#893
84%

Ran 17 Mar 2024 08:57PM UTC

Jobs 1

Files 117

Run time 1min

Badge

Embed ▾

Committed 17 Mar 2024 08:36PM UTC coverage: 84.091% (-0.3%) from 84.412%

Build # #893

Build Type

push

Committed by

rmpestano

Commit Message

Add SnakeYAML 2.x compatibility

SnakeYaml 2.0 solved the unsafe deserialization vulnerability
by changing the default behavior of constructed `Yaml`
instance to restrict types which can be instantiated during
deserialization.

This behavior made impossible to define custom DataSet
replacers in YAML as they must be instantiated during
deserialization.

E.g.
caseInsensitiveStrategy: !!com.github.database.rider.core.api.configuration.Orthography 'LOWERCASE'
properties:
  replacers: [!!my.package.WktReplacer {}]

Both `Orthography` enum and `WktReplacer` could not be
instantiated during YAML deserialization.

This commit fixes this behavior by configuring SnakeYAML 2.x
to use the old behavior (allow any class to be instantiated).

This is acceptable solution as dbunit.yml is loaded from the
trusted source, so the mentioned vulnerability is not relevant
here.

See:
* https://www.cve.org/CVERecord?id=CVE-2022-1471

Fixes #575

Run Details

7 of 22 new or added lines in 2 files covered. (31.82%)

3071 of 3652 relevant lines covered (84.09%)

0.84 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	#893.1	17 Mar 2024 08:58PM UTC	0	84.09

Source Files on build #893

Detailed source file information is not available for this build.

database-rider / database-rider / #893
84%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #893

database-rider / database-rider / #893 84%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #893

database-rider / database-rider / #893
84%

README BADGES
x