You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by nf...@apache.org on 2023/06/20 12:38:13 UTC
[camel] branch CAMEL-19130/upgrade-snakeyaml-2-3.x created (now 2ed0c2d5003)
This is an automated email from the ASF dual-hosted git repository.
nfilotto pushed a change to branch CAMEL-19130/upgrade-snakeyaml-2-3.x
in repository https://gitbox.apache.org/repos/asf/camel.git
at 2ed0c2d5003 CAMEL-19130: Upgrade to snakeyaml 2.x
This branch includes the following new commits:
new 2ed0c2d5003 CAMEL-19130: Upgrade to snakeyaml 2.x
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[camel] 01/01: CAMEL-19130: Upgrade to snakeyaml 2.x
Posted by nf...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
nfilotto pushed a commit to branch CAMEL-19130/upgrade-snakeyaml-2-3.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 2ed0c2d5003a5c685340397fa4c3f9b97dbdb516
Author: Nicolas Filotto <es...@users.noreply.github.com>
AuthorDate: Mon Mar 20 15:49:24 2023 +0100
CAMEL-19130: Upgrade to snakeyaml 2.x
In order to get the latest improvements and bug fixes, we need to upgrade to snakeyaml 2.
* Updated the version of snakeyaml
* Upgared `camel-snakeyaml` and `camel-restdsl-openapi-plugin`
* Fixed some violations raised
---
camel-dependencies/pom.xml | 2 +-
.../component/snakeyaml/SnakeYAMLDataFormat.java | 15 +++++-----
.../custom/CustomClassLoaderConstructor.java | 9 +++---
.../component/snakeyaml/SnakeYAMLDoSTest.java | 33 ++++++++++++----------
parent/pom.xml | 2 +-
.../generator/openapi/AbstractGenerateMojo.java | 15 ++++++----
6 files changed, 42 insertions(+), 34 deletions(-)
diff --git a/camel-dependencies/pom.xml b/camel-dependencies/pom.xml
index b83c3c85599..0ee371d686b 100644
--- a/camel-dependencies/pom.xml
+++ b/camel-dependencies/pom.xml
@@ -507,7 +507,7 @@
<smallrye-health-version>3.3.0</smallrye-health-version>
<smallrye-metrics-version>3.0.5</smallrye-metrics-version>
<snakeyaml-engine-version>2.3</snakeyaml-engine-version>
- <snakeyaml-version>1.33</snakeyaml-version>
+ <snakeyaml-version>2.0</snakeyaml-version>
<snmp4j-version>2.6.3_1</snmp4j-version>
<solr-version>8.11.2</solr-version>
<solr-version-range>[8,9)</solr-version-range>
diff --git a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
index 19cedf019f9..7a0b9d56a36 100644
--- a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
+++ b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
@@ -47,6 +47,7 @@ import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.BaseConstructor;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.constructor.SafeConstructor;
+import org.yaml.snakeyaml.inspector.TrustedTagInspector;
import org.yaml.snakeyaml.nodes.Tag;
import org.yaml.snakeyaml.representer.Representer;
import org.yaml.snakeyaml.resolver.Resolver;
@@ -142,6 +143,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor
if (yaml == null) {
LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
options.setAllowRecursiveKeys(allowRecursiveKeys);
options.setMaxAliasesForCollections(maxAliasesForCollections);
@@ -389,6 +391,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor
}
LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
options.setAllowRecursiveKeys(allowRecursiveKeys);
options.setMaxAliasesForCollections(maxAliasesForCollections);
@@ -406,9 +409,9 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor
yamlConstructor = new SafeConstructor(options);
}
- if (typeDescriptions != null && yamlConstructor instanceof Constructor) {
+ if (typeDescriptions != null && yamlConstructor instanceof Constructor con) {
for (TypeDescription typeDescription : typeDescriptions) {
- ((Constructor) yamlConstructor).addTypeDescription(typeDescription);
+ con.addTypeDescription(typeDescription);
}
}
@@ -416,7 +419,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor
}
private Representer defaultRepresenter(CamelContext context) {
- Representer yamlRepresenter = new Representer();
+ Representer yamlRepresenter = new Representer(new DumperOptions());
if (classTags != null) {
for (Map.Entry<Class<?>, Tag> entry : classTags.entrySet()) {
