You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by sv...@apache.org on 2016/12/11 09:15:38 UTC

[1/2] brooklyn-server git commit: Use SnakeYAML SafeConstructor by default

Repository: brooklyn-server
Updated Branches:
  refs/heads/master b765795e7 -> e997d9abd


Use SnakeYAML SafeConstructor by default

Overridable by setting a system property.

Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/3ae4a4d1
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/3ae4a4d1
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/3ae4a4d1

Branch: refs/heads/master
Commit: 3ae4a4d156341a53e54a2fe07192f46b15763d06
Parents: 9f8a3aa
Author: Richard Downer <ri...@apache.org>
Authored: Thu Dec 8 16:43:40 2016 +0000
Committer: Richard Downer <ri...@apache.org>
Committed: Fri Dec 9 11:10:51 2016 +0000

----------------------------------------------------------------------
 .../util/internal/BrooklynSystemProperties.java |  2 ++
 .../org/apache/brooklyn/util/yaml/Yamls.java    | 20 +++++++++++++-----
 .../apache/brooklyn/util/yaml/YamlsTest.java    | 22 ++++++++++++++++++--
 3 files changed, 37 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/3ae4a4d1/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java b/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
index 3d0048b..58c27d9 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
@@ -37,4 +37,6 @@ public class BrooklynSystemProperties {
     public static StringSystemProperty HOST_GEO_LOOKUP_IMPL_LEGACY = new StringSystemProperty("brooklyn.location.geo.HostGeoLookup");
     public static StringSystemProperty HOST_GEO_LOOKUP_IMPL = new StringSystemProperty("org.apache.brooklyn.core.location.geo.HostGeoLookup");
 
+    /** Allows the use of YAML tags to create arbitrary types known to Java. */
+    public static BooleanSystemProperty YAML_TYPE_INSTANTIATION = new BooleanSystemProperty("org.apache.brooklyn.unsafe.YamlTypeInstantiation");
 }

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/3ae4a4d1/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
index 1697097..8230676 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
@@ -34,11 +34,13 @@ import org.apache.brooklyn.util.collections.Jsonya;
 import org.apache.brooklyn.util.collections.MutableList;
 import org.apache.brooklyn.util.exceptions.Exceptions;
 import org.apache.brooklyn.util.exceptions.UserFacingException;
+import org.apache.brooklyn.util.internal.BrooklynSystemProperties;
 import org.apache.brooklyn.util.text.Strings;
-import org.apache.brooklyn.util.yaml.Yamls;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.Constructor;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 import org.yaml.snakeyaml.error.Mark;
 import org.yaml.snakeyaml.nodes.MappingNode;
 import org.yaml.snakeyaml.nodes.Node;
@@ -54,6 +56,14 @@ public class Yamls {
 
     private static final Logger log = LoggerFactory.getLogger(Yamls.class);
 
+    private static Yaml newYaml() {
+        return new Yaml(
+                BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled()
+                        ? new Constructor() // allows instantiation of arbitrary Java types
+                        : new SafeConstructor() // allows instantiation of limited set of types only
+        );
+    }
+
     /** returns the given (yaml-parsed) object as the given yaml type.
      * <p>
      * if the object is an iterable or iterator this method will fully expand it as a list. 
@@ -93,7 +103,7 @@ public class Yamls {
      */
     @Beta
     public static Object getAt(String yaml, List<String> path) {
-        Iterable<Object> result = new org.yaml.snakeyaml.Yaml().loadAll(yaml);
+        Iterable<Object> result = newYaml().loadAll(yaml);
         Object current = result.iterator().next();
         return getAtPreParsed(current, path);
     }
@@ -152,14 +162,14 @@ public class Yamls {
     /** simplifies new Yaml().loadAll, and converts to list to prevent single-use iterable bug in yaml */
     @SuppressWarnings("unchecked")
     public static Iterable<Object> parseAll(String yaml) {
-        Iterable<Object> result = new org.yaml.snakeyaml.Yaml().loadAll(yaml);
+        Iterable<Object> result = newYaml().loadAll(yaml);
         return (List<Object>) getAs(result, List.class);
     }
 
     /** as {@link #parseAll(String)} */
     @SuppressWarnings("unchecked")
     public static Iterable<Object> parseAll(Reader yaml) {
-        Iterable<Object> result = new org.yaml.snakeyaml.Yaml().loadAll(yaml);
+        Iterable<Object> result = newYaml().loadAll(yaml);
         return (List<Object>) getAs(result, List.class);
     }
 
@@ -536,7 +546,7 @@ b: 1
         try {
             int pathIndex = 0;
             result.yaml = yaml;
-            result.focus = new Yaml().compose(new StringReader(yaml));
+            result.focus = newYaml().compose(new StringReader(yaml));
     
             findTextOfYamlAtPath(result, pathIndex, path);
             return result;

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/3ae4a4d1/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
----------------------------------------------------------------------
diff --git a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
index bd701d5..50e499e 100644
--- a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
+++ b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
@@ -19,18 +19,20 @@
 package org.apache.brooklyn.util.yaml;
 
 import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertFalse;
 
 import java.util.Iterator;
 import java.util.List;
 
+import org.apache.brooklyn.test.Asserts;
 import org.apache.brooklyn.util.collections.MutableList;
 import org.apache.brooklyn.util.exceptions.UserFacingException;
-import org.apache.brooklyn.util.yaml.Yamls;
-import org.apache.brooklyn.util.yaml.YamlsTest;
+import org.apache.brooklyn.util.internal.BrooklynSystemProperties;
 import org.apache.brooklyn.util.yaml.Yamls.YamlExtract;
 import org.testng.Assert;
 import org.testng.TestNG;
 import org.testng.annotations.Test;
+import org.yaml.snakeyaml.constructor.ConstructorException;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -183,6 +185,22 @@ public class YamlsTest {
         }
     }
     
+    @Test
+    public void testSafeYaml() throws Exception {
+        assertFalse(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled(),
+                "Set property to false (or do not set at all): " + BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName());
+
+        try {
+            Yamls.parseAll("!!java.util.Date\n" +
+                    "date: 25\n" +
+                    "month: 12\n" +
+                    "year: 2016");
+            Asserts.shouldHaveFailedPreviously("Expected exception: " + ConstructorException.class.getCanonicalName());
+        } catch(ConstructorException e) {
+            Asserts.expectedFailureContains(e, "could not determine a constructor");
+        }
+    }
+
     // convenience, since running with older TestNG IDE plugin will fail (older snakeyaml dependency);
     // if you run as a java app it doesn't bring in the IDE TestNG jar version, and it works
     public static void main(String[] args) {

[2/2] brooklyn-server git commit: Closes #483

Posted by sv...@apache.org.

Closes #483

Use SnakeYAML SafeConstructor by default

Overridable by setting a system property.


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/e997d9ab
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/e997d9ab
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/e997d9ab

Branch: refs/heads/master
Commit: e997d9abd68c79c93166fca8d84365bd3cd6d7b2
Parents: b765795 3ae4a4d
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Authored: Sun Dec 11 11:15:27 2016 +0200
Committer: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Committed: Sun Dec 11 11:15:27 2016 +0200

----------------------------------------------------------------------
 .../util/internal/BrooklynSystemProperties.java |  2 ++
 .../org/apache/brooklyn/util/yaml/Yamls.java    | 20 +++++++++++++-----
 .../apache/brooklyn/util/yaml/YamlsTest.java    | 22 ++++++++++++++++++--
 3 files changed, 37 insertions(+), 7 deletions(-)
----------------------------------------------------------------------