diff --git a/framework-platform/framework-platform.gradle b/framework-platform/framework-platform.gradle index b8944fa22d..863ba399e9 100644 --- a/framework-platform/framework-platform.gradle +++ b/framework-platform/framework-platform.gradle @@ -144,6 +144,6 @@ dependencies { api("org.webjars:webjars-locator-core:0.52") api("org.xmlunit:xmlunit-assertj:2.9.1") api("org.xmlunit:xmlunit-matchers:2.9.1") - api("org.yaml:snakeyaml:1.33") + api("org.yaml:snakeyaml:2.0") } } diff --git a/spring-beans/src/main/java/org/springframework/beans/factory/config/YamlProcessor.java b/spring-beans/src/main/java/org/springframework/beans/factory/config/YamlProcessor.java index 964c5ef240..d01e96bcf7 100644 --- a/spring-beans/src/main/java/org/springframework/beans/factory/config/YamlProcessor.java +++ b/spring-beans/src/main/java/org/springframework/beans/factory/config/YamlProcessor.java @@ -34,6 +34,8 @@ import org.yaml.snakeyaml.DumperOptions; import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.Constructor; +import org.yaml.snakeyaml.inspector.TagInspector; +import org.yaml.snakeyaml.nodes.Tag; import org.yaml.snakeyaml.reader.UnicodeReader; import org.yaml.snakeyaml.representer.Representer; @@ -184,8 +186,9 @@ public abstract class YamlProcessor { protected Yaml createYaml() { LoaderOptions loaderOptions = new LoaderOptions(); loaderOptions.setAllowDuplicateKeys(false); + loaderOptions.setTagInspector(new SupportedTagInspector()); DumperOptions dumperOptions = new DumperOptions(); - return new Yaml(new FilteringConstructor(loaderOptions), new Representer(dumperOptions), + return new Yaml(new Constructor(loaderOptions), new Representer(dumperOptions), dumperOptions, loaderOptions); } @@ -425,23 +428,11 @@ public abstract class YamlProcessor { FIRST_FOUND } - - /** - * {@link Constructor} that supports filtering of unsupported types. - *

If an unsupported type is encountered in a YAML document, an - * {@link IllegalStateException} will be thrown from {@link #getClassForName}. - */ - private class FilteringConstructor extends Constructor { - - FilteringConstructor(LoaderOptions loaderOptions) { - super(loaderOptions); - } + private class SupportedTagInspector implements TagInspector { @Override - protected Class getClassForName(String name) throws ClassNotFoundException { - Assert.state(YamlProcessor.this.supportedTypes.contains(name), - () -> "Unsupported type encountered in YAML document: " + name); - return super.getClassForName(name); + public boolean isGlobalTagAllowed(Tag tag) { + return supportedTypes.contains(tag.getClassName()); } } diff --git a/spring-beans/src/test/java/org/springframework/beans/factory/config/YamlProcessorTests.java b/spring-beans/src/test/java/org/springframework/beans/factory/config/YamlProcessorTests.java index 5a14c49ac2..1bbc928b0f 100644 --- a/spring-beans/src/test/java/org/springframework/beans/factory/config/YamlProcessorTests.java +++ b/spring-beans/src/test/java/org/springframework/beans/factory/config/YamlProcessorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ import java.util.Map; import java.util.Set; import org.junit.jupiter.api.Test; -import org.yaml.snakeyaml.constructor.ConstructorException; +import org.yaml.snakeyaml.composer.ComposerException; import org.yaml.snakeyaml.parser.ParserException; import org.yaml.snakeyaml.scanner.ScannerException; @@ -156,9 +156,9 @@ class YamlProcessorTests { void customTypeNotSupportedByDefault() throws Exception { URL url = new URL("https://localhost:9000/"); setYaml("value: !!java.net.URL [\"" + url + "\"]"); - assertThatExceptionOfType(ConstructorException.class) + assertThatExceptionOfType(ComposerException.class) .isThrownBy(() -> this.processor.process((properties, map) -> {})) - .withMessageContaining("Unsupported type encountered in YAML document: java.net.URL"); + .withMessageContaining("Global tag is not allowed: tag:yaml.org,2002:java.net.URL"); } @Test @@ -180,9 +180,9 @@ class YamlProcessorTests { setYaml("value: !!java.net.URL [\"https://localhost:9000/\"]"); - assertThatExceptionOfType(ConstructorException.class) + assertThatExceptionOfType(ComposerException.class) .isThrownBy(() -> this.processor.process((properties, map) -> {})) - .withMessageContaining("Unsupported type encountered in YAML document: java.net.URL"); + .withMessageContaining("Global tag is not allowed: tag:yaml.org,2002:java.net.URL"); } private void setYaml(String yaml) {