Skip to content

Commit 72c9851

Browse files
ajacksonlaullon
authored andcommitted
MONIT-34093 - Upgrade to snakeyaml 2.0 for CVE-2022-1471 (#839)
* MONIT-34093 - Upgrade to snakeyaml 2.0 for CVE-2022-1471 - explicitly add dependency on snakeyaml since we import it directly in the code - update test to use explict loadOptions on the YamlFactory for the objectmapper - code cleanup in LogsIngesterTest
1 parent 57060be commit 72c9851

File tree

2 files changed

+29
-5
lines changed

2 files changed

+29
-5
lines changed

proxy/pom.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -593,6 +593,11 @@
593593
<artifactId>proto-google-common-protos</artifactId>
594594
<version>2.0.1</version>
595595
</dependency>
596+
<dependency>
597+
<groupId>org.yaml</groupId>
598+
<artifactId>snakeyaml</artifactId>
599+
<version>2.0</version>
600+
</dependency>
596601
</dependencies>
597602

598603
<profiles>

proxy/src/test/java/com/wavefront/agent/logsharvesting/LogsIngesterTest.java

Lines changed: 24 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,23 @@
11
package com.wavefront.agent.logsharvesting;
22

3-
import static org.easymock.EasyMock.*;
3+
import static org.easymock.EasyMock.createMock;
4+
import static org.easymock.EasyMock.expect;
5+
import static org.easymock.EasyMock.expectLastCall;
6+
import static org.easymock.EasyMock.replay;
7+
import static org.easymock.EasyMock.reset;
8+
import static org.easymock.EasyMock.verify;
49
import static org.hamcrest.MatcherAssert.assertThat;
5-
import static org.hamcrest.Matchers.*;
610
import static org.hamcrest.Matchers.contains;
11+
import static org.hamcrest.Matchers.containsInAnyOrder;
12+
import static org.hamcrest.Matchers.emptyIterable;
13+
import static org.hamcrest.Matchers.equalTo;
14+
import static org.hamcrest.Matchers.hasSize;
15+
import static org.hamcrest.Matchers.instanceOf;
16+
import static org.hamcrest.Matchers.lessThan;
717

818
import com.fasterxml.jackson.databind.ObjectMapper;
919
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
20+
import com.fasterxml.jackson.dataformat.yaml.YAMLFactoryBuilder;
1021
import com.google.common.collect.ImmutableList;
1122
import com.google.common.collect.ImmutableMap;
1223
import com.google.common.collect.Lists;
@@ -41,21 +52,29 @@
4152
import org.junit.After;
4253
import org.junit.Test;
4354
import org.logstash.beats.Message;
55+
import org.yaml.snakeyaml.LoaderOptions;
4456
import wavefront.report.Histogram;
4557
import wavefront.report.ReportPoint;
4658

4759
/** @author Mori Bellamy ([email protected]) */
4860
public class LogsIngesterTest {
61+
private final AtomicLong now;
62+
private final AtomicLong nanos;
63+
private final ObjectMapper objectMapper;
4964
private LogsIngestionConfig logsIngestionConfig;
5065
private LogsIngester logsIngesterUnderTest;
5166
private FilebeatIngester filebeatIngesterUnderTest;
5267
private RawLogsIngesterPortUnificationHandler rawLogsIngesterUnderTest;
5368
private ReportableEntityHandlerFactory mockFactory;
5469
private ReportableEntityHandler<ReportPoint, String> mockPointHandler;
5570
private ReportableEntityHandler<ReportPoint, String> mockHistogramHandler;
56-
private AtomicLong now = new AtomicLong((System.currentTimeMillis() / 60000) * 60000);
57-
private AtomicLong nanos = new AtomicLong(System.nanoTime());
58-
private ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
71+
72+
public LogsIngesterTest() {
73+
this.now = new AtomicLong((System.currentTimeMillis() / 60000) * 60000);
74+
this.nanos = new AtomicLong(System.nanoTime());
75+
YAMLFactoryBuilder factory = new YAMLFactoryBuilder(new YAMLFactory());
76+
this.objectMapper = new ObjectMapper(factory.loaderOptions(new LoaderOptions()).build());
77+
}
5978

6079
private LogsIngestionConfig parseConfigFile(String configPath) throws IOException {
6180
File configFile =

0 commit comments

Comments
 (0)