update snakeyaml to latest version; same for jackson and cxf to use latest snakeyaml
diff --git a/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java b/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java
index f2b4583..8cba89f 100644
--- a/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java
+++ b/core/src/main/java/org/apache/brooklyn/util/core/json/ConfigurableSerializerProvider.java
@@ -20,6 +20,7 @@
import java.io.IOException;
+import com.fasterxml.jackson.databind.cfg.CacheProvider;
import org.apache.brooklyn.util.exceptions.Exceptions;
import com.fasterxml.jackson.core.JsonGenerator;
@@ -47,6 +48,12 @@
return new ConfigurableSerializerProvider(config, this, jsf);
}
+ @Override
+ public DefaultSerializerProvider withCaches(CacheProvider cacheProvider) {
+ // would need to support fluency in this class to support
+ throw new IllegalStateException("Caches not supported for this serializer provider");
+ }
+
public ConfigurableSerializerProvider(SerializationConfig config, ConfigurableSerializerProvider src, SerializerFactory jsf) {
super(src, config, jsf);
unknownTypeSerializer = src.unknownTypeSerializer;
diff --git a/pom.xml b/pom.xml
index 440e84e..1b130c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,7 @@
<jakarta.activation.version>1.2.2</jakarta.activation.version>
<jakarta.mail.version>1.6.5</jakarta.mail.version> <!-- used by karaf -->
<!-- double-check downstream projects before changing jackson version -->
- <fasterxml.jackson.version>2.14.1</fasterxml.jackson.version>
+ <fasterxml.jackson.version>2.16.1</fasterxml.jackson.version>
<cxf.version>3.4.10</cxf.version>
<httpcomponents.httpclient.version>4.5.13</httpcomponents.httpclient.version> <!-- To match apache-cxf-3.4.10-features.xml -->
<httpcomponents.httpcore.version>4.4.15</httpcomponents.httpcore.version> <!-- To match cxf -->
@@ -140,8 +140,8 @@
<groovy.version>2.4.21</groovy.version> <!-- 2.4 seems to be an LTS; later versions switch to using a pom not a jar for groovy all, then in 4 to using modules and hosted at apache rather than codehaus; note the groovy-eclipse-complier versions below -->
<groovy-eclipse-compiler.version>2.9.1-01</groovy-eclipse-compiler.version> <!-- see https://github.com/groovy/groovy-eclipse/wiki/Groovy-Eclipse-2.9.1-Release-Notes -->
<groovy-eclipse-batch.version>2.4.21-01</groovy-eclipse-batch.version>
- <snakeyaml.version>1.33</snakeyaml.version> <!-- align with cxf, jackson-dataformat-yaml -->
- <snakeyaml.jclouds.version>1.26</snakeyaml.jclouds.version> <!-- jclouds 2.4 imports this -->
+ <snakeyaml.version>2.2</snakeyaml.version> <!-- should match: cxf-parent, jackson-dataformat-yaml (both of which seem to update regularly) -->
+ <snakeyaml.jclouds.version>1.26</snakeyaml.jclouds.version> <!-- jclouds 2.4 imports this; used for exclusion; yaml in jclouds might be broken as we are long past this -->
<!-- Next version of swagger requires changes to how path mapping and scanner injection are done. -->
<swagger.version>1.6.2</swagger.version>
<mx4j.version>3.0.1</mx4j.version>
diff --git a/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java b/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java
index ac411c3..a769578 100644
--- a/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java
+++ b/software/base/src/main/java/org/apache/brooklyn/tasks/kubectl/KubeJobFileCreator.java
@@ -18,6 +18,18 @@
*/
package org.apache.brooklyn.tasks.kubectl;
+import java.io.File;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.io.Writer;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import org.apache.brooklyn.core.mgmt.ha.BrooklynBomOsgiArchiveInstaller;
@@ -31,14 +43,6 @@
import org.yaml.snakeyaml.nodes.Tag;
import org.yaml.snakeyaml.representer.Representer;
-import java.io.File;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.io.Writer;
-import java.util.*;
-import java.util.stream.Collectors;
-
/**
* This was needed to ensure our Kubernetes Yaml Job configurations are valid.
*/
@@ -210,7 +214,7 @@
options.setIndent(2);
options.setPrettyFlow(true);
options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
- Representer representer = new Representer(){
+ Representer representer = new Representer(options){
@Override
protected NodeTuple representJavaBeanProperty(Object javaBean, Property property, Object propertyValue, Tag customTag) {
// if value of property is null, ignore it.
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
index 05a0167..aa11aa5 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
@@ -18,7 +18,6 @@
*/
package org.apache.brooklyn.util.yaml;
-import com.google.common.base.Function;
import java.io.Reader;
import java.io.StringReader;
import java.util.ArrayList;
@@ -28,11 +27,13 @@
import java.util.Map;
import java.util.Map.Entry;
import java.util.concurrent.atomic.AtomicBoolean;
-
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
+import com.google.common.annotations.Beta;
+import com.google.common.base.Function;
+import com.google.common.collect.Iterables;
import org.apache.brooklyn.util.collections.Jsonya;
import org.apache.brooklyn.util.collections.MutableList;
import org.apache.brooklyn.util.exceptions.Exceptions;
@@ -42,20 +43,18 @@
import org.apache.brooklyn.util.text.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
-import org.yaml.snakeyaml.constructor.BaseConstructor;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.constructor.SafeConstructor;
import org.yaml.snakeyaml.error.Mark;
+import org.yaml.snakeyaml.inspector.TagInspector;
import org.yaml.snakeyaml.nodes.MappingNode;
import org.yaml.snakeyaml.nodes.Node;
import org.yaml.snakeyaml.nodes.NodeId;
import org.yaml.snakeyaml.nodes.NodeTuple;
import org.yaml.snakeyaml.nodes.ScalarNode;
import org.yaml.snakeyaml.nodes.SequenceNode;
-
-import com.google.common.annotations.Beta;
-import com.google.common.collect.Iterables;
import org.yaml.snakeyaml.nodes.Tag;
public class Yamls {
@@ -63,27 +62,27 @@
private static final Logger log = LoggerFactory.getLogger(Yamls.class);
private static Yaml newYaml() {
- BaseConstructor constructor;
+ LoaderOptions loaderOptions = new LoaderOptions();
+
if (BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled()) {
- // allows instantiation of arbitrary Java types;
- constructor = new Constructor() {
-
- };
- } else {
- constructor = new SafeConstructor() {
-
- };
+ loaderOptions.setTagInspector(new TagInspector() {
+ @Override
+ public boolean isGlobalTagAllowed(Tag tag) {
+ return true;
+ }
+ });
}
+
return new Yaml(
BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled()
- ? new ConstructorExcludingNonNumbers() // allows instantiation of arbitrary Java types
- : new SafeConstructorExcludingNonNumbers() // allows instantiation of limited set of types only
+ ? new ConstructorExcludingNonNumbers(loaderOptions) // allows instantiation of arbitrary Java types
+ : new SafeConstructorExcludingNonNumbers(loaderOptions) // allows instantiation of limited set of types only
);
}
private static class ConstructorExcludingNonNumbers extends Constructor {
- public ConstructorExcludingNonNumbers() {
- super();
+ public ConstructorExcludingNonNumbers(LoaderOptions loaderOptions) {
+ super(loaderOptions);
this.yamlConstructors.put(Tag.FLOAT, new ConstructYamlFloatExcludingNonNumbers());
}
class ConstructYamlFloatExcludingNonNumbers extends ConstructYamlFloat {
@@ -95,8 +94,8 @@
}
private static class SafeConstructorExcludingNonNumbers extends SafeConstructor {
- public SafeConstructorExcludingNonNumbers() {
- super();
+ public SafeConstructorExcludingNonNumbers(LoaderOptions loaderOptions) {
+ super(loaderOptions);
this.yamlConstructors.put(Tag.FLOAT, new ConstructYamlFloatExcludingNonNumbers());
}
class ConstructYamlFloatExcludingNonNumbers extends ConstructYamlFloat {
diff --git a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
index b1d868b..b80e8d0 100644
--- a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
+++ b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
@@ -21,6 +21,7 @@
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
+import java.util.Date;
import java.util.Iterator;
import java.util.List;
@@ -36,6 +37,7 @@
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
+import org.yaml.snakeyaml.error.MarkedYAMLException;
public class YamlsTest {
@@ -196,8 +198,35 @@
"month: 12\n" +
"year: 2016");
Asserts.shouldHaveFailedPreviously("Expected exception: " + ConstructorException.class.getCanonicalName());
- } catch(ConstructorException e) {
- Asserts.expectedFailureContains(e, "could not determine a constructor");
+ } catch (MarkedYAMLException e) {
+ Asserts.expectedFailureContains(e,
+ // with 2.2:
+ "Global tag is not allowed", "tag:yaml.org,2002:java.util.Date"
+ // with 1.33: "could not determine a constructor"
+ );
+ }
+ }
+
+ @Test
+ public void testUnsafeYaml() throws Exception {
+ assertFalse(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled(),
+ "Set property to false (or do not set at all): " + BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName());
+
+ try {
+ System.setProperty(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName(), "true");
+ Asserts.assertTrue(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled());
+
+ Object d = Yamls.parseAll("!!java.util.Date\n" +
+ "date: 25\n" +
+ "month: 12\n" +
+ "year: 2016").iterator().next();
+ Asserts.assertInstanceOf(d, Date.class);
+
+ } finally {
+ System.clearProperty(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName());
+
+ assertFalse(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled(),
+ "Set property to false (or do not set at all): " + BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName());
}
}