From 96ebba03a825fcd93dbc7d4074ac5e81ecc4a2af Mon Sep 17 00:00:00 2001 From: Guillermo Calvo Date: Mon, 8 Jan 2024 12:28:06 +0100 Subject: [PATCH] Revert SnakeYAML changes (#13336) Revert "Override Spring BOM for SnakeYAML to force version 2.2 (#13255)" - This reverts commit 13737502d06f2f8b877c5b4956c90e14e6ae8cbd. Revert "Upgrade to SnakeYaml 2.2 and use SafeContructor to prevent accessing the classpath (#13207)" - This reverts commit dd02741aa931455f28678f78b5b440c821e4a70e. - This reverts commit 980d835b9707c20c4a1147670d0f4d024f95c2dd. - This reverts commit 64a28067b68b9b7be38ef21176520597345845ae. --- build.gradle | 6 - gradle.properties | 1 - grails-bootstrap/build.gradle | 2 +- .../main/groovy/grails/util/Metadata.groovy | 3 +- .../org/grails/config/CodeGenConfig.groovy | 3 +- .../boot/env/OriginTrackedYamlLoader.java | 201 ------------------ grails-docs/build.gradle | 2 +- .../groovy/grails/doc/DocPublisher.groovy | 5 +- .../doc/internal/YamlTocStrategy.groovy | 3 +- .../MapReadingCachedGradleOperation.groovy | 5 +- .../grails/cli/profile/AbstractProfile.groovy | 5 +- .../grails/cli/profile/DefaultFeature.groovy | 3 +- .../factory/YamlCommandFactory.groovy | 3 +- 13 files changed, 13 insertions(+), 229 deletions(-) delete mode 100644 grails-core/src/main/groovy/org/springframework/boot/env/OriginTrackedYamlLoader.java diff --git a/build.gradle b/build.gradle index b044774c5c0..286246d7eec 100644 --- a/build.gradle +++ b/build.gradle @@ -111,12 +111,6 @@ ext { names : ['grails-async', 'grails-events'], modules: ['gpars', 'rxjava', 'rxjava2'] ], - snakeyaml: [ - version: snakeyamlVersion, - group : 'org.yaml', - names: ['snakeyaml'], - modules: [''] - ], spock: [ version: spockVersion, group : 'org.spockframework', diff --git a/gradle.properties b/gradle.properties index 56b67e16d92..9e5169f95ee 100644 --- a/gradle.properties +++ b/gradle.properties @@ -20,7 +20,6 @@ jansiVersion=1.18 jlineVersion=2.14.6 jnaVersion=4.5.2 slf4jVersion=1.7.30 -snakeyamlVersion=2.2 directoryWatcherVersion=0.9.9 junitVersion=4.13 caffeineVersion=2.6.2 diff --git a/grails-bootstrap/build.gradle b/grails-bootstrap/build.gradle index c93b421ae6f..6a91e1c2d52 100644 --- a/grails-bootstrap/build.gradle +++ b/grails-bootstrap/build.gradle @@ -3,7 +3,7 @@ import org.apache.tools.ant.filters.ReplaceTokens dependencies { compile ( "org.codehaus.groovy:groovy-xml:$groovyVersion" ) compile ( "org.codehaus.groovy:groovy-templates:$groovyVersion" ) - compile "org.yaml:snakeyaml:$snakeyamlVersion" + compile "org.yaml:snakeyaml:1.33" compileOnly("io.methvin:directory-watcher:0.16.1") compileOnly("org.fusesource.jansi:jansi:$jansiVersion") diff --git a/grails-bootstrap/src/main/groovy/grails/util/Metadata.groovy b/grails-bootstrap/src/main/groovy/grails/util/Metadata.groovy index f4b08f49dbf..0228bee588c 100644 --- a/grails-bootstrap/src/main/groovy/grails/util/Metadata.groovy +++ b/grails-bootstrap/src/main/groovy/grails/util/Metadata.groovy @@ -22,7 +22,6 @@ import org.grails.config.NavigableMap import org.grails.io.support.FileSystemResource import org.grails.io.support.Resource import org.grails.io.support.UrlResource -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor @@ -169,7 +168,7 @@ class Metadata extends NavigableMap implements ConfigMap { } private Object loadYml(InputStream input) { - Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions())) + Yaml yaml = new Yaml(new SafeConstructor()) def loadedYaml = yaml.loadAll(input) List result = [] for(Object yamlObject : loadedYaml) { diff --git a/grails-bootstrap/src/main/groovy/org/grails/config/CodeGenConfig.groovy b/grails-bootstrap/src/main/groovy/org/grails/config/CodeGenConfig.groovy