Loading...

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 8.0.0.GA-CR1, 8.0.0.GA
Affects Version/s: None
Component/s: MP OpenAPI
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

8.0.0.GA
Steps to Reproduce:

Hide

Run the related MicroProfile TS test against WildFly 28 Beat SNAPSHOT: https://github.com/jboss-eap-qe/eap-microprofile-test-suite/blob/master/microprofile-open-api/src/test/java/org/jboss/eap/qe/microprofile/openapi/advanced/misc/StaticFilesTest.java

Show
Run the related MicroProfile TS test against WildFly 28 Beat SNAPSHOT: https://github.com/jboss-eap-qe/eap-microprofile-test-suite/blob/master/microprofile-open-api/src/test/java/org/jboss/eap/qe/microprofile/openapi/advanced/misc/StaticFilesTest.java
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

CVE-2022-25857 was solved in SnakeYaml so that it now sets a default constraint of 3 MB when loading static files.

WildFly 28 Beta - which is the base for EAP 8 GA and which currently uses SmallRye OpenAPI 3.0.1 since ~~WFLY-17197~~ - is failing at loading files that are larger than such default value, since OpenApiProcessor does not provide any way to customize such limit when building a YAMLFactory and its related YAMLParser:

&amp#27;[0m&amp#27;[31m22:31:25,836 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.undertow.host.default-server.default-host./big/openapi: org.jboss.msc.service.StartException in service org.wildfly.undertow.host.default-server.default-host./big/openapi: io.smallrye.openapi.runtime.OpenApiRuntimeException: com.fasterxml.jackson.dataformat.yaml.JacksonYAMLParseException: The incoming YAML document exceeds the limit: 3145728 code points.
 at [Source: (FileInputStream); line: 109594, column: 25]
	at org.wildfly.clustering.service@28.0.0.Beta1-202301072046-b985cc92//org.wildfly.clustering.service.FunctionalService.start(FunctionalService.java:66)
	at org.jboss.msc@1.5.0.Beta4//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1590)
	at org.jboss.msc@1.5.0.Beta4//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1553)
	at org.jboss.msc@1.5.0.Beta4//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1411)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: io.smallrye.openapi.runtime.OpenApiRuntimeException: com.fasterxml.jackson.dataformat.yaml.JacksonYAMLParseException: The incoming YAML document exceeds the limit: 3145728 code points.
 at [Source: (FileInputStream); line: 109594, column: 25]
	at io.smallrye.openapi//io.smallrye.openapi.runtime.OpenApiProcessor.modelFromStaticFile(OpenApiProcessor.java:103)
	at org.wildfly.extension.microprofile.openapi-smallrye@28.0.0.Beta1-202301072046-b985cc92//org.wildfly.extension.microprofile.openapi.deployment.OpenAPIModelServiceConfigurator.get(OpenAPIModelServiceConfigurator.java:161)
	at org.wildfly.extension.microprofile.openapi-smallrye@28.0.0.Beta1-202301072046-b985cc92//org.wildfly.extension.microprofile.openapi.deployment.OpenAPIModelServiceConfigurator.get(OpenAPIModelServiceConfigurator.java:90)
	at org.wildfly.clustering.service@28.0.0.Beta1-202301072046-b985cc92//org.wildfly.clustering.service.FunctionalService.start(FunctionalService.java:63)
	... 8 more
Caused by: com.fasterxml.jackson.dataformat.yaml.JacksonYAMLParseException: The incoming YAML document exceeds the limit: 3145728 code points.
 at [Source: (FileInputStream); line: 109594, column: 25]
	at com.fasterxml.jackson.dataformat.jackson-dataformat-yaml@2.13.4//com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:409)
	at com.fasterxml.jackson.core.jackson-core@2.13.4//com.fasterxml.jackson.core.JsonParser.nextFieldName(JsonParser.java:1038)
	at com.fasterxml.jackson.core.jackson-databind@2.13.4.2//com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer._deserializeContainerNoRecursion(JsonNodeDeserializer.java:440)
	at com.fasterxml.jackson.core.jackson-databind@2.13.4.2//com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:84)
	at com.fasterxml.jackson.core.jackson-databind@2.13.4.2//com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:20)
	at com.fasterxml.jackson.core.jackson-databind@2.13.4.2//com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323)
	at com.fasterxml.jackson.core.jackson-databind@2.13.4.2//com.fasterxml.jackson.databind.ObjectMapper._readTreeAndClose(ObjectMapper.java:4716)
	at com.fasterxml.jackson.core.jackson-databind@2.13.4.2//com.fasterxml.jackson.databind.ObjectMapper.readTree(ObjectMapper.java:3056)
	at io.smallrye.openapi//io.smallrye.openapi.runtime.io.OpenApiParser.parse(OpenApiParser.java:76)
	at io.smallrye.openapi//io.smallrye.openapi.runtime.OpenApiProcessor.modelFromStaticFile(OpenApiProcessor.java:101)
	... 11 more
Caused by: org.yaml.snakeyaml.error.YAMLException: The incoming YAML document exceeds the limit: 3145728 code points.
	at org.yaml.snakeyaml//org.yaml.snakeyaml.scanner.ScannerImpl.fetchMoreTokens(ScannerImpl.java:342)
	at org.yaml.snakeyaml//org.yaml.snakeyaml.scanner.ScannerImpl.checkToken(ScannerImpl.java:263)
	at org.yaml.snakeyaml//org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:662)
	at org.yaml.snakeyaml//org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:185)
	at org.yaml.snakeyaml//org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:195)
	at com.fasterxml.jackson.dataformat.jackson-dataformat-yaml@2.13.4//com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:403)
	... 20 more

There's a draft fix to SmallRye OpenAPI, which is blocked until a new release of jackson-jackson-dataformats-text 2.14 is published.

clones

WFLY-17496 MP OpenAPI - Loading static files bigger than 3MB fails since SmallRye OpenAPI 3.0.1 uses new SnakeYaml that sets a constraint

Closed

is cloned by

JBEAP-24960 (4.0.z) MP OpenAPI - Loading static files bigger than 3MB fails

Resolved

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates