This is an automated email from the ASF dual-hosted git repository.
nfilotto pushed a commit to branch CAMEL-19130/upgrade-snakeyaml-2-3.21.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 7b49e0fc38987ec42ade67e6e679839f8747ba53
Author: Nicolas Filotto <essob...@users.noreply.github.com>
AuthorDate: Mon Mar 20 15:49:24 2023 +0100
CAMEL-19130: Upgrade to snakeyaml 2.x
In order to get the latest improvements and bug fixes, we need to upgrade
to snakeyaml 2.
* Updated the version of snakeyaml
* Upgared `camel-snakeyaml` and `camel-restdsl-openapi-plugin`
* Fixed some violations raised
---
camel-dependencies/pom.xml | 2 +-
.../component/snakeyaml/SnakeYAMLDataFormat.java | 15 +++++-----
.../custom/CustomClassLoaderConstructor.java | 9 +++---
.../component/snakeyaml/SnakeYAMLDoSTest.java | 33 ++++++++++++----------
parent/pom.xml | 2 +-
.../generator/openapi/AbstractGenerateMojo.java | 15 ++++++----
6 files changed, 42 insertions(+), 34 deletions(-)
diff --git a/camel-dependencies/pom.xml b/camel-dependencies/pom.xml
index 2f731add2c4..5a5515c60c4 100644
--- a/camel-dependencies/pom.xml
+++ b/camel-dependencies/pom.xml
@@ -507,7 +507,7 @@
<smallrye-health-version>3.3.0</smallrye-health-version>
<smallrye-metrics-version>3.0.5</smallrye-metrics-version>
<snakeyaml-engine-version>2.3</snakeyaml-engine-version>
- <snakeyaml-version>1.33</snakeyaml-version>
+ <snakeyaml-version>2.0</snakeyaml-version>
<snmp4j-version>2.6.3_1</snmp4j-version>
<solr-version>8.11.2</solr-version>
<solr-version-range>[8,9)</solr-version-range>
diff --git
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
index 19cedf019f9..7a0b9d56a36 100644
---
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
+++
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
@@ -47,6 +47,7 @@ import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.BaseConstructor;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.constructor.SafeConstructor;
+import org.yaml.snakeyaml.inspector.TrustedTagInspector;
import org.yaml.snakeyaml.nodes.Tag;
import org.yaml.snakeyaml.representer.Representer;
import org.yaml.snakeyaml.resolver.Resolver;
@@ -142,6 +143,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
if (yaml == null) {
LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
options.setAllowRecursiveKeys(allowRecursiveKeys);
options.setMaxAliasesForCollections(maxAliasesForCollections);
@@ -389,6 +391,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
}
LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
options.setAllowRecursiveKeys(allowRecursiveKeys);
options.setMaxAliasesForCollections(maxAliasesForCollections);
@@ -406,9 +409,9 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
yamlConstructor = new SafeConstructor(options);
}
- if (typeDescriptions != null && yamlConstructor instanceof
Constructor) {
+ if (typeDescriptions != null && yamlConstructor instanceof Constructor
con) {
for (TypeDescription typeDescription : typeDescriptions) {
- ((Constructor)
yamlConstructor).addTypeDescription(typeDescription);
+ con.addTypeDescription(typeDescription);
}
}
@@ -416,7 +419,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
}
private Representer defaultRepresenter(CamelContext context) {
- Representer yamlRepresenter = new Representer();
+ Representer yamlRepresenter = new Representer(new DumperOptions());
if (classTags != null) {
for (Map.Entry<Class<?>, Tag> entry : classTags.entrySet()) {
@@ -443,7 +446,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
// ***************************
private static Constructor typeFilterConstructor(final
Collection<TypeFilter> typeFilters, LoaderOptions options) {
- Constructor constructor = new Constructor(options) {
+ return new Constructor(options) {
@Override
protected Class<?> getClassForName(String name) throws
ClassNotFoundException {
if (typeFilters.stream().noneMatch(f -> f.test(name))) {
@@ -453,13 +456,12 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
return super.getClassForName(name);
}
};
- return constructor;
}
private static Constructor typeFilterConstructor(
final ClassLoader classLoader, final Collection<TypeFilter>
typeFilters,
LoaderOptions options) {
- CustomClassLoaderConstructor constructor = new
CustomClassLoaderConstructor(classLoader, options) {
+ return new CustomClassLoaderConstructor(classLoader, options) {
@Override
protected Class<?> getClassForName(String name) throws
ClassNotFoundException {
if (typeFilters.stream().noneMatch(f -> f.test(name))) {
@@ -469,6 +471,5 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
return super.getClassForName(name);
}
};
- return constructor;
}
}
diff --git
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
index 6ab8ceb3554..6ce32af73c5 100644
---
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
+++
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
@@ -16,6 +16,8 @@
*/
package org.apache.camel.component.snakeyaml.custom;
+import java.util.Objects;
+
import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.constructor.Constructor;
@@ -24,14 +26,11 @@ import org.yaml.snakeyaml.constructor.Constructor;
*/
public class CustomClassLoaderConstructor extends Constructor {
- private ClassLoader loader = this.getClass().getClassLoader();
+ private final ClassLoader loader;
public CustomClassLoaderConstructor(ClassLoader theLoader, LoaderOptions
options) {
super(Object.class, options);
- if (theLoader == null) {
- throw new NullPointerException("Loader must be provided.");
- }
- this.loader = theLoader;
+ this.loader = Objects.requireNonNull(theLoader, "Loader must be
provided.");
}
@Override
diff --git
a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
index 54320d9450a..386f16cb51b 100644
---
a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
