Merge pull request #13207 from grails/4.1.x-snakeyaml

Upgrade snakeyaml

Author: puneetbehl

grails-bootstrap/build.gradle

@@ -3,7 +3,7 @@ import org.apache.tools.ant.filters.ReplaceTokens
 dependencies {
     compile ( "org.codehaus.groovy:groovy-xml:$groovyVersion" )
     compile ( "org.codehaus.groovy:groovy-templates:$groovyVersion" )
-    compile "org.yaml:snakeyaml:1.33"
+    compile "org.yaml:snakeyaml:2.2"
 
     compileOnly("io.methvin:directory-watcher:0.16.1")
     compileOnly("org.fusesource.jansi:jansi:$jansiVersion")

grails-bootstrap/src/main/groovy/grails/util/Metadata.groovy

@@ -22,6 +22,7 @@ import org.grails.config.NavigableMap
 import org.grails.io.support.FileSystemResource
 import org.grails.io.support.Resource
 import org.grails.io.support.UrlResource
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -168,7 +169,7 @@ class Metadata extends NavigableMap implements ConfigMap  {
     }
 
     private Object loadYml(InputStream input) {
-        Yaml yaml = new Yaml(new SafeConstructor())
+        Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()))
         def loadedYaml = yaml.loadAll(input)
         List result = []
         for(Object yamlObject : loadedYaml) {

grails-bootstrap/src/main/groovy/org/grails/config/CodeGenConfig.groovy

@@ -22,6 +22,7 @@ import groovy.transform.CompileDynamic
 import groovy.transform.CompileStatic
 import org.codehaus.groovy.runtime.DefaultGroovyMethods
 import org.codehaus.groovy.runtime.typehandling.GroovyCastException
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -153,7 +154,7 @@ class CodeGenConfig implements Cloneable, ConfigMap {
 
     @CompileDynamic // fails with CompileStatic!
     void loadYml(InputStream input) {
-        Yaml yaml = new Yaml(new SafeConstructor())
+        Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()))
         for(Object yamlObject : yaml.loadAll(input)) {
             if(yamlObject instanceof Map) { // problem here with CompileStatic
                 mergeMap((Map)yamlObject)

grails-core/src/main/groovy/org/springframework/boot/env/OriginTrackedYamlLoader.java

