
   
   > what problem is this fixing?
   
   we incorrectly accept an incorrect input which ought to be rejected
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] findepi commented on a diff in pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

findepi commented on code in PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#discussion_r898008540


##########
core/src/test/java/org/apache/iceberg/TestSnapshotRefParser.java:
##########
@@ -63,13 +65,6 @@ public void testBranchToJsonAllFields() {
         json, SnapshotRefParser.toJson(ref));
   }
 
-  @Test
-  public void testTagFromJsonDefault() {

Review Comment:
   my mistake, sorry



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue commented on pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

rdblue commented on PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#issuecomment-1168139998

   @findepi, what problem is this fixing? Did you see this in practice with a corrupt file?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] findepi commented on pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

findepi commented on PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#issuecomment-1192610716

   we have a bug in the library where we accept invalid JSON payloads (files) just because we stop parsing at some point.
   i think this should be fixed.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] nastra commented on a diff in pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

nastra commented on code in PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#discussion_r897971653


##########
core/src/test/java/org/apache/iceberg/TestSnapshotRefParser.java:
##########
@@ -63,13 +65,6 @@ public void testBranchToJsonAllFields() {
         json, SnapshotRefParser.toJson(ref));
   }
 
-  @Test
-  public void testTagFromJsonDefault() {

Review Comment:
   is this not a valid test anymore?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] findepi commented on pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

findepi commented on PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#issuecomment-1199230685

   @danielcweeks do you have opinion about this PR?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] findepi commented on pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

findepi commented on PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#issuecomment-1156374538

   Currently, based on https://github.com/apache/iceberg/pull/4537, since it fixes also code being added there.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] findepi closed pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

findepi closed pull request #5048: Check for trailing content when parsing JSON
URL: https://github.com/apache/iceberg/pull/5048


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] findepi commented on pull request #5048: Check for trailing content when parsing JSON

Posted by GitBox <gi...@apache.org>.

findepi commented on PR #5048:
URL: https://github.com/apache/iceberg/pull/5048#issuecomment-1164381627

   I think I don't know how to fix the iceberg-mr classpath to include jackson databind, with the right version.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org