Loading...

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: EAP-XP-4.0.3.GA
Affects Version/s: EAP-XP-4.0.z.GA
Component/s: MP OpenAPI
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

EAP-XP-4.0.z.GA
Git Pull Request:
https://github.com/smallrye/smallrye-open-api/pull/1634
Steps to Reproduce:

Hide

Run the related MicroProfile TS test against WildFly 28 Beat SNAPSHOT: https://github.com/jboss-eap-qe/eap-microprofile-test-suite/blob/master/microprofile-open-api/src/test/java/org/jboss/eap/qe/microprofile/openapi/advanced/misc/StaticFilesTest.java

Show
Run the related MicroProfile TS test against WildFly 28 Beat SNAPSHOT: https://github.com/jboss-eap-qe/eap-microprofile-test-suite/blob/master/microprofile-open-api/src/test/java/org/jboss/eap/qe/microprofile/openapi/advanced/misc/StaticFilesTest.java
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

CVE-2022-25857 was solved in SnakeYaml so that it now sets a default constraint of 3 MB when loading static files.

XP4 is affected since we fixed JBEAP-24360 in EAP 7.4 via the snakeyaml upgrade to 1.33.0.redhat-00001 .

ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.undertow.host.default-server.default-host./big/openapi: org.jboss.msc.service.StartException in service org.wildfly.undertow.host.default-server.default-host./big/openapi: io.smallrye.openapi.runtime.OpenApiRuntimeException: com.fasterxml.jackson.dataformat.yaml.JacksonYAMLParseException: The incoming YAML document exceeds the limit: 3145728 code points.
 at [Source: (FileInputStream); line: 109594, column: 25]
	at org.wildfly.clustering.service@7.4.10.GA-redhat-00002//org.wildfly.clustering.service.FunctionalService.start(FunctionalService.java:66)
	at org.jboss.msc@1.4.12.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
	at org.jboss.msc@1.4.12.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
	at org.jboss.msc@1.4.12.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: io.smallrye.openapi.runtime.OpenApiRuntimeException: com.fasterxml.jackson.dataformat.yaml.JacksonYAMLParseException: The incoming YAML document exceeds the limit: 3145728 code points.
 at [Source: (FileInputStream); line: 109594, column: 25]
	at io.smallrye.openapi@2.1.2.redhat-00001//io.smallrye.openapi.runtime.OpenApiProcessor.modelFromStaticFile(OpenApiProcessor.java:103)
	at org.wildfly.extension.microprofile.openapi-smallrye@4.0.0.GA-redhat-00017//org.wildfly.extension.microprofile.openapi.deployment.OpenAPIModelServiceConfigurator.get(OpenAPIModelServiceConfigurator.java:169)
	at org.wildfly.extension.microprofile.openapi-smallrye@4.0.0.GA-redhat-00017//org.wildfly.extension.microprofile.openapi.deployment.OpenAPIModelServiceConfigurator.get(OpenAPIModelServiceConfigurator.java:96)
	at org.wildfly.clustering.service@7.4.10.GA-redhat-00002//org.wildfly.clustering.service.FunctionalService.start(FunctionalService.java:63)
	... 8 more
Caused by: com.fasterxml.jackson.dataformat.yaml.JacksonYAMLParseException: The incoming YAML document exceeds the limit: 3145728 code points.
 at [Source: (FileInputStream); line: 109594, column: 25]
	at com.fasterxml.jackson.dataformat.jackson-dataformat-yaml@2.12.1.redhat-00001//com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:409)
	at com.fasterxml.jackson.core.jackson-core@2.12.7.redhat-00003//com.fasterxml.jackson.core.JsonParser.nextFieldName(JsonParser.java:986)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:269)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:277)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:277)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:277)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:277)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:277)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:69)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:16)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:322)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.ObjectMapper._readTreeAndClose(ObjectMapper.java:4635)
	at com.fasterxml.jackson.core.jackson-databind@2.12.7.redhat-00003//com.fasterxml.jackson.databind.ObjectMapper.readTree(ObjectMapper.java:3023)
	at io.smallrye.openapi@2.1.2.redhat-00001//io.smallrye.openapi.runtime.io.OpenApiParser.parse(OpenApiParser.java:76)
	at io.smallrye.openapi@2.1.2.redhat-00001//io.smallrye.openapi.runtime.OpenApiProcessor.modelFromStaticFile(OpenApiProcessor.java:101)
	... 11 more
Caused by: org.yaml.snakeyaml.error.YAMLException: The incoming YAML document exceeds the limit: 3145728 code points.
	at org.yaml.snakeyaml@1.33.0.SP1-redhat-00001//org.yaml.snakeyaml.scanner.ScannerImpl.fetchMoreTokens(ScannerImpl.java:342)
	at org.yaml.snakeyaml@1.33.0.SP1-redhat-00001//org.yaml.snakeyaml.scanner.ScannerImpl.checkToken(ScannerImpl.java:263)
	at org.yaml.snakeyaml@1.33.0.SP1-redhat-00001//org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:662)
	at org.yaml.snakeyaml@1.33.0.SP1-redhat-00001//org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:185)
	at org.yaml.snakeyaml@1.33.0.SP1-redhat-00001//org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:195)
	at com.fasterxml.jackson.dataformat.jackson-dataformat-yaml@2.12.1.redhat-00001//com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:403)

clones

JBEAP-24435 MP OpenAPI - Loading static files bigger than 3MB fails since SmallRye OpenAPI 3.0.1 uses new SnakeYaml that sets a constraint

Closed

is incorporated by

JBEAP-26007 Upgrade SmallRye OpenAPI from 2.1.2.redhat-00001 to 2.1.24.redhat-00001

New

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates