From 9f56cc49228a59c9c9999aec8fcd20f689bceb3d Mon Sep 17 00:00:00 2001 From: Wandmalfarbe Date: Fri, 3 May 2024 20:01:22 +0200 Subject: [PATCH] chore(deps): bump Jackson from 1.9.12 to 2.18.2 - This fixes a high severity vulnerability in `org.codehaus.jackson:jackson-mapper-asl:1.9.12` (CVE-2019-10172). - It also fixes a high severity vulnerability in `org.codehaus.jackson:jackson-core-asl:1.9.12` (CVE-2019-10202). --- pom.xml | 12 ++-- .../com/adobe/epubcheck/api/EPUBLocation.java | 5 +- .../com/adobe/epubcheck/api/MasterReport.java | 4 +- .../epubcheck/reporting/CheckMessage.java | 3 +- .../epubcheck/reporting/CheckerMetadata.java | 2 +- .../epubcheck/reporting/CheckingReport.java | 3 +- .../epubcheck/reporting/ItemMetadata.java | 3 +- .../reporting/PublicationMetadata.java | 2 +- .../com/adobe/epubcheck/util/JsonWriter.java | 58 +++++++------------ 9 files changed, 37 insertions(+), 55 deletions(-) diff --git a/pom.xml b/pom.xml index 16d3671a2..2a1eb62a5 100644 --- a/pom.xml +++ b/pom.xml @@ -136,14 +136,14 @@ 3.9.4 - org.codehaus.jackson - jackson-core-asl - 1.9.12 + com.fasterxml.jackson.core + jackson-core + 2.18.2 - org.codehaus.jackson - jackson-mapper-asl - 1.9.12 + com.fasterxml.jackson.core + jackson-databind + 2.18.2 xerces diff --git a/src/main/java/com/adobe/epubcheck/api/EPUBLocation.java b/src/main/java/com/adobe/epubcheck/api/EPUBLocation.java index 51977a76a..36b867430 100644 --- a/src/main/java/com/adobe/epubcheck/api/EPUBLocation.java +++ b/src/main/java/com/adobe/epubcheck/api/EPUBLocation.java @@ -2,13 +2,12 @@ import java.io.File; -import org.codehaus.jackson.annotate.JsonProperty; -import org.codehaus.jackson.map.annotate.JsonSerialize; - import com.adobe.epubcheck.ocf.OCFContainer; import com.adobe.epubcheck.opf.ValidationContext; import com.adobe.epubcheck.util.JsonWriter; import com.adobe.epubcheck.util.PathUtil; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.google.common.base.Optional; import com.google.common.base.Preconditions; diff --git a/src/main/java/com/adobe/epubcheck/api/MasterReport.java b/src/main/java/com/adobe/epubcheck/api/MasterReport.java index a1b28b66d..69e85dab8 100644 --- a/src/main/java/com/adobe/epubcheck/api/MasterReport.java +++ b/src/main/java/com/adobe/epubcheck/api/MasterReport.java @@ -4,8 +4,6 @@ import java.util.HashSet; import java.util.Set; -import org.codehaus.jackson.annotate.JsonProperty; - import com.adobe.epubcheck.messages.Message; import com.adobe.epubcheck.messages.LocaleHolder; import com.adobe.epubcheck.messages.LocalizedMessageDictionary; @@ -15,6 +13,8 @@ import com.adobe.epubcheck.messages.Severity; import com.adobe.epubcheck.util.Messages; import com.adobe.epubcheck.util.ReportingLevel; +import com.fasterxml.jackson.annotation.JsonProperty; + import java.util.Locale; /** diff --git a/src/main/java/com/adobe/epubcheck/reporting/CheckMessage.java b/src/main/java/com/adobe/epubcheck/reporting/CheckMessage.java index 9fb5fb312..6efff16af 100644 --- a/src/main/java/com/adobe/epubcheck/reporting/CheckMessage.java +++ b/src/main/java/com/adobe/epubcheck/reporting/CheckMessage.java @@ -4,11 +4,10 @@ import java.util.Collections; import java.util.List; -import org.codehaus.jackson.annotate.JsonProperty; - import com.adobe.epubcheck.api.EPUBLocation; import com.adobe.epubcheck.messages.Message; import com.adobe.epubcheck.messages.Severity; +import com.fasterxml.jackson.annotation.JsonProperty; @SuppressWarnings("FieldCanBeLocal") public class CheckMessage implements Comparable diff --git a/src/main/java/com/adobe/epubcheck/reporting/CheckerMetadata.java b/src/main/java/com/adobe/epubcheck/reporting/CheckerMetadata.java index 0a1ae59b5..175d5562c 100644 --- a/src/main/java/com/adobe/epubcheck/reporting/CheckerMetadata.java +++ b/src/main/java/com/adobe/epubcheck/reporting/CheckerMetadata.java @@ -2,7 +2,7 @@ import com.adobe.epubcheck.util.PathUtil; import com.adobe.epubcheck.util.outWriter; -import org.codehaus.jackson.annotate.JsonProperty; +import com.fasterxml.jackson.annotation.JsonProperty; import java.io.File; import java.text.SimpleDateFormat; diff --git a/src/main/java/com/adobe/epubcheck/reporting/CheckingReport.java b/src/main/java/com/adobe/epubcheck/reporting/CheckingReport.java index c51d61af6..4549eec71 100644 --- a/src/main/java/com/adobe/epubcheck/reporting/CheckingReport.java +++ b/src/main/java/com/adobe/epubcheck/reporting/CheckingReport.java @@ -9,8 +9,6 @@ import java.util.List; import java.util.Map; -import org.codehaus.jackson.annotate.JsonProperty; - import com.adobe.epubcheck.api.EPUBLocation; import