You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2020/12/04 09:31:40 UTC
[servicecomb-java-chassis] branch 1.3.x updated: [SCB-2145]fix
local yaml unsafe parse problem (#2102)
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch 1.3.x
in repository https://gitbox.apache.org/repos/asf/servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/1.3.x by this push:
new 9ac5d67 [SCB-2145]fix local yaml unsafe parse problem (#2102)
9ac5d67 is described below
commit 9ac5d67b4f9d0a30ca0f0e6e538e7e0e3f730ccc
Author: bao liu <bi...@qq.com>
AuthorDate: Fri Dec 4 17:27:34 2020 +0800
[SCB-2145]fix local yaml unsafe parse problem (#2102)
---
.../java/org/apache/servicecomb/config/YAMLUtil.java | 3 ++-
.../config/archaius/sources/YAMLConfigLoader.java | 7 ++-----
java-chassis-dependencies/default/pom.xml | 2 +-
.../client/LocalServiceRegistryClientImpl.java | 17 ++++++++++++-----
4 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/YAMLUtil.java b/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/YAMLUtil.java
index abcf1fa..8c4bfb7 100644
--- a/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/YAMLUtil.java
+++ b/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/YAMLUtil.java
@@ -25,6 +25,7 @@ import java.util.LinkedHashMap;
import java.util.Map;
import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
/**
* Created by on 2017/1/5.
@@ -45,7 +46,7 @@ public final class YAMLUtil {
@SuppressWarnings("unchecked")
public static Map<String, Object> yaml2Properties(InputStream input) {
Map<String, Object> configurations = new LinkedHashMap<>();
- Yaml yaml = new Yaml();
+ Yaml yaml = new Yaml(new SafeConstructor());
yaml.loadAll(input).forEach(data -> configurations.putAll(retrieveItems("", (Map<String, Object>) data)));
return configurations;
}
diff --git a/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/archaius/sources/YAMLConfigLoader.java b/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/archaius/sources/YAMLConfigLoader.java
index f0fb453..f50451f 100644
--- a/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/archaius/sources/YAMLConfigLoader.java
+++ b/foundations/foundation-config/src/main/java/org/apache/servicecomb/config/archaius/sources/YAMLConfigLoader.java
@@ -22,16 +22,13 @@ import java.io.InputStream;
import java.net.URL;
import java.util.Map;
-import org.yaml.snakeyaml.Yaml;
+import org.apache.servicecomb.config.YAMLUtil;
public class YAMLConfigLoader extends AbstractConfigLoader {
- @SuppressWarnings("unchecked")
@Override
protected Map<String, Object> loadData(URL url) throws IOException {
- Yaml yaml = new Yaml();
-
try (InputStream inputStream = url.openStream()) {
- return yaml.loadAs(inputStream, Map.class);
+ return YAMLUtil.yaml2Properties(inputStream);
}
}
}
diff --git a/java-chassis-dependencies/default/pom.xml b/java-chassis-dependencies/default/pom.xml
index cadc03d..2276a56 100644
--- a/java-chassis-dependencies/default/pom.xml
+++ b/java-chassis-dependencies/default/pom.xml
@@ -97,7 +97,7 @@
<seanyinx.version>1.0.0</seanyinx.version>
<servo.version>0.12.25</servo.version>
<slf4j.version>1.7.26</slf4j.version>
- <snakeyaml.version>1.24</snakeyaml.version>
+ <snakeyaml.version>1.27</snakeyaml.version>
<spectator.version>0.83.0</spectator.version>
<spring.version>4.3.20.RELEASE</spring.version>
<spring-boot.version>1.5.19.RELEASE</spring-boot.version>
diff --git a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java
index 29133e6..2203b80 100755
--- a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java
+++ b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java
@@ -19,6 +19,7 @@ package org.apache.servicecomb.serviceregistry.client;
import static org.apache.servicecomb.serviceregistry.definition.DefinitionConst.DEFAULT_APPLICATION_ID;
+import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
@@ -30,6 +31,7 @@ import java.util.concurrent.atomic.AtomicInteger;
import javax.ws.rs.core.Response.Status;
+import org.apache.servicecomb.config.YAMLUtil;
import org.apache.servicecomb.foundation.vertx.AsyncResultCallback;
import org.apache.servicecomb.serviceregistry.api.registry.Microservice;
import org.apache.servicecomb.serviceregistry.api.registry.MicroserviceInstance;
@@ -49,7 +51,6 @@ import org.apache.servicecomb.serviceregistry.version.VersionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
-import org.yaml.snakeyaml.Yaml;
import com.google.common.base.Charsets;
import com.google.common.hash.Hashing;
@@ -81,7 +82,15 @@ public class LocalServiceRegistryClientImpl implements ServiceRegistryClient {
return;
}
- initFromData(is);
+ try {
+ initFromData(is);
+ } finally {
+ try {
+ is.close();
+ } catch (IOException e) {
+ LOGGER.error("", e);
+ }
+ }
}
public LocalServiceRegistryClientImpl(InputStream is) {
@@ -93,9 +102,7 @@ public class LocalServiceRegistryClientImpl implements ServiceRegistryClient {
}
private void initFromData(InputStream is) {
- Yaml yaml = new Yaml();
- @SuppressWarnings("unchecked")
- Map<String, Object> data = yaml.loadAs(is, Map.class);
+ Map<String, Object> data = YAMLUtil.yaml2Properties(is);
initFromData(data);
}