index b7eb5aa5514..11e6a06d974 100644 --- a/grails-bootstrap/src/main/groovy/org/grails/config/CodeGenConfig.groovy +++ b/grails-bootstrap/src/main/groovy/org/grails/config/CodeGenConfig.groovy @@ -22,7 +22,6 @@ import groovy.transform.CompileDynamic import groovy.transform.CompileStatic import org.codehaus.groovy.runtime.DefaultGroovyMethods import org.codehaus.groovy.runtime.typehandling.GroovyCastException -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor @@ -154,7 +153,7 @@ class CodeGenConfig implements Cloneable, ConfigMap { @CompileDynamic // fails with CompileStatic! void loadYml(InputStream input) { - Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions())) + Yaml yaml = new Yaml(new SafeConstructor()) for(Object yamlObject : yaml.loadAll(input)) { if(yamlObject instanceof Map) { // problem here with CompileStatic mergeMap((Map)yamlObject) diff --git a/grails-core/src/main/groovy/org/springframework/boot/env/OriginTrackedYamlLoader.java b/grails-core/src/main/groovy/org/springframework/boot/env/OriginTrackedYamlLoader.java deleted file mode 100644 index a245581eb2b..00000000000 --- a/grails-core/src/main/groovy/org/springframework/boot/env/OriginTrackedYamlLoader.java +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright 2012-2023 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.boot.env; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.NoSuchElementException; -import java.util.regex.Pattern; -import java.util.stream.Collectors; - -import org.yaml.snakeyaml.DumperOptions; -import org.yaml.snakeyaml.LoaderOptions; -import org.yaml.snakeyaml.Yaml; -import org.yaml.snakeyaml.constructor.BaseConstructor; -import org.yaml.snakeyaml.constructor.Constructor; -import org.yaml.snakeyaml.constructor.SafeConstructor; -import org.yaml.snakeyaml.error.Mark; -import org.yaml.snakeyaml.nodes.CollectionNode; -import org.yaml.snakeyaml.nodes.MappingNode; -import org.yaml.snakeyaml.nodes.Node; -import org.yaml.snakeyaml.nodes.NodeTuple; -import org.yaml.snakeyaml.nodes.ScalarNode; -import org.yaml.snakeyaml.nodes.Tag; -import org.yaml.snakeyaml.representer.Representer; -import org.yaml.snakeyaml.resolver.Resolver; - -import org.springframework.beans.factory.config.YamlProcessor; -import org.springframework.boot.origin.Origin; -import org.springframework.boot.origin.OriginTrackedValue; -import org.springframework.boot.origin.TextResourceOrigin; -import org.springframework.boot.origin.TextResourceOrigin.Location; -import org.springframework.core.io.Resource; -import org.springframework.util.ReflectionUtils; - -/** - * Class to load {@code .yml} files into a map of {@code String} to - * {@link OriginTrackedValue}. - * - * @author Madhura Bhave - * @author Phillip Webb - */ -class OriginTrackedYamlLoader extends YamlProcessor { - - private static final boolean HAS_RESOLVER_LIMIT = ReflectionUtils.findMethod(Resolver.class, "addImplicitResolver", - Tag.class, Pattern.class, String.class, int.class) != null; - - private final Resource resource; - - OriginTrackedYamlLoader(Resource resource) { - this.resource = resource; - setResources(resource); - } - - @Override - protected Yaml createYaml() { - LoaderOptions loaderOptions = new LoaderOptions(); - loaderOptions.setAllowDuplicateKeys(false); - loaderOptions.setMaxAliasesForCollections(Integer.MAX_VALUE); - loaderOptions.setAllowRecursiveKeys(true); - return createYaml(loaderOptions); - } - - private Yaml createYaml(LoaderOptions loaderOptions) { - BaseConstructor constructor = new OriginTrackingConstructor(loaderOptions); - DumperOptions dumperOptions = new DumperOptions(); - Representer representer = new Representer(dumperOptions); - Resolver