This is an automated email from the ASF dual-hosted git repository.
nfilotto pushed a commit to branch camel-3.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-3.x by this push:
new 78aabad4e56 CAMEL-19130: Upgrade to snakeyaml 2.x (#10450)
78aabad4e56 is described below
commit 78aabad4e5684add922c23e6c25d6ce6be49a1af
Author: Nicolas Filotto <[email protected]>
AuthorDate: Tue Jun 20 20:35:00 2023 +0200
CAMEL-19130: Upgrade to snakeyaml 2.x (#10450)
In order to get the latest improvements and bug fixes, we need to upgrade
to snakeyaml 2.
* Updated the version of snakeyaml
* Upgared `camel-snakeyaml` and `camel-restdsl-openapi-plugin`
* Fixed some violations raised
---
camel-dependencies/pom.xml | 2 +-
.../camel/component/snakeyaml/snakeYaml.json | 2 +-
.../component/snakeyaml/SnakeYAMLDataFormat.java | 11 ++++----
.../custom/CustomClassLoaderConstructor.java | 9 +++---
.../component/snakeyaml/SnakeYAMLDoSTest.java | 33 ++++++++++++----------
.../dsl/jbang/core/commands/CodeRestGenerator.java | 3 +-
parent/pom.xml | 2 +-
.../generator/openapi/AbstractGenerateMojo.java | 15 ++++++----
8 files changed, 43 insertions(+), 34 deletions(-)
diff --git a/camel-dependencies/pom.xml b/camel-dependencies/pom.xml
index b83c3c85599..0ee371d686b 100644
--- a/camel-dependencies/pom.xml
+++ b/camel-dependencies/pom.xml
@@ -507,7 +507,7 @@
<smallrye-health-version>3.3.0</smallrye-health-version>
<smallrye-metrics-version>3.0.5</smallrye-metrics-version>
<snakeyaml-engine-version>2.3</snakeyaml-engine-version>
- <snakeyaml-version>1.33</snakeyaml-version>
+ <snakeyaml-version>2.0</snakeyaml-version>
<snmp4j-version>2.6.3_1</snmp4j-version>
<solr-version>8.11.2</solr-version>
<solr-version-range>[8,9)</solr-version-range>
diff --git
a/components/camel-snakeyaml/src/generated/resources/org/apache/camel/component/snakeyaml/snakeYaml.json
b/components/camel-snakeyaml/src/generated/resources/org/apache/camel/component/snakeyaml/snakeYaml.json
index d6b511caea7..9cbdbc7ff9b 100644
---
a/components/camel-snakeyaml/src/generated/resources/org/apache/camel/component/snakeyaml/snakeYaml.json
+++
b/components/camel-snakeyaml/src/generated/resources/org/apache/camel/component/snakeyaml/snakeYaml.json
@@ -16,7 +16,7 @@
"modelJavaType": "org.apache.camel.model.dataformat.YAMLDataFormat"
},
"properties": {
- "library": { "kind": "attribute", "displayName": "Library", "required":
false, "type": "enum", "javaType":
"org.apache.camel.model.dataformat.YAMLLibrary", "enum": [ "SnakeYAML" ],
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"SnakeYAML", "description": "Which yaml library to use. By default it is
SnakeYAML" },
+ "library": { "kind": "attribute", "displayName": "Library", "required":
false, "type": "enum", "javaType":
"org.apache.camel.model.dataformat.YAMLLibrary", "enum": [ "snake-yaml" ],
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"SnakeYAML", "description": "Which yaml library to use. By default it is
SnakeYAML" },
"unmarshalType": { "kind": "attribute", "displayName": "Unmarshal Type",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Class
name of the java type to use when unmarshalling" },
"constructor": { "kind": "attribute", "displayName": "Constructor",
"label": "advanced", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "BaseConstructor to construct incoming documents." },
"representer": { "kind": "attribute", "displayName": "Representer",
"label": "advanced", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Representer to emit outgoing objects." },
diff --git
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
index 19cedf019f9..3fc93deac88 100644
---
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
+++
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/SnakeYAMLDataFormat.java
@@ -47,6 +47,7 @@ import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.BaseConstructor;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.constructor.SafeConstructor;
+import org.yaml.snakeyaml.inspector.TrustedTagInspector;
import org.yaml.snakeyaml.nodes.Tag;
import org.yaml.snakeyaml.representer.Representer;
import org.yaml.snakeyaml.resolver.Resolver;
@@ -142,6 +143,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
if (yaml == null) {
LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
options.setAllowRecursiveKeys(allowRecursiveKeys);
options.setMaxAliasesForCollections(maxAliasesForCollections);
@@ -389,6 +391,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
}
LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
options.setAllowRecursiveKeys(allowRecursiveKeys);
options.setMaxAliasesForCollections(maxAliasesForCollections);
@@ -416,7 +419,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
}
private Representer defaultRepresenter(CamelContext context) {
- Representer yamlRepresenter = new Representer();
+ Representer yamlRepresenter = new Representer(new DumperOptions());
