public static synchronized void init() { if (fixed || !enabled) { return; } fix(); }
private static void fix() { try { ClassLoader classLoader = JvmUtils.correctClassLoader(DoSFix.class.getClassLoader()); ClassPool pool = new ClassPool(ClassPool.getDefault()); pool.appendClassPath(new LoaderClassPath(classLoader)); fixParserBase(classLoader, pool); fixReaderParser(classLoader, pool); fixStreamParser(classLoader, pool); fixByteSourceJsonBootstrapper(classLoader, pool); CtClass ctJsonFactoryFixedClass = fixJsonFactory(classLoader, pool); fixMappingJsonFactoryClass(classLoader, pool, ctJsonFactoryFixedClass); fixed = true; } catch (Throwable e) { throw new IllegalStateException( "Failed to fix jackson DoS bug.", e); } }
@SuppressWarnings("deprecation") public RestObjectMapper() { super(DoSFix.createJsonFactory()); // swagger中要求date使用ISO8601格式传递,这里与之做了功能绑定,这在cse中是没有问题的 setDateFormat(new com.fasterxml.jackson.databind.util.ISO8601DateFormat() { private static final long serialVersionUID = 7798938088541203312L; // to support millis @Override public StringBuffer format(Date date, StringBuffer toAppendTo, FieldPosition fieldPosition) { String value = com.fasterxml.jackson.databind.util.ISO8601Utils.format(date, true); toAppendTo.append(value); return toAppendTo; } }); getFactory().disable(Feature.AUTO_CLOSE_SOURCE); // Enable features that can tolerance errors and not enable those make more constraints for compatible reasons. // Developers can use validation api to do more checks. disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); disable(SerializationFeature.FAIL_ON_EMPTY_BEANS); enable(DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS); enable(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY); SimpleModule module = new SimpleModule(); // custom types module.addSerializer(JsonObject.class, new JsonObjectSerializer()); registerModule(module); }
@SuppressWarnings("deprecation") public RestObjectMapper() { super(DoSFix.createJsonFactory()); // swagger中要求date使用ISO8601格式传递,这里与之做了功能绑定,这在cse中是没有问题的 setDateFormat(new com.fasterxml.jackson.databind.util.ISO8601DateFormat() { private static final long serialVersionUID = 7798938088541203312L; // to support millis @Override public StringBuffer format(Date date, StringBuffer toAppendTo, FieldPosition fieldPosition) { String value = com.fasterxml.jackson.databind.util.ISO8601Utils.format(date, true); toAppendTo.append(value); return toAppendTo; } }); getFactory().disable(Feature.AUTO_CLOSE_SOURCE); // Enable features that can tolerance errors and not enable those make more constraints for compatible reasons. // Developers can use validation api to do more checks. disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); disable(SerializationFeature.FAIL_ON_EMPTY_BEANS); enable(DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS); enable(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY); SimpleModule module = new SimpleModule(); // custom types module.addSerializer(JsonObject.class, new JsonObjectSerializer()); registerModule(module); }
private static void fix() { try { ClassLoader classLoader = JvmUtils.correctClassLoader(DoSFix.class.getClassLoader()); ClassPool pool = new ClassPool(ClassPool.getDefault()); pool.appendClassPath(new LoaderClassPath(classLoader)); fixParserBase(classLoader, pool); fixReaderParser(classLoader, pool); fixStreamParser(classLoader, pool); fixByteSourceJsonBootstrapper(classLoader, pool); CtClass ctJsonFactoryFixedClass = fixJsonFactory(classLoader, pool); fixMappingJsonFactoryClass(classLoader, pool, ctJsonFactoryFixedClass); fixed = true; } catch (Throwable e) { throw new IllegalStateException( "Failed to fix jackson DoS bug.", e); } }
public static synchronized void init() { if (fixed || !enabled) { return; } fix(); }