Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix string-based creators with UNWRAP_SINGLE_VALUE_ARRAYS #3666

Merged
merged 1 commit into from
Nov 15, 2022
Merged

Fix string-based creators with UNWRAP_SINGLE_VALUE_ARRAYS #3666

merged 1 commit into from
Nov 15, 2022

Conversation

yawkat
Copy link
Member

@yawkat yawkat commented Nov 15, 2022

  • it seems that the DoS fix in BeanDeserializer incorrectly advanced the parser. I've fixed this, but this is potentially security-sensitive, so please take a careful look if this is right :)
  • I also changed FactoryBasedEnumDeserializer to handle unwrapping of strings properly. I haven't touched the error handling when there is another token, that is handled by the branch with the comment Could argue we should throw an exception but.... imo that should throw an exception, can we change that in a minor release?

Fixes #3655

@yawkat
Fix string-based creators with UNWRAP_SINGLE_VALUE_ARRAYS
8015834 
- it seems that the DoS fix in `BeanDeserializer` incorrectly advanced the parser. I've fixed this, but this is potentially security-sensitive, so please take a careful look if this is right :)
- I also changed `FactoryBasedEnumDeserializer` to handle unwrapping of strings properly. I haven't touched  the error handling when there is another token, that is handled by the branch with the comment `Could argue we should throw an exception but...`. imo that should throw an exception, can we change that in a minor release?

Fixes FasterXML#3655
@cowtowncoder
Copy link
Member

cowtowncoder commented Nov 15, 2022
edited
Loading

Great detective work @yawkat! Spot on wrt BeanDeserializer. I'll have a look, will get this merged soon.

As to throwing exception... if this was before 2.14.0, yes. But as things are I think it needs to go in 2.15.
But first things first, this looks good.

@cowtowncoder cowtowncoder merged commit 7c0a74e into FasterXML:2.14 Nov 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cowtowncoder cowtowncoder cowtowncoder approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yawkat @cowtowncoder