@@ -443,7 +446,7 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor
// ***************************
private static Constructor typeFilterConstructor(final Collection<TypeFilter> typeFilters, LoaderOptions options) {
- Constructor constructor = new Constructor(options) {
+ return new Constructor(options) {
@Override
protected Class<?> getClassForName(String name) throws ClassNotFoundException {
if (typeFilters.stream().noneMatch(f -> f.test(name))) {
@@ -453,13 +456,12 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor
return super.getClassForName(name);
}
};
- return constructor;
}
private static Constructor typeFilterConstructor(
final ClassLoader classLoader, final Collection<TypeFilter> typeFilters,
LoaderOptions options) {
- CustomClassLoaderConstructor constructor = new CustomClassLoaderConstructor(classLoader, options) {
+ return new CustomClassLoaderConstructor(classLoader, options) {
@Override
protected Class<?> getClassForName(String name) throws ClassNotFoundException {
if (typeFilters.stream().noneMatch(f -> f.test(name))) {
@@ -469,6 +471,5 @@ public final class SnakeYAMLDataFormat extends ServiceSupport implements DataFor
return super.getClassForName(name);
}
};
- return constructor;
}
}
diff --git a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
index 6ab8ceb3554..6ce32af73c5 100644
--- a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
+++ b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
@@ -16,6 +16,8 @@
*/
package org.apache.camel.component.snakeyaml.custom;
+import java.util.Objects;
+
import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.constructor.Constructor;
@@ -24,14 +26,11 @@ import org.yaml.snakeyaml.constructor.Constructor;
*/
public class CustomClassLoaderConstructor extends Constructor {
- private ClassLoader loader = this.getClass().getClassLoader();
+ private final ClassLoader loader;
public CustomClassLoaderConstructor(ClassLoader theLoader, LoaderOptions options) {
super(Object.class, options);
- if (theLoader == null) {
- throw new NullPointerException("Loader must be provided.");
- }
- this.loader = theLoader;
+ this.loader = Objects.requireNonNull(theLoader, "Loader must be provided.");
}
@Override
diff --git a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
index 54320d9450a..386f16cb51b 100644
--- a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
+++ b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
@@ -26,6 +26,7 @@ import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
import org.apache.camel.test.junit5.CamelTestSupport;
import org.junit.jupiter.api.Test;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
@@ -42,14 +43,15 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
assertNotNull(mock);
mock.expectedMessageCount(1);
- InputStream is = this.getClass().getClassLoader().getResourceAsStream("data.yaml");
+ try (InputStream is = this.getClass().getClassLoader().getResourceAsStream("data.yaml")) {
- ProducerTemplate template = context.createProducerTemplate();
- String result = template.requestBody("direct:back", is, String.class);
- assertNotNull(result);
- assertEquals("{name=Colm, location=Dublin}", result.trim());
+ ProducerTemplate template = context.createProducerTemplate();
+ String result = template.requestBody("direct:back", is, String.class);
+ assertNotNull(result);
+ assertEquals("{name=Colm, location=Dublin}", result.trim());
- mock.assertIsSatisfied();
+ mock.assertIsSatisfied();
+ }
}
@Test
@@ -59,18 +61,19 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
assertNotNull(mock);
mock.expectedMessageCount(0);
- InputStream is = this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml");
+ try (InputStream is = this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml")) {
- ProducerTemplate template = context.createProducerTemplate();
+ ProducerTemplate template = context.createProducerTemplate();
- Exception ex = assertThrows(CamelExecutionException.class,
- () -> template.requestBody("direct:back", is, String.class),
- "Failure expected on an alias expansion attack");