com.adobe.epubcheck.api.EpubCheck; import com.adobe.epubcheck.api.MasterReport; @@ -19,6 +17,7 @@ import com.adobe.epubcheck.util.JsonWriter; import com.adobe.epubcheck.util.PathUtil; import com.adobe.epubcheck.util.outWriter; +import com.fasterxml.jackson.annotation.JsonProperty; public class CheckingReport extends MasterReport { diff --git a/src/main/java/com/adobe/epubcheck/reporting/ItemMetadata.java b/src/main/java/com/adobe/epubcheck/reporting/ItemMetadata.java index 14a200056..5f73324f1 100644 --- a/src/main/java/com/adobe/epubcheck/reporting/ItemMetadata.java +++ b/src/main/java/com/adobe/epubcheck/reporting/ItemMetadata.java @@ -4,9 +4,8 @@ import java.util.SortedSet; import java.util.TreeSet; -import org.codehaus.jackson.annotate.JsonProperty; - import com.adobe.epubcheck.util.FeatureEnum; +import com.fasterxml.jackson.annotation.JsonProperty; public class ItemMetadata implements Comparable { diff --git a/src/main/java/com/adobe/epubcheck/reporting/PublicationMetadata.java b/src/main/java/com/adobe/epubcheck/reporting/PublicationMetadata.java index 474834c45..dd84ee4ae 100644 --- a/src/main/java/com/adobe/epubcheck/reporting/PublicationMetadata.java +++ b/src/main/java/com/adobe/epubcheck/reporting/PublicationMetadata.java @@ -1,7 +1,7 @@ package com.adobe.epubcheck.reporting; import com.adobe.epubcheck.util.FeatureEnum; -import org.codehaus.jackson.annotate.JsonProperty; +import com.fasterxml.jackson.annotation.JsonProperty; import java.util.ArrayList; import java.util.LinkedHashSet; diff --git a/src/main/java/com/adobe/epubcheck/util/JsonWriter.java b/src/main/java/com/adobe/epubcheck/util/JsonWriter.java index b25641939..11e1fb413 100644 --- a/src/main/java/com/adobe/epubcheck/util/JsonWriter.java +++ b/src/main/java/com/adobe/epubcheck/util/JsonWriter.java @@ -3,64 +3,50 @@ import java.io.IOException; import java.io.PrintWriter; -import org.codehaus.jackson.JsonFactory; -import org.codehaus.jackson.JsonGenerator; -import org.codehaus.jackson.JsonProcessingException; -import org.codehaus.jackson.map.JsonSerializer; -import org.codehaus.jackson.map.ObjectMapper; -import org.codehaus.jackson.map.SerializationConfig; -import org.codehaus.jackson.map.SerializerProvider; - +import com.fasterxml.jackson.core.JsonFactory; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.json.JsonWriteFeature; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.MapperFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.fasterxml.jackson.databind.SerializerProvider; import com.google.common.base.Optional; /** * This is used to create json output */ -public class JsonWriter -{ - public static class OptionalJsonSerializer extends JsonSerializer> { +public class JsonWriter{ + public static class OptionalJsonSerializer extends JsonSerializer> { @Override - public void serialize(Optional value, JsonGenerator jgen, SerializerProvider provider) - throws IOException, - JsonProcessingException - { -// jgen.writeStartObject(); + public void serialize(Optional value, JsonGenerator jgen, SerializerProvider provider) + throws IOException { jgen.writeString(value.orNull()); -// jgen.writeEndObject(); - } - - } - - private ObjectMapper objectMapper; - private JsonWriter(ObjectMapper objectMapper) - { - if (objectMapper == null) - { + private final ObjectMapper objectMapper; + + private JsonWriter(ObjectMapper objectMapper) { + if (objectMapper == null) { throw new IllegalArgumentException("objectMapper argument is required."); } this.objectMapper = objectMapper; } - public static JsonWriter createJsonWriter(boolean pretty) - { + public static JsonWriter createJsonWriter(boolean pretty) { JsonFactory jf = new JsonFactory(); ObjectMapper om = new ObjectMapper(jf); om.configure(JsonGenerator.Feature.AUTO_CLOSE_TARGET, false); - om.configure(JsonGenerator.Feature.ESCAPE_NON_ASCII, true); - om.configure(SerializationConfig.Feature.INDENT_OUTPUT, pretty); - om.configure(SerializationConfig.Feature.AUTO_DETECT_GETTERS, false); - om.configure(SerializationConfig.Feature.FAIL_ON_EMPTY_BEANS, false); + om.configure(JsonWriteFeature.ESCAPE_NON_ASCII.mappedFeature(), true); + om.configure(SerializationFeature.INDENT_OUTPUT, pretty); + om.configure(MapperFeature.AUTO_DETECT_GETTERS, false); + om.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false); return new JsonWriter(om); } - public void writeJson(Object content, PrintWriter pw) - throws - IOException - { + public void writeJson(Object content, PrintWriter pw) throws IOException { this.objectMapper.writeValue(pw, content); } }