Skip to content
This repository was archived by the owner on Mar 3, 2023. It is now read-only.

Commit 9d77767

Browse files
nwangtwnwangtw
committed
Use safe constructor in yaml deserialization
1 parent b069e45 commit 9d77767

File tree

4 files changed

+17
-13
lines changed

4 files changed

+17
-13
lines changed

heron/common/src/java/org/apache/heron/common/config/ConfigReader.java

+3-2
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
import java.util.logging.Logger;
3333

3434
import org.yaml.snakeyaml.Yaml;
35+
import org.yaml.snakeyaml.constructor.SafeConstructor;
3536

3637
/**
3738
* Loads config file in Yaml file format.
@@ -79,7 +80,7 @@ public static Map<String, Object> loadFile(String fileName) {
7980
try {
8081
FileInputStream fin = new FileInputStream(new File(fileName));
8182
try {
82-
Yaml yaml = new Yaml();
83+
Yaml yaml = new Yaml(new SafeConstructor());
8384
propsYaml = (Map<String, Object>) yaml.load(fin);
8485
LOG.log(Level.FINE, "Successfully read config file {0}", fileName);
8586
} finally {
@@ -104,7 +105,7 @@ public static Map<String, Object> loadFile(String fileName) {
104105
public static Map<String, Object> loadStream(InputStream inputStream) {
105106
LOG.fine("Reading config stream");
106107

107-
Yaml yaml = new Yaml();
108+
Yaml yaml = new Yaml(new SafeConstructor());
108109
Map<Object, Object> propsYaml = (Map<Object, Object>) yaml.load(inputStream);
109110
LOG.fine("Successfully read config");
110111

heron/metricsmgr/src/java/org/apache/heron/metricsmgr/MetricsSinksConfig.java

+2-1
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
import java.util.Map;
3030

3131
import org.yaml.snakeyaml.Yaml;
32+
import org.yaml.snakeyaml.constructor.SafeConstructor;
3233

3334
import org.apache.heron.common.basics.TypeUtils;
3435

@@ -62,7 +63,7 @@ private Map<Object, Object> readConfig(String configFile) throws IOException {
6263
return Collections.emptyMap();
6364
}
6465

65-
Yaml yaml = new Yaml();
66+
Yaml yaml = new Yaml(new SafeConstructor());
6667
try (InputStream inputStream = new FileInputStream(configFile)) {
6768
return (Map<Object, Object>) yaml.load(inputStream);
6869
}

heron/tools/apiserver/src/java/org/apache/heron/apiserver/utils/ConfigUtils.java

+4-3
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030

3131
import org.yaml.snakeyaml.DumperOptions;
3232
import org.yaml.snakeyaml.Yaml;
33+
import org.yaml.snakeyaml.constructor.SafeConstructor;
3334

3435
import org.apache.heron.api.exception.InvalidTopologyException;
3536
import org.apache.heron.api.generated.TopologyAPI;
@@ -110,7 +111,7 @@ public static void applyOverrides(Path overridesPath, Map<String, String> overri
110111
try (Writer writer = Files.newBufferedWriter(tempOverridesPath)) {
111112
overrideReader = Files.newBufferedReader(overridesPath);
112113
final Map<String, Object> currentOverrides =
113-
(Map<String, Object>) new Yaml().load(overrideReader);
114+
(Map<String, Object>) new Yaml(new SafeConstructor()).load(overrideReader);
114115
currentOverrides.putAll(overrides);
115116

116117
// write updated overrides
@@ -138,9 +139,9 @@ public static void applyOverridesToStateManagerConfig(Path overridesPath,
138139
) {
139140
stateManagerReader = Files.newBufferedReader(stateManagerPath);
140141

141-
final Map<String, Object> overrides = (Map<String, Object>) new Yaml().load(overrideReader);
142+
final Map<String, Object> overrides = (Map<String, Object>) new Yaml(new SafeConstructor()).load(overrideReader);
142143
final Map<String, Object> stateMangerConfig =
143-
(Map<String, Object>) new Yaml().load(stateManagerReader);
144+
(Map<String, Object>) new Yaml(new SafeConstructor()).load(stateManagerReader);
144145
// update the state manager config with the overrides
145146
for (Map.Entry<String, Object> entry : overrides.entrySet()) {
146147
// does this key have an override?

heron/tools/apiserver/tests/java/org/apache/heron/apiserver/utils/ConfigUtilsTests.java

+8-7
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131

3232
import org.junit.Test;
3333
import org.yaml.snakeyaml.Yaml;
34+
import org.yaml.snakeyaml.constructor.SafeConstructor;
3435

3536
import org.apache.heron.common.basics.Pair;
3637

@@ -49,7 +50,7 @@ public void testCreateOverrides() throws IOException {
4950
final String overridesPath = ConfigUtils.createOverrideConfiguration(overrideProperties);
5051
try (Reader reader = Files.newBufferedReader(Paths.get(overridesPath))) {
5152
final Map<String, Object> overrides =
52-
(Map<String, Object>) new Yaml().loadAs(reader, Map.class);
53+
(Map<String, Object>) new Yaml(new SafeConstructor()).loadAs(reader, Map.class);
5354
assertEquals(overrides.size(), overrideProperties.size());
5455
for (String key : overrides.keySet()) {
5556
assertEquals(overrides.get(key), overrideProperties.getProperty(key));
@@ -73,15 +74,15 @@ public void testStateManagerFileOverrides() throws IOException {
7374
try (Writer writer = Files.newBufferedWriter(stateManagerPath)) {
7475
final Map<String, String> config = new HashMap<>();
7576
config.put("heron.statemgr.connection.string", "<host>:<port>");
76-
new Yaml().dump(config, writer);
77+
new Yaml(new SafeConstructor()).dump(config, writer);
7778
}
7879

7980
// apply the overrides
8081
ConfigUtils.applyOverridesToStateManagerConfig(Paths.get(overridesPath), stateManagerPath);
8182

8283
try (Reader reader = Files.newBufferedReader(stateManagerPath)) {
8384
final Map<String, Object> stateManagerWithOverrides =
84-
(Map<String, Object>) new Yaml().loadAs(reader, Map.class);
85+
(Map<String, Object>) new Yaml(new SafeConstructor()).loadAs(reader, Map.class);
8586
assertEquals(stateManagerWithOverrides.size(), 1);
8687
assertEquals(stateManagerWithOverrides.get("heron.statemgr.connection.string"),
8788
"zookeeper:2181");
@@ -103,15 +104,15 @@ public void testNoOverridesAppliedToStateManager() throws IOException {
103104
try (Writer writer = Files.newBufferedWriter(stateManagerPath)) {
104105
final Map<String, String> config = new HashMap<>();
105106
config.put("heron.statemgr.connection.string", "<host>:<port>");
106-
new Yaml().dump(config, writer);
107+
new Yaml(new SafeConstructor()).dump(config, writer);
107108
}
108109

109110
// apply the overrides
110111
ConfigUtils.applyOverridesToStateManagerConfig(Paths.get(overridesPath), stateManagerPath);
111112

112113
try (Reader reader = Files.newBufferedReader(stateManagerPath)) {
113114
final Map<String, Object> stateManagerWithOverrides =
114-
(Map<String, Object>) new Yaml().loadAs(reader, Map.class);
115+
(Map<String, Object>) new Yaml(new SafeConstructor()).loadAs(reader, Map.class);
115116
assertEquals(stateManagerWithOverrides.size(), 1);
116117
assertEquals(stateManagerWithOverrides.get("heron.statemgr.connection.string"),
117118
"<host>:<port>");
@@ -142,7 +143,7 @@ public void testApplyOverrides() throws IOException {
142143

143144
try (Reader reader = Files.newBufferedReader(Paths.get(overridesPath))) {
144145
final Map<String, Object> newOverrides =
145-
(Map<String, Object>) new Yaml().loadAs(reader, Map.class);
146+
(Map<String, Object>) new Yaml(new SafeConstructor()).loadAs(reader, Map.class);
146147
assertEquals(newOverrides, combinedOverrides);
147148
}
148149
}
@@ -166,7 +167,7 @@ public void testApplyEmptyOverrides() throws IOException {
166167

167168
try (Reader reader = Files.newBufferedReader(Paths.get(overridesPath))) {
168169
final Map<String, Object> newOverrides =
169-
(Map<String, Object>) new Yaml().loadAs(reader, Map.class);
170+
(Map<String, Object>) new Yaml(new SafeConstructor()).loadAs(reader, Map.class);
170171
assertEquals(newOverrides, overrides);
171172
}
172173
}

0 commit comments

Comments
 (0)