brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject brooklyn-server git commit: Use SnakeYAML SafeConstructor by default
Date Sun, 11 Dec 2016 09:22:57 GMT
Repository: brooklyn-server
Updated Branches:
  refs/heads/0.10.0 635068a69 -> ad34129fd


Use SnakeYAML SafeConstructor by default

Overridable by setting a system property.

Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/ad34129f
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/ad34129f
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/ad34129f

Branch: refs/heads/0.10.0
Commit: ad34129fd19b4b4c6d65a6e906c6f04e4185ef31
Parents: 635068a
Author: Richard Downer <richard@apache.org>
Authored: Thu Dec 8 16:43:40 2016 +0000
Committer: Svetoslav Neykov <svetoslav.neykov@cloudsoftcorp.com>
Committed: Sun Dec 11 09:17:14 2016 +0000

----------------------------------------------------------------------
 .../util/internal/BrooklynSystemProperties.java |  2 ++
 .../org/apache/brooklyn/util/yaml/Yamls.java    | 20 +++++++++++++-----
 .../apache/brooklyn/util/yaml/YamlsTest.java    | 22 ++++++++++++++++++--
 3 files changed, 37 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/ad34129f/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
b/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
index 3d0048b..58c27d9 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/internal/BrooklynSystemProperties.java
@@ -37,4 +37,6 @@ public class BrooklynSystemProperties {
     public static StringSystemProperty HOST_GEO_LOOKUP_IMPL_LEGACY = new StringSystemProperty("brooklyn.location.geo.HostGeoLookup");
     public static StringSystemProperty HOST_GEO_LOOKUP_IMPL = new StringSystemProperty("org.apache.brooklyn.core.location.geo.HostGeoLookup");
 
+    /** Allows the use of YAML tags to create arbitrary types known to Java. */
+    public static BooleanSystemProperty YAML_TYPE_INSTANTIATION = new BooleanSystemProperty("org.apache.brooklyn.unsafe.YamlTypeInstantiation");
 }

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/ad34129f/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
index 1697097..8230676 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/yaml/Yamls.java
@@ -34,11 +34,13 @@ import org.apache.brooklyn.util.collections.Jsonya;
 import org.apache.brooklyn.util.collections.MutableList;
 import org.apache.brooklyn.util.exceptions.Exceptions;
 import org.apache.brooklyn.util.exceptions.UserFacingException;
+import org.apache.brooklyn.util.internal.BrooklynSystemProperties;
 import org.apache.brooklyn.util.text.Strings;
-import org.apache.brooklyn.util.yaml.Yamls;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.Constructor;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 import org.yaml.snakeyaml.error.Mark;
 import org.yaml.snakeyaml.nodes.MappingNode;
 import org.yaml.snakeyaml.nodes.Node;
@@ -54,6 +56,14 @@ public class Yamls {
 
     private static final Logger log = LoggerFactory.getLogger(Yamls.class);
 
+    private static Yaml newYaml() {
+        return new Yaml(
+                BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled()
+                        ? new Constructor() // allows instantiation of arbitrary Java types
+                        : new SafeConstructor() // allows instantiation of limited set of
types only
+        );
+    }
+
     /** returns the given (yaml-parsed) object as the given yaml type.
      * <p>
      * if the object is an iterable or iterator this method will fully expand it as a list.

@@ -93,7 +103,7 @@ public class Yamls {
      */
     @Beta
     public static Object getAt(String yaml, List<String> path) {
-        Iterable<Object> result = new org.yaml.snakeyaml.Yaml().loadAll(yaml);
+        Iterable<Object> result = newYaml().loadAll(yaml);
         Object current = result.iterator().next();
         return getAtPreParsed(current, path);
     }
@@ -152,14 +162,14 @@ public class Yamls {
     /** simplifies new Yaml().loadAll, and converts to list to prevent single-use iterable
bug in yaml */
     @SuppressWarnings("unchecked")
     public static Iterable<Object> parseAll(String yaml) {
-        Iterable<Object> result = new org.yaml.snakeyaml.Yaml().loadAll(yaml);
+        Iterable<Object> result = newYaml().loadAll(yaml);
         return (List<Object>) getAs(result, List.class);
     }
 
     /** as {@link #parseAll(String)} */
     @SuppressWarnings("unchecked")
     public static Iterable<Object> parseAll(Reader yaml) {
-        Iterable<Object> result = new org.yaml.snakeyaml.Yaml().loadAll(yaml);
+        Iterable<Object> result = newYaml().loadAll(yaml);
         return (List<Object>) getAs(result, List.class);
     }
 
@@ -536,7 +546,7 @@ b: 1
         try {
             int pathIndex = 0;
             result.yaml = yaml;
-            result.focus = new Yaml().compose(new StringReader(yaml));
+            result.focus = newYaml().compose(new StringReader(yaml));
     
             findTextOfYamlAtPath(result, pathIndex, path);
             return result;

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/ad34129f/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
----------------------------------------------------------------------
diff --git a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
index bd701d5..50e499e 100644
--- a/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
+++ b/utils/common/src/test/java/org/apache/brooklyn/util/yaml/YamlsTest.java
@@ -19,18 +19,20 @@
 package org.apache.brooklyn.util.yaml;
 
 import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertFalse;
 
 import java.util.Iterator;
 import java.util.List;
 
+import org.apache.brooklyn.test.Asserts;
 import org.apache.brooklyn.util.collections.MutableList;
 import org.apache.brooklyn.util.exceptions.UserFacingException;
-import org.apache.brooklyn.util.yaml.Yamls;
-import org.apache.brooklyn.util.yaml.YamlsTest;
+import org.apache.brooklyn.util.internal.BrooklynSystemProperties;
 import org.apache.brooklyn.util.yaml.Yamls.YamlExtract;
 import org.testng.Assert;
 import org.testng.TestNG;
 import org.testng.annotations.Test;
+import org.yaml.snakeyaml.constructor.ConstructorException;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -183,6 +185,22 @@ public class YamlsTest {
         }
     }
     
+    @Test
+    public void testSafeYaml() throws Exception {
+        assertFalse(BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.isEnabled(),
+                "Set property to false (or do not set at all): " + BrooklynSystemProperties.YAML_TYPE_INSTANTIATION.getPropertyName());
+
+        try {
+            Yamls.parseAll("!!java.util.Date\n" +
+                    "date: 25\n" +
+                    "month: 12\n" +
+                    "year: 2016");
+            Asserts.shouldHaveFailedPreviously("Expected exception: " + ConstructorException.class.getCanonicalName());
+        } catch(ConstructorException e) {
+            Asserts.expectedFailureContains(e, "could not determine a constructor");
+        }
+    }
+
     // convenience, since running with older TestNG IDE plugin will fail (older snakeyaml
dependency);
     // if you run as a java app it doesn't bring in the IDE TestNG jar version, and it works
     public static void main(String[] args) {


Mime
View raw message