if (classTags != null) {
for (Map.Entry<Class<?>, Tag> entry : classTags.entrySet()) {
@@ -443,7 +446,7 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
// ***************************
private static Constructor typeFilterConstructor(final
Collection<TypeFilter> typeFilters, LoaderOptions options) {
- Constructor constructor = new Constructor(options) {
+ return new Constructor(options) {
@Override
protected Class<?> getClassForName(String name) throws
ClassNotFoundException {
if (typeFilters.stream().noneMatch(f -> f.test(name))) {
@@ -453,13 +456,12 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
return super.getClassForName(name);
}
};
- return constructor;
}
private static Constructor typeFilterConstructor(
final ClassLoader classLoader, final Collection<TypeFilter>
typeFilters,
LoaderOptions options) {
- CustomClassLoaderConstructor constructor = new
CustomClassLoaderConstructor(classLoader, options) {
+ return new CustomClassLoaderConstructor(classLoader, options) {
@Override
protected Class<?> getClassForName(String name) throws
ClassNotFoundException {
if (typeFilters.stream().noneMatch(f -> f.test(name))) {
@@ -469,6 +471,5 @@ public final class SnakeYAMLDataFormat extends
ServiceSupport implements DataFor
return super.getClassForName(name);
}
};
- return constructor;
}
}
diff --git
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
index 6ab8ceb3554..6ce32af73c5 100644
---
a/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
+++
b/components/camel-snakeyaml/src/main/java/org/apache/camel/component/snakeyaml/custom/CustomClassLoaderConstructor.java
@@ -16,6 +16,8 @@
*/
package org.apache.camel.component.snakeyaml.custom;
+import java.util.Objects;
+
import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.constructor.Constructor;
@@ -24,14 +26,11 @@ import org.yaml.snakeyaml.constructor.Constructor;
*/
public class CustomClassLoaderConstructor extends Constructor {
- private ClassLoader loader = this.getClass().getClassLoader();
+ private final ClassLoader loader;
public CustomClassLoaderConstructor(ClassLoader theLoader, LoaderOptions
options) {
super(Object.class, options);
- if (theLoader == null) {
- throw new NullPointerException("Loader must be provided.");
- }
- this.loader = theLoader;
+ this.loader = Objects.requireNonNull(theLoader, "Loader must be
provided.");
}
@Override
diff --git
a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
index 54320d9450a..386f16cb51b 100644
---
a/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
+++
b/components/camel-snakeyaml/src/test/java/org/apache/camel/component/snakeyaml/SnakeYAMLDoSTest.java
@@ -26,6 +26,7 @@ import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
import org.apache.camel.test.junit5.CamelTestSupport;
import org.junit.jupiter.api.Test;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
@@ -42,14 +43,15 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
assertNotNull(mock);
mock.expectedMessageCount(1);
- InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data.yaml");
+ try (InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data.yaml")) {
- ProducerTemplate template = context.createProducerTemplate();
- String result = template.requestBody("direct:back", is, String.class);
- assertNotNull(result);
- assertEquals("{name=Colm, location=Dublin}", result.trim());
+ ProducerTemplate template = context.createProducerTemplate();
+ String result = template.requestBody("direct:back", is,
String.class);
+ assertNotNull(result);
+ assertEquals("{name=Colm, location=Dublin}", result.trim());
- mock.assertIsSatisfied();
+ mock.assertIsSatisfied();
+ }
}
@Test
@@ -59,18 +61,19 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
assertNotNull(mock);
mock.expectedMessageCount(0);
- InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml");
+ try (InputStream is =
this.getClass().getClassLoader().getResourceAsStream("data-dos.yaml")) {
- ProducerTemplate template = context.createProducerTemplate();
+ ProducerTemplate template = context.createProducerTemplate();
- Exception ex = assertThrows(CamelExecutionException.class,
- () -> template.requestBody("direct:back", is, String.class),
- "Failure expected on an alias expansion attack");
+ Exception ex = assertThrows(CamelExecutionException.class,
+ () -> template.requestBody("direct:back", is,
String.class),
+ "Failure expected on an alias expansion attack");
- Throwable cause = ex.getCause();
- assertEquals("Number of aliases for non-scalar nodes exceeds the
specified max=50", cause.getMessage());
+ Throwable cause = ex.getCause();
+ assertEquals("Number of aliases for non-scalar nodes exceeds the
specified max=50", cause.getMessage());
- mock.assertIsSatisfied();
+ mock.assertIsSatisfied();
+ }
}
@Test
@@ -139,7 +142,7 @@ public class SnakeYAMLDoSTest extends CamelTestSupport {
f.put(f, "a");
