Skip to content

Commit c338719

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #2541 from brendandburns/r0.17
[Cherry-pick] Add a rule to block empty YAML constructors.
2 parents 06132f3 + 01ed489 commit c338719

File tree

3 files changed

+15
-2
lines changed

3 files changed

+15
-2
lines changed

pom.xml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -470,6 +470,17 @@
470470
<replacement>INVALID IMPORTS (GUAVA)</replacement>
471471
</replaceRegex>
472472
</format>
473+
<!-- prevents empty SnakeYaml constructor -->
474+
<format>
475+
<includes>
476+
<include>src/**/*.java</include>
477+
</includes>
478+
<replaceRegex>
479+
<name>Forbids new Yaml()</name>
480+
<searchRegex>^.*new Yaml\(\).*$</searchRegex>
481+
<replacement>INVALID CONSTRUCTOR (SNAKEYAML)</replacement>
482+
</replaceRegex>
483+
</format>
473484
</formats>
474485
<java>
475486
<removeUnusedImports /> <!-- self-explanatory -->

util/src/main/java/io/kubernetes/client/util/FilePersister.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
import java.util.ArrayList;
1919
import java.util.HashMap;
2020
import org.yaml.snakeyaml.Yaml;
21+
import org.yaml.snakeyaml.constructor.SafeConstructor;
2122

2223
public class FilePersister implements ConfigPersister {
2324
File configFile;
@@ -50,7 +51,7 @@ public void save(
5051
// Note this is imperfect, should protect against other processes writing this file too...
5152
synchronized (configFile) {
5253
try (FileWriter fw = new FileWriter(configFile)) {
53-
Yaml yaml = new Yaml();
54+
Yaml yaml = new Yaml(new SafeConstructor());
5455
yaml.dump(config, fw);
5556
fw.flush();
5657
}

util/src/main/java/io/kubernetes/client/util/generic/dynamic/Dynamics.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,11 +17,12 @@
1717
import io.kubernetes.client.openapi.JSON;
1818
import java.util.Map;
1919
import org.yaml.snakeyaml.Yaml;
20+
import org.yaml.snakeyaml.constructor.SafeConstructor;
2021

2122
public class Dynamics {
2223

2324
static final JSON internalJSONCodec = new JSON();
24-
static final Yaml internalYamlCodec = new Yaml();
25+
static final Yaml internalYamlCodec = new Yaml(new SafeConstructor());
2526

2627
public static DynamicKubernetesObject newFromJson(String jsonContent) {
2728
return newFromJson(internalJSONCodec.getGson(), jsonContent);

0 commit comments

Comments
 (0)