@@ -0,0 +1,201 @@
+/*
+ * Copyright 2012-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.env;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
+import org.yaml.snakeyaml.DumperOptions;
+import org.yaml.snakeyaml.LoaderOptions;
+import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.BaseConstructor;
+import org.yaml.snakeyaml.constructor.Constructor;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
+import org.yaml.snakeyaml.error.Mark;
+import org.yaml.snakeyaml.nodes.CollectionNode;
+import org.yaml.snakeyaml.nodes.MappingNode;
+import org.yaml.snakeyaml.nodes.Node;
+import org.yaml.snakeyaml.nodes.NodeTuple;
+import org.yaml.snakeyaml.nodes.ScalarNode;
+import org.yaml.snakeyaml.nodes.Tag;
+import org.yaml.snakeyaml.representer.Representer;
+import org.yaml.snakeyaml.resolver.Resolver;
+
+import org.springframework.beans.factory.config.YamlProcessor;
+import org.springframework.boot.origin.Origin;
+import org.springframework.boot.origin.OriginTrackedValue;
+import org.springframework.boot.origin.TextResourceOrigin;
+import org.springframework.boot.origin.TextResourceOrigin.Location;
+import org.springframework.core.io.Resource;
+import org.springframework.util.ReflectionUtils;
+
+/**
+ * Class to load {@code .yml} files into a map of {@code String} to
+ * {@link OriginTrackedValue}.
+ *
+ * @author Madhura Bhave
+ * @author Phillip Webb
+ */
+class OriginTrackedYamlLoader extends YamlProcessor {
+
+	private static final boolean HAS_RESOLVER_LIMIT = ReflectionUtils.findMethod(Resolver.class, "addImplicitResolver",
+			Tag.class, Pattern.class, String.class, int.class) != null;
+
+	private final Resource resource;
+
+	OriginTrackedYamlLoader(Resource resource) {
+		this.resource = resource;
+		setResources(resource);
+	}
+
+	@Override
+	protected Yaml createYaml() {
+		LoaderOptions loaderOptions = new LoaderOptions();
+		loaderOptions.setAllowDuplicateKeys(false);
+		loaderOptions.setMaxAliasesForCollections(Integer.MAX_VALUE);
+		loaderOptions.setAllowRecursiveKeys(true);
+		return createYaml(loaderOptions);
+	}
+
+	private Yaml createYaml(LoaderOptions loaderOptions) {
+		BaseConstructor constructor = new OriginTrackingConstructor(loaderOptions);
+		DumperOptions dumperOptions = new DumperOptions();
+		Representer representer = new Representer(dumperOptions);
+		Resolver resolver = HAS_RESOLVER_LIMIT ? new NoTimestampResolverWithLimit() : new NoTimestampResolver();
+		return new Yaml(constructor, representer, dumperOptions, loaderOptions, resolver);
+	}
+
+	List<Map<String, Object>> load() {
+		final List<Map<String, Object>> result = new ArrayList<>();
+		process((properties, map) -> result.add(getFlattenedMap(map)));
+		return result;
+	}
+
+	/**
+	 * {@link Constructor} that tracks property origins.
+	 */
+	private class OriginTrackingConstructor extends SafeConstructor {
+
+		OriginTrackingConstructor(LoaderOptions loadingConfig) {
+			super(loadingConfig);
+		}
+
+		@Override
+		public Object getData() throws NoSuchElementException {
+			Object data = super.getData();
+			if (data instanceof CharSequence && ((CharSequence) data).length() == 0) {
+				return null;
+			}
+			return data;
+		}
+
+		@Override
+		protected Object constructObject(Node node) {
+			if (node instanceof CollectionNode && ((CollectionNode<?>) node).getValue().isEmpty()) {
+				return constructTrackedObject(node, super.constructObject(node));
+			}
+			if (node instanceof ScalarNode) {
+				if (!(node instanceof KeyScalarNode)) {
+					return constructTrackedObject(node, super.constructObject(node));
+				}
+			}
+			if (node instanceof MappingNode) {
+				replaceMappingNodeKeys((MappingNode) node);
+			}
+			return super.constructObject(node);
+		}
+
+		private void replaceMappingNodeKeys(MappingNode node) {
+			node.setValue(node.getValue().stream().map(KeyScalarNode::get).collect(Collectors.toList()));
+		}
+
+		private Object constructTrackedObject(Node node, Object value) {
+			Origin origin = getOrigin(node);
+			return OriginTrackedValue.of(getValue(value), origin);
+		}
+
+		private Object getValue(Object value) {
+			return (value != null) ? value : "";
+		}
+
+		private Origin getOrigin(Node node) {
+			Mark mark = node.getStartMark();
+			Location location = new Location(mark.getLine(), mark.getColumn());
+			return new TextResourceOrigin(OriginTrackedYamlLoader.this.resource, location);
+		}
+
+	}
+
+	/**
+	 * {@link ScalarNode} that replaces the key node in a {@link NodeTuple}.
+	 */
+	private static class KeyScalarNode extends ScalarNode {
+
+		KeyScalarNode(ScalarNode node) {
+			super(node.getTag(), node.getValue(), node.getStartMark(), node.getEndMark(), node.getScalarStyle());
+		}
+
+		static NodeTuple get(NodeTuple nodeTuple) {
+			Node keyNode = nodeTuple.getKeyNode();
+			Node valueNode = nodeTuple.getValueNode();
+			return new NodeTuple(KeyScalarNode.get(keyNode), valueNode);
+		}
+
+		private static Node get(Node node) {
+			if (node instanceof ScalarNode) {
+				return new KeyScalarNode((ScalarNode) node);
+			}
+			return node;
+		}
+
+	}
+
+	/**
+	 * {@link Resolver} that limits {@link Tag#TIMESTAMP} tags.
+	 */
+	private static class NoTimestampResolver extends Resolver {
+
+		@Override
+		public void addImplicitResolver(Tag tag, Pattern regexp, String first) {
+			if (tag == Tag.TIMESTAMP) {
+				return;
+			}
+			super.addImplicitResolver(tag, regexp, first);
+		}
+
+	}
+
+	/**
+	 * {@link Resolver} that limits {@link Tag#TIMESTAMP} tags.
+	 */
+	private static class NoTimestampResolverWithLimit extends Resolver {
+
+		@Override
+		public void addImplicitResolver(Tag tag, Pattern regexp, String first, int limit) {
+			if (tag == Tag.TIMESTAMP) {
+				return;
+			}
+			super.addImplicitResolver(tag, regexp, first, limit);
+		}
+
+	}
+
+}

grails-docs/src/main/groovy/grails/doc/DocPublisher.groovy

@@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory
 import org.radeox.api.engine.WikiRenderEngine
 import org.radeox.engine.context.BaseInitialRenderContext
 import org.radeox.engine.context.BaseRenderContext
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -265,7 +266,7 @@ class DocPublisher {
         def legacyLinks = [:]
         if (legacyLinksFile.exists()) {
             legacyLinksFile.withInputStream { input ->
-                legacyLinks = new Yaml(new SafeConstructor()).load(input)
+                legacyLinks = new Yaml(new SafeConstructor(new LoaderOptions())).load(input)
             }
         }
 
@@ -537,7 +538,7 @@ class DocPublisher {
             }
             else if(propertiesFile.name.endsWith('.yml')) {
                 propertiesFile.withInputStream { input ->
-                    def ymls = new Yaml(new SafeConstructor()).loadAll(input)
+                    def ymls = new Yaml(new SafeConstructor(new LoaderOptions())).loadAll(input)
                     for(yml in ymls) {
                         if(yml instanceof Map) {
                             def config = yml.grails?.doc

grails-docs/src/main/groovy/grails/doc/internal/YamlTocStrategy.groovy

@@ -1,13 +1,14 @@
 package grails.doc.internal
 
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
 /**
  * Class representing a Grails user guide table of contents defined in YAML.
  */
 class YamlTocStrategy {
-    private final parser = new Yaml(new SafeConstructor())
+    private final parser = new Yaml(new SafeConstructor(new LoaderOptions()))
     private resourceChecker
     private String ext = ".gdoc"
 

grails-shell/src/main/groovy/org/grails/cli/gradle/cache/MapReadingCachedGradleOperation.groovy