f.put("g", root);
- Yaml yaml = new Yaml(new SafeConstructor());
+ Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()));
return yaml.dump(f);
}
diff --git
a/dsl/camel-jbang/camel-jbang-core/src/main/java/org/apache/camel/dsl/jbang/core/commands/CodeRestGenerator.java
b/dsl/camel-jbang/camel-jbang-core/src/main/java/org/apache/camel/dsl/jbang/core/commands/CodeRestGenerator.java
index 31431befa54..5f57cdc10bf 100644
---
a/dsl/camel-jbang/camel-jbang-core/src/main/java/org/apache/camel/dsl/jbang/core/commands/CodeRestGenerator.java
+++
b/dsl/camel-jbang/camel-jbang-core/src/main/java/org/apache/camel/dsl/jbang/core/commands/CodeRestGenerator.java
@@ -36,6 +36,7 @@ import org.apache.logging.log4j.core.config.Configurator;
import org.openapitools.codegen.ClientOptInput;
import org.openapitools.codegen.DefaultGenerator;
import org.openapitools.codegen.config.CodegenConfigurator;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
import picocli.CommandLine;
@@ -99,7 +100,7 @@ public class CodeRestGenerator extends CamelCommand {
private JsonNode readNodeFromYaml() throws FileNotFoundException {
final ObjectMapper mapper = new ObjectMapper();
- Yaml loader = new Yaml(new SafeConstructor());
+ Yaml loader = new Yaml(new SafeConstructor(new LoaderOptions()));
Map map = loader.load(new FileInputStream(Paths.get(input).toFile()));
return mapper.convertValue(map, JsonNode.class);
}
diff --git a/parent/pom.xml b/parent/pom.xml
index 3d69fb1788d..95caac3ac7b 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -493,7 +493,7 @@
<smallrye-metrics-version>3.0.5</smallrye-metrics-version>
<smallrye-health-version>3.3.0</smallrye-health-version>
<smallrye-fault-tolerance-version>5.6.0</smallrye-fault-tolerance-version>
- <snakeyaml-version>1.33</snakeyaml-version>
+ <snakeyaml-version>2.0</snakeyaml-version>
<snakeyaml-engine-version>2.3</snakeyaml-engine-version>
<snmp4j-version>2.6.3_1</snmp4j-version>
<!-- solr version aligned with lucene -->
diff --git
a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
index 545b44847e2..4498f07a207 100644
---
a/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
+++
b/tooling/maven/camel-restdsl-openapi-plugin/src/main/java/org/apache/camel/maven/generator/openapi/AbstractGenerateMojo.java
@@ -21,6 +21,7 @@ import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
@@ -56,8 +57,10 @@ import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.twdata.maven.mojoexecutor.MojoExecutor;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
+import org.yaml.snakeyaml.inspector.TrustedTagInspector;
import static org.apache.commons.lang3.StringUtils.isNotEmpty;
import static org.twdata.maven.mojoexecutor.MojoExecutor.artifactId;
@@ -172,8 +175,8 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
final DestinationGenerator destinationGeneratorObject;
try {
- destinationGeneratorObject =
destinationGeneratorClass.newInstance();
- } catch (InstantiationException | IllegalAccessException e) {
+ destinationGeneratorObject =
destinationGeneratorClass.getDeclaredConstructor().newInstance();
+ } catch (InstantiationException | IllegalAccessException |
NoSuchMethodException | InvocationTargetException e) {
throw new MojoExecutionException(
"The given destinationGenerator class (" +
destinationGenerator
+ ") cannot be instantiated, make
sure that it is declared as public and that all dependencies are present on the
COMPILE classpath scope of the project",
@@ -226,7 +229,7 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
version(swaggerCodegenMavenPluginVersion)),
goal("generate"),
configuration(
- elements.toArray(new
MojoExecutor.Element[elements.size()])),
+ elements.toArray(new MojoExecutor.Element[0])),
executionEnvironment(
mavenProject,
mavenSession,
@@ -243,7 +246,7 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
for (final Dependency dep : mavenProject.getDependencies()) {
if ("org.apache.camel".equals(dep.getGroupId()) ||
"org.apache.camel.springboot".equals(dep.getGroupId())) {
final String aid = dep.getArtifactId();
- final Optional<String> comp =
Arrays.asList(DEFAULT_REST_CONSUMER_COMPONENTS).stream()
+ final Optional<String> comp =
Arrays.stream(DEFAULT_REST_CONSUMER_COMPONENTS)
.filter(c -> aid.startsWith("camel-" + c)).findFirst();
if (comp.isPresent()) {
return comp.get();
@@ -340,7 +343,9 @@ abstract class AbstractGenerateMojo extends AbstractMojo {
String suffix = ".yaml";
if (specificationUri.regionMatches(true, specificationUri.length() -
suffix.length(), suffix, 0, suffix.length())) {
- Yaml loader = new Yaml(new SafeConstructor());
+ LoaderOptions options = new LoaderOptions();
+ options.setTagInspector(new TrustedTagInspector());
+ Yaml loader = new Yaml(new SafeConstructor(options));
Map map = loader.load(is);
JsonNode node = mapper.convertValue(map, JsonNode.class);
return (OasDocument) Library.readDocument(node);
