Skip to content

Commit

Permalink
fix: updated version of com.fasterxml.jackson (#36)
Browse files Browse the repository at this point in the history 
Updated to a new version of the com.fasterxml.jackson libraries to address CVE-2022-42004.  FasterXML/jackson-databind#3582

Cleaned up the code where the jackson is used.
  • Loading branch information
@eperret
eperret committed Oct 5, 2022
1 parent bf22839 commit 5222837
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 75 deletions.
8 changes: 7 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,13 @@
<!-- used to read xhr json data for prefixes/browsers info -->
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.12.6.1</version>
<version>2.13.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-afterburner</artifactId>
<version>2.13.4</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/salesforce/omakase/data/PrefixTables.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
* <p>
* See class com.salesforce.omakase.tools.GeneratePrefixTablesClass for instructions on updating.
*/
@SuppressWarnings("AutoBoxing")
public final class PrefixTables {
static final Table<Property, Browser, Double> PROPERTIES;
static final Table<Keyword, Browser, Double> KEYWORDS;
Expand Down
71 changes: 42 additions & 29 deletions src/test/java/com/salesforce/omakase/tools/GenerateBrowserEnum.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,23 +23,25 @@
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/

package com.salesforce.omakase.tools;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.module.afterburner.AfterburnerModule;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.salesforce.omakase.data.Browser;
import com.salesforce.omakase.data.Prefix;

Expand All @@ -55,18 +57,30 @@
* @author nmcwilliams
*/
@SuppressWarnings({"rawtypes", "unchecked"})
public class GenerateBrowserEnum {
public final class GenerateBrowserEnum {
private static final String BROWSERS_ENDPOINT = "https://raw.github.com/Fyrd/caniuse/master/data.json";

public static void main(String[] args) throws Exception {
new GenerateBrowserEnum().run();
run();
}

public boolean run() throws IOException, TemplateException {
public static boolean run() throws IOException, TemplateException {
System.out.println("downloading browser data from caniuse.com [https://github.com/Fyrd/caniuse]...");
URLConnection connection = new URL(BROWSERS_ENDPOINT).openConnection();
connection.setUseCaches(false);
Map map = new ObjectMapper().readValue(connection.getInputStream(), Map.class);
final Map map;
try (final InputStream is = connection.getInputStream()) {
map = new ObjectMapper()
// This adds support for using byte code to perform
// deserialization:
// https://github.com/FasterXML/jackson-modules-base/tree/master/afterburner
// Need to set setUseValueClassLoader to false to fix a class
// loader issue in Java 9
// https://github.com/FasterXML/jackson-modules-base/issues/37
// This means it will only look at public properties.
.registerModule(new AfterburnerModule().setUseValueClassLoader(false))
.readValue(is, Map.class);
}

String earliestString = (String)Iterables.get(((Map)map.get("eras")).keySet(), 0);
Matcher matcher = Pattern.compile("e-([0-9]+)").matcher(earliestString);
Expand All @@ -75,8 +89,6 @@ public boolean run() throws IOException, TemplateException {

Map agents = (Map)map.get("agents");

List<BrowserInfo> browsers = Lists.newArrayList();

Map ie = (Map)agents.get("ie");
Map edge = (Map)agents.get("edge");
Map opera = (Map)agents.get("opera");
Expand All @@ -87,34 +99,35 @@ public boolean run() throws IOException, TemplateException {
Map ieMobile = (Map)agents.get("ie_mob");
Map iosSafari = (Map)agents.get("ios_saf");

browsers.add(new BrowserInfo("ie", "IE", "Internet Explorer", Prefix.MS, versions(ie, earliest)));
browsers.add(new BrowserInfo("edge", "EDGE", "Microsoft Edge", Prefix.MS, versions(edge, earliest)));
browsers.add(new BrowserInfo("opera", "OPERA", "Opera", Prefix.WEBKIT, versions(opera, earliest)));
browsers.add(new BrowserInfo("chrome", "CHROME", "Google Chrome", Prefix.WEBKIT, versions(chrome, earliest)));
browsers.add(new BrowserInfo("safari", "SAFARI", "Safari", Prefix.WEBKIT, versions(safari, earliest)));
browsers.add(new BrowserInfo("firefox", "FIREFOX", "Firefox", Prefix.MOZ, versions(firefox, earliest)));
browsers.add(new BrowserInfo("android", "ANDROID", "Android Browser", Prefix.WEBKIT, versions(android, earliest)));
browsers.add(new BrowserInfo("ie_mob", "IE_MOBILE", "IE Mobile", Prefix.MS, versions(ieMobile, earliest)));
browsers.add(new BrowserInfo("ios_saf", "IOS_SAFARI", "Safari on iOS", Prefix.WEBKIT, versions(iosSafari, earliest)));

SourceWriter writer = new SourceWriter();

writer.generator(GenerateBrowserEnum.class);
writer.classToWrite(Browser.class);
writer.template("browser-enum.ftl");
writer.data("browsers", browsers);
final List<BrowserInfo> browsers = ImmutableList.of(
new BrowserInfo("ie" , "IE" , "Internet Explorer", Prefix.MS , versions(ie, earliest)),
new BrowserInfo("edge" , "EDGE" , "Microsoft Edge" , Prefix.MS , versions(edge, earliest)),
new BrowserInfo("opera" , "OPERA" , "Opera" , Prefix.WEBKIT, versions(opera, earliest)),
new BrowserInfo("chrome" , "CHROME" , "Google Chrome" , Prefix.WEBKIT, versions(chrome, earliest)),
new BrowserInfo("safari" , "SAFARI" , "Safari" , Prefix.WEBKIT, versions(safari, earliest)),
new BrowserInfo("firefox", "FIREFOX" , "Firefox" , Prefix.MOZ , versions(firefox, earliest)),
new BrowserInfo("android", "ANDROID" , "Android Browser" , Prefix.WEBKIT, versions(android, earliest)),
new BrowserInfo("ie_mob" , "IE_MOBILE" , "IE Mobile" , Prefix.MS , versions(ieMobile, earliest)),
new BrowserInfo("ios_saf", "IOS_SAFARI", "Safari on iOS" , Prefix.WEBKIT, versions(iosSafari, earliest))
);

SourceWriter writer = new SourceWriter()
.generator(GenerateBrowserEnum.class)
.classToWrite(Browser.class)
.template("browser-enum.ftl")
.data("browsers", browsers);

return writer.write();
}

private String versions(Map browser, int indexOfCurrent) {
private static String versions(Map browser, int indexOfCurrent) {
List<String> all = (List<String>)browser.get("versions");
List<Double> filtered = Lists.newArrayList();
List<Double> filtered = new ArrayList<>();

for (int i = 0; i <= indexOfCurrent; i++) { // skip the last two, as they are "future" versions
if (all.get(i) != null) {
for (String s : Splitter.on("-").split(all.get(i))) {
if (s.indexOf(".") == s.lastIndexOf(".")) { // hacky deal with something like Android 4.4.3. Just skip for now
for (String s : Splitter.on('-').split(all.get(i))) {
if (s.indexOf(".") == s.lastIndexOf('.')) { // hacky deal with something like Android 4.4.3. Just skip for now
filtered.add(Double.valueOf(s));
}
}
Expand Down Expand Up @@ -147,7 +160,7 @@ public String getKey() {
}

public String getPrefix() {
return String.format("Prefix.%s", prefix.name());
return "Prefix." + prefix.name();
}

public String getEnumName() {
Expand Down
Loading

0 comments on commit 5222837

Please sign in to comment.