@@ -20,6 +20,7 @@ import groovy.transform.CompileStatic
 import groovy.transform.InheritConstructors
 import org.gradle.tooling.ProjectConnection
 import org.yaml.snakeyaml.DumperOptions
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 import org.yaml.snakeyaml.representer.Representer
@@ -37,7 +38,7 @@ abstract class MapReadingCachedGradleOperation <V> extends CachedGradleOperation
     @Override
     Map<String, V> readFromCached(File f) {
         def map = (Map<String, Object>) f.withReader { BufferedReader r ->
-            new Yaml(new SafeConstructor()).load(r)
+            new Yaml(new SafeConstructor(new LoaderOptions())).load(r)
         }
         Map<String, V> newMap = [:]
 
@@ -61,7 +62,7 @@ abstract class MapReadingCachedGradleOperation <V> extends CachedGradleOperation
                 return [(key):val.toString()]
             }
         }
-        new Yaml(new SafeConstructor(), new Representer(), options).dump(toWrite, writer)
+        new Yaml(new SafeConstructor(new LoaderOptions()), new Representer(options), options).dump(toWrite, writer)
     }
 
 }

grails-shell/src/main/groovy/org/grails/cli/profile/AbstractProfile.groovy

@@ -33,6 +33,7 @@ import org.grails.cli.profile.commands.DefaultMultiStepCommand
 import org.grails.cli.profile.commands.script.GroovyScriptCommand
 import org.grails.config.NavigableMap
 import org.grails.io.support.Resource
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -108,7 +109,7 @@ abstract class AbstractProfile implements Profile {
 
     protected void initialize() {
         def profileYml = profileDir.createRelative("profile.yml")
-        Map<String, Object> profileConfig = new Yaml(new SafeConstructor()).<Map<String, Object>> load(profileYml.getInputStream())
+        Map<String, Object> profileConfig = new Yaml(new SafeConstructor(new LoaderOptions())).<Map<String, Object>> load(profileYml.getInputStream())
 
         name = profileConfig.get("name")?.toString()
         description = profileConfig.get("description")?.toString() ?: ''
@@ -138,7 +139,7 @@ abstract class AbstractProfile implements Profile {
                 else if(fileName.endsWith('.yml')) {
                     def yamlCommand = profileDir.createRelative("commands/$fileName")
                     if(yamlCommand.exists()) {
-                        Map<String, Object> data = new Yaml(new SafeConstructor()).<Map>load(yamlCommand.getInputStream())
+                        Map<String, Object> data = new Yaml(new SafeConstructor(new LoaderOptions())).<Map>load(yamlCommand.getInputStream())
                         Command cmd = new DefaultMultiStepCommand(clsName.toString(), this, data)
                         Object minArguments = data?.minArguments
                         cmd.minArguments = minArguments instanceof Integer ? (Integer)minArguments : 1

grails-shell/src/main/groovy/org/grails/cli/profile/DefaultFeature.groovy

@@ -23,6 +23,7 @@ import org.eclipse.aether.artifact.DefaultArtifact
 import org.eclipse.aether.graph.Dependency
 import org.grails.config.NavigableMap
 import org.grails.io.support.Resource
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -49,7 +50,7 @@ class DefaultFeature implements Feature {
         this.name = name
         this.location = location
         def featureYml = location.createRelative("feature.yml")
-        Map<String, Object> featureConfig = new Yaml(new SafeConstructor()).<Map<String, Object>>load(featureYml.getInputStream())
+        Map<String, Object> featureConfig = new Yaml(new SafeConstructor(new LoaderOptions())).<Map<String, Object>>load(featureYml.getInputStream())
         configuration.merge(featureConfig)
         def dependencyMap = configuration.get("dependencies")
 

grails-shell/src/main/groovy/org/grails/cli/profile/commands/factory/YamlCommandFactory.groovy

@@ -22,6 +22,7 @@ import org.grails.cli.profile.Command
 import org.grails.cli.profile.Profile
 import org.grails.cli.profile.commands.DefaultMultiStepCommand
 import org.grails.io.support.Resource
+import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -36,7 +37,7 @@ import java.util.regex.Pattern
  */
 @CompileStatic
 class YamlCommandFactory extends ResourceResolvingCommandFactory<Map> {
-    protected Yaml yamlParser=new Yaml(new SafeConstructor())
+    protected Yaml yamlParser=new Yaml(new SafeConstructor(new LoaderOptions()))
     // LAX parser for JSON: http://mrhaki.blogspot.ie/2014/08/groovy-goodness-relax-groovy-will-parse.html
     protected JsonSlurper jsonSlurper = new JsonSlurper().setType(JsonParserType.LAX)