+ Exception ex = assertThrows(CamelExecutionException.class,
+ () -> template.requestBody("direct:back", is, String.class),
+ "Failure expected on an alias expansion attack");
- Throwable cause = ex.getCause();
- assertEquals("Number of aliases for non-scalar nodes exceeds the specified max=50", cause.getMessage());
+ Throwable cause = ex.getCause();
+ assertEquals("Number of aliases for non-scalar nodes exceeds the specified max=50", cause.getMessage());
- mock.assertIsSatisfied();
+ mock.assertIsSatisfied();
+ }
}
@Test
@@ -139,7 +142,7 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
f.put(f, "a");
f.put("g", root);
- Yaml yaml = new Yaml(new SafeConstructor());
+ Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()));
return yaml.dump(f);
}
diff --git a/parent/pom.xml b/parent/pom.xml
index 3d69fb1788d..95caac3ac7b 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -493,7 +493,7 @@
<smallrye-metrics-version>3.0.5</smallrye-metrics-version>
<smallrye-health-version>3.3.0</smallrye-health-version>
<smallrye-fault-tolerance-version>5.6.0</smallrye-fault-tolerance-version>
- <snakeyaml-version>1.33</snakeyaml-version>
+ <snakeyaml-version>2.0</snakeyaml-version>
<snakeyaml-engine-version>2.3</snakeyaml-engine-version>
<snmp4j-version>2.6.3_1</snmp4j-version>
<!-- solr version aligned with lucene -->
diff --git a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
index 545b44847e2..4498f07a207 100644
--- a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
+++ b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
@@ -21,6 +21,7 @@ import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
@@ -56,8 +57,10 @@ import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.twdata.maven.mojoexecutor.MojoExecutor;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
+import org.yaml.snakeyaml.inspector.TrustedTagInspector;
import static org.apache.commons.lang3.StringUtils.isNotEmpty;
import static org.twdata.maven.mojoexecutor.MojoExecutor.artifactId;
@@ -172,8 +175,8 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
final DestinationGenerator destinationGeneratorObject;
try {
- destinationGeneratorObject = destinationGeneratorClass.newInstance();
- } catch (InstantiationException | IllegalAccessException e) {
+ destinationGeneratorObject = destinationGeneratorClass.getDeclaredConstructor().newInstance();
+ } catch (InstantiationException | IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
throw new MojoExecutionException(
"The given destinationGenerator class (" + destinationGenerator
+ ") cannot be instantiated, make sure that it is declared as public and that all dependencies are present on the COMPILE classpath scope of the project",
@@ -226,7 +229,7 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
version(swaggerCodegenMavenPluginVersion)),
goal("generate"),
configuration(
- elements.toArray(new MojoExecutor.Element[elements.size()])),
+ elements.toArray(new MojoExecutor.Element[0])),
executionEnvironment(
mavenProject,
mavenSession,
@@ -243,7 +246,7 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
for (final Dependency dep : mavenProject.getDependencies()) {
if ("org.apache.camel".equals(dep.getGroupId()) || "org.apache.camel.springboot".equals(dep.getGroupId())) {
final String aid = dep.getArtifactId();
- final Optional<String> comp = Arrays.asList(DEFAULT_REST_CONSUMER_COMPONENTS).stream()
+ final Optional<String> comp = Arrays.stream(DEFAULT_REST_CONSUMER_COMPONENTS)
.filter(c -> aid.startsWith("camel-" + c)).findFirst();
if (comp.isPresent()) {
return comp.get();
@@ -340,7 +343,9 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
String suffix = ".yaml";
if (specificationUri.regionMatches(true, specificationUri.length() - suffix.length(), suffix, 0, suffix.length())) {
- Yaml loader = new Yaml(new SafeConstructor());
+ LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
+ Yaml loader = new Yaml(new SafeConstructor(options));
Map map = loader.load(is);
JsonNode node = mapper.convertValue(map, JsonNode.class);
return (OasDocument) Library.readDocument(node);