resolver = HAS_RESOLVER_LIMIT ? new NoTimestampResolverWithLimit() : new NoTimestampResolver(); - return new Yaml(constructor, representer, dumperOptions, loaderOptions, resolver); - } - - List> load() { - final List> result = new ArrayList<>(); - process((properties, map) -> result.add(getFlattenedMap(map))); - return result; - } - - /** - * {@link Constructor} that tracks property origins. - */ - private class OriginTrackingConstructor extends SafeConstructor { - - OriginTrackingConstructor(LoaderOptions loadingConfig) { - super(loadingConfig); - } - - @Override - public Object getData() throws NoSuchElementException { - Object data = super.getData(); - if (data instanceof CharSequence && ((CharSequence) data).length() == 0) { - return null; - } - return data; - } - - @Override - protected Object constructObject(Node node) { - if (node instanceof CollectionNode && ((CollectionNode) node).getValue().isEmpty()) { - return constructTrackedObject(node, super.constructObject(node)); - } - if (node instanceof ScalarNode) { - if (!(node instanceof KeyScalarNode)) { - return constructTrackedObject(node, super.constructObject(node)); - } - } - if (node instanceof MappingNode) { - replaceMappingNodeKeys((MappingNode) node); - } - return super.constructObject(node); - } - - private void replaceMappingNodeKeys(MappingNode node) { - node.setValue(node.getValue().stream().map(KeyScalarNode::get).collect(Collectors.toList())); - } - - private Object constructTrackedObject(Node node, Object value) { - Origin origin = getOrigin(node); - return OriginTrackedValue.of(getValue(value), origin); - } - - private Object getValue(Object value) { - return (value != null) ? value : ""; - } - - private Origin getOrigin(Node node) { - Mark mark = node.getStartMark(); - Location location = new Location(mark.getLine(), mark.getColumn()); - return new TextResourceOrigin(OriginTrackedYamlLoader.this.resource, location); - } - - } - - /** - * {@link ScalarNode} that replaces the key node in a {@link NodeTuple}. - */ - private static class KeyScalarNode extends ScalarNode { - - KeyScalarNode(ScalarNode node) { - super(node.getTag(), node.getValue(), node.getStartMark(), node.getEndMark(), node.getScalarStyle()); - } - - static NodeTuple get(NodeTuple nodeTuple) { - Node keyNode = nodeTuple.getKeyNode(); - Node valueNode = nodeTuple.getValueNode(); - return new NodeTuple(KeyScalarNode.get(keyNode), valueNode); - } - - private static Node get(Node node) { - if (node instanceof ScalarNode) { - return new KeyScalarNode((ScalarNode) node); - } - return node; - } - - } - - /** - * {@link Resolver} that limits {@link Tag#TIMESTAMP} tags. - */ - private static class NoTimestampResolver extends Resolver { - - @Override - public void addImplicitResolver(Tag tag, Pattern regexp, String first) { - if (tag == Tag.TIMESTAMP) { - return; - } - super.addImplicitResolver(tag, regexp, first); - } - - } - - /** - * {@link Resolver} that limits {@link Tag#TIMESTAMP} tags. - */ - private static class NoTimestampResolverWithLimit extends Resolver { - - @Override - public void addImplicitResolver(Tag tag, Pattern regexp, String first, int limit) { - if (tag == Tag.TIMESTAMP) { - return; - } - super.addImplicitResolver(tag, regexp, first, limit); - } - - } - -} diff --git a/grails-docs/build.gradle b/grails-docs/build.gradle index a7c7393d101..604eb9d122f 100644 --- a/grails-docs/build.gradle +++ b/grails-docs/build.gradle @@ -9,7 +9,7 @@ dependencies { "org.slf4j:jcl-over-slf4j:$slf4jVersion", "org.apache.ant:ant:$antVersion", 'org.grails:grails-gdoc-engine:1.0.1', - "org.yaml:snakeyaml:$snakeyamlVersion", + 'org.yaml:snakeyaml:1.33', "org.codehaus.groovy:groovy-ant:$groovyVersion" compile 