Increase SnakeYAML codepoint limit to 64MB (from default 3MB)

wcm-io-devops · Oct 17, 2023 · cb87dd9 · cb87dd9
1 parent c4102af
commit cb87dd9
Show file tree

Hide file tree

Showing 6 changed files with 166,290 additions and 4 deletions.
diff --git a/changes.xml b/changes.xml
@@ -23,6 +23,12 @@
     xsi:schemaLocation="http://maven.apache.org/changes/1.0.0 https://maven.apache.org/plugins/maven-changes-plugin/xsd/changes-1.0.0.xsd">
   <body>
 
+    <release version="1.16.4" date="not released">
+      <action type="fix" dev="sseifert">
+        Increase SnakeYAML codepoint limit to 64MB (from default 3MB).
+      </action>
+    </release>
+
     <release version="1.16.2" date="2023-08-31">
       <action type="fix" dev="sseifert">
         conga-maven-plugin: Eliminate warning "Parameter 'repoSession' (user property 'repositorySystemSession') is read-only, must not be used in configuration".

diff --git a/model/src/main/java/io/wcm/devops/conga/model/reader/EnvironmentReader.java b/model/src/main/java/io/wcm/devops/conga/model/reader/EnvironmentReader.java
@@ -19,11 +19,11 @@
  */
 package io.wcm.devops.conga.model.reader;
 
-import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.Constructor;
 
 import io.wcm.devops.conga.model.environment.Environment;
+import io.wcm.devops.conga.model.util.YamlUtil;
 
 /**
  * Reads environment definitions.
@@ -38,7 +38,7 @@ public EnvironmentReader() {
   }
 
   private static Yaml getYaml() {
-    Constructor constructor = new Constructor(Environment.class, new LoaderOptions());
+    Constructor constructor = new Constructor(Environment.class, YamlUtil.createLoaderOptions());
     return new Yaml(constructor);
   }
 

diff --git a/model/src/main/java/io/wcm/devops/conga/model/reader/RoleReader.java b/model/src/main/java/io/wcm/devops/conga/model/reader/RoleReader.java
@@ -19,11 +19,11 @@
  */
 package io.wcm.devops.conga.model.reader;
 
-import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.Constructor;
 
 import io.wcm.devops.conga.model.role.Role;
+import io.wcm.devops.conga.model.util.YamlUtil;
 
 /**
  * Reads role definitions.
@@ -38,7 +38,7 @@ public RoleReader() {
   }
 
   private static Yaml getYaml() {
-    Constructor constructor = new Constructor(Role.class, new LoaderOptions());
+    Constructor constructor = new Constructor(Role.class, YamlUtil.createLoaderOptions());
     return new Yaml(constructor);
   }
 

diff --git a/model/src/main/java/io/wcm/devops/conga/model/util/YamlUtil.java b/model/src/main/java/io/wcm/devops/conga/model/util/YamlUtil.java
@@ -0,0 +1,48 @@
+/*
+ * #%L
+ * wcm.io
+ * %%
+ * Copyright (C) 2023 wcm.io
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package io.wcm.devops.conga.model.util;
+
+import org.yaml.snakeyaml.LoaderOptions;
+
+/**
+ * Helper methods for SnakeYAML.
+ */
+public final class YamlUtil {
+
+  /*
+   * Increase default codepoint limit from 3MB to 64MB.
+   */
+  private static final int YAML_CODEPOINT_LIMIT = 64 * 1024 * 1024;
+
+  private YamlUtil() {
+    // static methods only
+  }
+
+  /**
+   * Create a new loader options instances with default configuration.
+   * @return SnakeYAML loader option.s
+   */
+  public static LoaderOptions createLoaderOptions() {
+    LoaderOptions options = new LoaderOptions();
+    options.setCodePointLimit(YAML_CODEPOINT_LIMIT);
+    return options;
+  }
+
+}
diff --git a/model/src/test/java/io/wcm/devops/conga/model/util/YamlUtilTest.java b/model/src/test/java/io/wcm/devops/conga/model/util/YamlUtilTest.java
@@ -0,0 +1,48 @@
+/*
+ * #%L
+ * wcm.io
+ * %%
+ * Copyright (C) 2023 wcm.io
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package io.wcm.devops.conga.model.util;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.junit.jupiter.api.Test;
+import org.yaml.snakeyaml.Yaml;
+
+class YamlUtilTest {
+
+  @Test
+  void testLoadSmallYamlFile() throws IOException {
+    Yaml yaml = new Yaml(YamlUtil.createLoaderOptions());
+    try (InputStream is = YamlUtilTest.class.getResourceAsStream("/role.yaml")) {
+      assertNotNull(yaml.load(is));
+    }
+  }
+
+  @Test
+  void testLoadHugeYamlFile() throws IOException {
+    Yaml yaml = new Yaml(YamlUtil.createLoaderOptions());
+    try (InputStream is = YamlUtilTest.class.getResourceAsStream("/hugefile.yaml")) {
+      assertNotNull(yaml.load(is));
+    }
+  }
+
+}