use of org.craftercms.commons.config.DisableClassLoadingConstructor in project studio by craftercms.
the class ConfigurationServiceImpl method validate.
@SuppressWarnings("unchecked")
protected InputStream validate(InputStream content, String filename) throws ServiceLayerException {
// Check the filename to see if it needs to be validated
String extension = getExtension(filename);
if (isEmpty(extension)) {
// without extension there is no way to know
return content;
}
try {
// Copy the contents of the stream
byte[] bytes;
bytes = IOUtils.toByteArray(content);
// Perform the validation
switch(extension.toLowerCase()) {
case "xml":
try {
DocumentHelper.parseText(new String(bytes));
} catch (Exception e) {
throw new InvalidConfigurationException("Invalid XML file", e);
}
break;
case "yaml":
case "yml":
try {
Yaml yaml = new Yaml(new DisableClassLoadingConstructor());
Map<String, Object> map = (Map<String, Object>) yaml.load(new ByteArrayInputStream(bytes));
} catch (Exception e) {
throw new InvalidConfigurationException("Invalid YAML file", e);
}
}
// Return a new stream
return new ByteArrayInputStream(bytes);
} catch (IOException e) {
throw new ServiceLayerException("Error validating configuration", e);
}
}
use of org.craftercms.commons.config.DisableClassLoadingConstructor in project studio by craftercms.
the class AbstractPluginDescriptorUpgradeOperation method execute.
@Override
public void execute(final String site) throws UpgradeException {
Path descriptorFile = getRepositoryPath(site).getParent().resolve(descriptorPath);
if (Files.notExists(descriptorFile)) {
logger.info("Plugin descriptor file not found for site {0}", site);
return;
}
try (Reader reader = Files.newBufferedReader(descriptorFile)) {
PluginDescriptor descriptor = descriptorReader.read(reader);
if (descriptor.getDescriptorVersion().equals(descriptorVersion)) {
logger.info("Plugin descriptor already update for site " + site);
return;
}
logger.info("Updating plugin descriptor for site " + site);
doPluginDescriptorUpdates(descriptor);
descriptor.setDescriptorVersion(descriptorVersion);
DumperOptions options = new DumperOptions();
options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
options.setPrettyFlow(true);
Yaml yaml = new Yaml(new DisableClassLoadingConstructor(), new Representer() {
@Override
protected NodeTuple representJavaBeanProperty(final Object javaBean, final Property property, final Object propertyValue, final Tag customTag) {
if (propertyValue != null) {
return super.representJavaBeanProperty(javaBean, property, propertyValue, customTag);
}
return null;
}
}, options);
String content = yaml.dumpAsMap(descriptor);
writeToRepo(site, descriptorPath, new ByteArrayInputStream(content.getBytes()));
commitAllChanges(site);
} catch (Exception e) {
throw new UpgradeException("Plugin descriptor can't be read for site " + site);
}
}
Aggregations