'org.asciidoctor:asciidoctorj:2.5.6' diff --git a/grails-docs/src/main/groovy/grails/doc/DocPublisher.groovy b/grails-docs/src/main/groovy/grails/doc/DocPublisher.groovy index e8faf7fe023..1a4fa3b6b52 100644 --- a/grails-docs/src/main/groovy/grails/doc/DocPublisher.groovy +++ b/grails-docs/src/main/groovy/grails/doc/DocPublisher.groovy @@ -24,7 +24,6 @@ import org.apache.commons.logging.LogFactory import org.radeox.api.engine.WikiRenderEngine import org.radeox.engine.context.BaseInitialRenderContext import org.radeox.engine.context.BaseRenderContext -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor @@ -266,7 +265,7 @@ class DocPublisher { def legacyLinks = [:] if (legacyLinksFile.exists()) { legacyLinksFile.withInputStream { input -> - legacyLinks = new Yaml(new SafeConstructor(new LoaderOptions())).load(input) + legacyLinks = new Yaml(new SafeConstructor()).load(input) } } @@ -538,7 +537,7 @@ class DocPublisher { } else if(propertiesFile.name.endsWith('.yml')) { propertiesFile.withInputStream { input -> - def ymls = new Yaml(new SafeConstructor(new LoaderOptions())).loadAll(input) + def ymls = new Yaml(new SafeConstructor()).loadAll(input) for(yml in ymls) { if(yml instanceof Map) { def config = yml.grails?.doc diff --git a/grails-docs/src/main/groovy/grails/doc/internal/YamlTocStrategy.groovy b/grails-docs/src/main/groovy/grails/doc/internal/YamlTocStrategy.groovy index 07689b58c4c..fec54559155 100644 --- a/grails-docs/src/main/groovy/grails/doc/internal/YamlTocStrategy.groovy +++ b/grails-docs/src/main/groovy/grails/doc/internal/YamlTocStrategy.groovy @@ -1,6 +1,5 @@ package grails.doc.internal -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor @@ -8,7 +7,7 @@ import org.yaml.snakeyaml.constructor.SafeConstructor * Class representing a Grails user guide table of contents defined in YAML. */ class YamlTocStrategy { - private final parser = new Yaml(new SafeConstructor(new LoaderOptions())) + private final parser = new Yaml(new SafeConstructor()) private resourceChecker private String ext = ".gdoc" diff --git a/grails-shell/src/main/groovy/org/grails/cli/gradle/cache/MapReadingCachedGradleOperation.groovy b/grails-shell/src/main/groovy/org/grails/cli/gradle/cache/MapReadingCachedGradleOperation.groovy index fa0adaef5cc..b1460c97847 100644 --- a/grails-shell/src/main/groovy/org/grails/cli/gradle/cache/MapReadingCachedGradleOperation.groovy +++ b/grails-shell/src/main/groovy/org/grails/cli/gradle/cache/MapReadingCachedGradleOperation.groovy @@ -20,7 +20,6 @@ import groovy.transform.CompileStatic import groovy.transform.InheritConstructors import org.gradle.tooling.ProjectConnection import org.yaml.snakeyaml.DumperOptions -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor import org.yaml.snakeyaml.representer.Representer @@ -38,7 +37,7 @@ abstract class MapReadingCachedGradleOperation extends CachedGradleOperation @Override Map readFromCached(File f) { def map = (Map) f.withReader { BufferedReader r -> - new Yaml(new SafeConstructor(new LoaderOptions())).load(r) + new Yaml(new SafeConstructor()).load(r) } Map newMap = [:] @@ -62,7 +61,7 @@ abstract class MapReadingCachedGradleOperation extends CachedGradleOperation return [(key):val.toString()] } } - new Yaml(new SafeConstructor(new LoaderOptions()), new Representer(options), options).dump(toWrite, writer) + new Yaml(new SafeConstructor(), new Representer(), options).dump(toWrite, writer) } } diff --git a/grails-shell/src/main/groovy/org/grails/cli/profile/AbstractProfile.groovy b/grails-shell/src/main/groovy/org/grails/cli/profile/AbstractProfile.groovy index 503106e9dc7..b4edb3a5d1b 100644 --- a/grails-shell/src/main/groovy/org/grails/cli/profile/AbstractProfile.groovy +++ b/grails-shell/src/main/groovy/org/grails/cli/profile/AbstractProfile.groovy @@ -33,7 +33,6 @@ import org.grails.cli.profile.commands.DefaultMultiStepCommand import org.grails.cli.profile.commands.script.GroovyScriptCommand import org.grails.config.NavigableMap import org.grails.io.support.Resource -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor @@ -109,7 +108,7 @@ abstract class AbstractProfile implements Profile { protected void initialize() { def profileYml = profileDir.createRelative("profile.yml") - Map profileConfig = new Yaml(new SafeConstructor(new LoaderOptions())).> load(profileYml.getInputStream()) + Map profileConfig = new Yaml(new SafeConstructor()).> load(profileYml.getInputStream()) name = profileConfig.get("name")?.toString() description = profileConfig.get("description")?.toString() ?: '' @@ -139,7 +138,7 @@ abstract class AbstractProfile implements Profile { else if(fileName.endsWith('.yml')) { def yamlCommand = profileDir.createRelative("commands/$fileName") if(yamlCommand.exists()) { - Map data = new Yaml(new SafeConstructor(new LoaderOptions())).load(yamlCommand.getInputStream()) + Map data = new Yaml(new SafeConstructor()).load(yamlCommand.getInputStream()) Command cmd = new DefaultMultiStepCommand(clsName.toString(), this, data) Object minArguments = data?.minArguments cmd.minArguments = minArguments instanceof Integer ? (Integer)minArguments : 1 diff --git a/grails-shell/src/main/groovy/org/grails/cli/profile/DefaultFeature.groovy b/grails-shell/src/main/groovy/org/grails/cli/profile/DefaultFeature.groovy index bc1b99655f5..c44e1ffa920 100644 --- a/grails-shell/src/main/groovy/org/grails/cli/profile/DefaultFeature.groovy +++ b/grails-shell/src/main/groovy/org/grails/cli/profile/DefaultFeature.groovy @@ -23,7 +23,6 @@ import org.eclipse.aether.artifact.DefaultArtifact import org.eclipse.aether.graph.Dependency import org.grails.config.NavigableMap import org.grails.io.support.Resource -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor @@ -50,7 +49,7 @@ class DefaultFeature implements Feature { this.name = name this.location = location def featureYml = location.createRelative("feature.yml") - Map featureConfig = new Yaml(new SafeConstructor(new LoaderOptions())).>load(featureYml.getInputStream()) + Map featureConfig = new Yaml(new SafeConstructor()).>load(featureYml.getInputStream()) configuration.merge(featureConfig) def dependencyMap = configuration.get("dependencies") diff --git a/grails-shell/src/main/groovy/org/grails/cli/profile/commands/factory/YamlCommandFactory.groovy b/grails-shell/src/main/groovy/org/grails/cli/profile/commands/factory/YamlCommandFactory.groovy index 02a71a73e20..15c37483c2c 100644 --- a/grails-shell/src/main/groovy/org/grails/cli/profile/commands/factory/YamlCommandFactory.groovy +++ b/grails-shell/src/main/groovy/org/grails/cli/profile/commands/factory/YamlCommandFactory.groovy @@ -22,7 +22,6 @@ import org.grails.cli.profile.Command import org.grails.cli.profile.Profile import org.grails.cli.profile.commands.DefaultMultiStepCommand import org.grails.io.support.Resource -import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor @@ -37,7 +36,7 @@ import java.util.regex.Pattern */ @CompileStatic class YamlCommandFactory extends ResourceResolvingCommandFactory { - protected Yaml yamlParser=new Yaml(new SafeConstructor(new LoaderOptions())) + protected Yaml yamlParser=new Yaml(new SafeConstructor()) // LAX parser for JSON: http://mrhaki.blogspot.ie/2014/08/groovy-goodness-relax-groovy-will-parse.html protected JsonSlurper jsonSlurper = new JsonSlurper().setType(JsonParserType.LAX)