+++
b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
@@ -26,6 +26,7 @@ import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
import org.apache.camel.test.junit5.CamelTestSupport;
import org.junit.jupiter.api.Test;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
@@ -42,14 +43,15 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
assertNotNull(mock);
mock.expectedMessageCount(1);
- InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data.yaml");
+ try (InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data.yaml")) {
- ProducerTemplate template = context.createProducerTemplate();
- String result = template.requestBody("direct:back", is, String.class);
- assertNotNull(result);
- assertEquals("{name=Colm, location=Dublin}", result.trim());
+ ProducerTemplate template = context.createProducerTemplate();
+ String result = template.requestBody("direct:back", is,
String.class);
+ assertNotNull(result);
+ assertEquals("{name=Colm, location=Dublin}", result.trim());
- mock.assertIsSatisfied();
+ mock.assertIsSatisfied();
+ }
}
@Test
@@ -59,18 +61,19 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
assertNotNull(mock);
mock.expectedMessageCount(0);
- InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml");
+ try (InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml")) {
- ProducerTemplate template = context.createProducerTemplate();
+ ProducerTemplate template = context.createProducerTemplate();
- Exception ex = assertThrows(CamelExecutionException.class,
- () -> template.requestBody("direct:back", is, String.class),
- "Failure expected on an alias expansion attack");
+ Exception ex = assertThrows(CamelExecutionException.class,
+ () -> template.requestBody("direct:back", is,
String.class),
+ "Failure expected on an alias expansion attack");
- Throwable cause = ex.getCause();
- assertEquals("Number of aliases for non-scalar nodes exceeds the
specified max=50", cause.getMessage());
+ Throwable cause = ex.getCause();
+ assertEquals("Number of aliases for non-scalar nodes exceeds the
specified max=50", cause.getMessage());
- mock.assertIsSatisfied();
+ mock.assertIsSatisfied();
+ }
}
@Test
@@ -139,7 +142,7 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
f.put(f, "a");
f.put("g", root);
- Yaml yaml = new Yaml(new SafeConstructor());
+ Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()));
return yaml.dump(f);
}
diff --git a/parent/pom.xml b/parent/pom.xml
index a2a32a2caf3..c0897639246 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -493,7 +493,7 @@
<smallrye-metrics-version>3.0.5</smallrye-metrics-version>
<smallrye-health-version>3.3.0</smallrye-health-version>
<smallrye-fault-tolerance-version>5.6.0</smallrye-fault-tolerance-version>
- <snakeyaml-version>1.33</snakeyaml-version>
+ <snakeyaml-version>2.0</snakeyaml-version>
<snakeyaml-engine-version>2.3</snakeyaml-engine-version>
<snmp4j-version>2.6.3_1</snmp4j-version>
<!-- solr version aligned with lucene -->
diff --git
a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
index 545b44847e2..4498f07a207 100644
---
a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
+++
b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
@@ -21,6 +21,7 @@ import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
@@ -56,8 +57,10 @@ import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.twdata.maven.mojoexecutor.MojoExecutor;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
+import org.yaml.snakeyaml.inspector.TrustedTagInspector;
import static org.apache.commons.lang3.StringUtils.isNotEmpty;
import static org.twdata.maven.mojoexecutor.MojoExecutor.artifactId;
@@ -172,8 +175,8 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
final DestinationGenerator destinationGeneratorObject;
try {
- destinationGeneratorObject =
destinationGeneratorClass.newInstance();
- } catch (InstantiationException | IllegalAccessException e) {
+ destinationGeneratorObject =
destinationGeneratorClass.getDeclaredConstructor().newInstance();
+ } catch (InstantiationException | IllegalAccessException |
NoSuchMethodException | InvocationTargetException e) {
throw new MojoExecutionException(
"The given destinationGenerator class (" +
destinationGenerator
+ ") cannot be instantiated, make
sure that it is declared as public and that all dependencies are present on the
COMPILE classpath scope of the project",
@@ -226,7 +229,7 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
version(swaggerCodegenMavenPluginVersion)),
goal("generate"),
configuration(
- elements.toArray(new
MojoExecutor.Element[elements.size()])),
+ elements.toArray(new MojoExecutor.Element[0])),
executionEnvironment(
mavenProject,
mavenSession,
@@ -243,7 +246,7 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
for (final Dependency dep : mavenProject.getDependencies()) {
if ("org.apache.camel".equals(dep.getGroupId()) ||
"org.apache.camel.springboot".equals(dep.getGroupId())) {
final String aid = dep.getArtifactId();
- final Optional<String> comp =
Arrays.asList(DEFAULT_REST_CONSUMER_COMPONENTS).stream()
+ final Optional<String> comp =
Arrays.stream(DEFAULT_REST_CONSUMER_COMPONENTS)
.filter(c -> aid.startsWith("camel-" + c)).findFirst();
if (comp.isPresent()) {
return comp.get();
@@ -340,7 +343,9 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
String suffix = ".yaml";
if (specificationUri.regionMatches(true, specificationUri.length() -
suffix.length(), suffix, 0, suffix.length())) {
- Yaml loader = new Yaml(new SafeConstructor());
+ LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
+ Yaml loader = new Yaml(new SafeConstructor(options));
Map map = loader.load(is);
JsonNode node = mapper.convertValue(map, JsonNode.class);
return (OasDocument) Library.readDocument(node);
