From 80b2655dbb69a4ceacce0a7f58845b3ee7fb5853 Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Wed, 3 Aug 2022 15:34:07 -0400 Subject: [PATCH] 19316: Change wb1 and sdk/cli to Oj.safe_load / strict_load. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- apps/workbench/app/controllers/actions_controller.rb | 2 +- apps/workbench/app/controllers/application_controller.rb | 6 +++--- apps/workbench/app/models/arvados_api_client.rb | 4 ++-- apps/workbench/test/test_helper.rb | 2 +- sdk/cli/bin/arv | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/apps/workbench/app/controllers/actions_controller.rb b/apps/workbench/app/controllers/actions_controller.rb index df489d2eeb..7b8c8eafc8 100644 --- a/apps/workbench/app/controllers/actions_controller.rb +++ b/apps/workbench/app/controllers/actions_controller.rb @@ -167,7 +167,7 @@ class ActionsController < ApplicationController flash = {} # set owner_uuid to current project, provided it is writable - action_data = Oj.load(params['action_data'] || "{}") + action_data = Oj.safe_load(params['action_data'] || "{}") if action_data['current_project_uuid'] and current_project = Group.find?(action_data['current_project_uuid']) and current_project.writable_by.andand.include?(current_user.uuid) diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb index 7481575a61..c2636bf5d7 100644 --- a/apps/workbench/app/controllers/application_controller.rb +++ b/apps/workbench/app/controllers/application_controller.rb @@ -152,12 +152,12 @@ class ApplicationController < ActionController::Base if params[:filters] filters = params[:filters] if filters.is_a? String - filters = Oj.load filters + filters = Oj.safe_load filters elsif filters.is_a? Array filters = filters.collect do |filter| if filter.is_a? String # Accept filters[]=["foo","=","bar"] - Oj.load filter + Oj.safe_load filter else # Accept filters=[["foo","=","bar"]] filter @@ -361,7 +361,7 @@ class ApplicationController < ActionController::Base @updates.keys.each do |attr| if @object.send(attr).is_a? Hash if @updates[attr].is_a? String - @updates[attr] = Oj.load @updates[attr] + @updates[attr] = Oj.safe_load @updates[attr] end if params[:merge] || params["merge_#{attr}".to_sym] # Merge provided Hash with current Hash, instead of diff --git a/apps/workbench/app/models/arvados_api_client.rb b/apps/workbench/app/models/arvados_api_client.rb index 3c9bfa793d..47fcc4ce51 100644 --- a/apps/workbench/app/models/arvados_api_client.rb +++ b/apps/workbench/app/models/arvados_api_client.rb @@ -40,7 +40,7 @@ class ArvadosApiClient def initialize(request_url, api_response) @api_status = api_response.status_code @api_response_s = api_response.content - @api_response = Oj.load(@api_response_s, :symbol_keys => true) + @api_response = Oj.strict_load(@api_response_s, :symbol_keys => true) errors = @api_response[:errors] if errors.respond_to?(:join) errors = errors.join("\n\n") @@ -167,7 +167,7 @@ class ArvadosApiClient end begin - resp = Oj.load(msg.content, :symbol_keys => true) + resp = Oj.strict_load(msg.content, :symbol_keys => true) rescue Oj::ParseError resp = nil end diff --git a/apps/workbench/test/test_helper.rb b/apps/workbench/test/test_helper.rb index 84728b8c68..2e8ead94cd 100644 --- a/apps/workbench/test/test_helper.rb +++ b/apps/workbench/test/test_helper.rb @@ -158,7 +158,7 @@ class ActiveSupport::TestCase } end def json_response - Oj.load(@response.body) + Oj.safe_load(@response.body) end end diff --git a/sdk/cli/bin/arv b/sdk/cli/bin/arv index f20268d19a..e5aa4e4f2a 100755 --- a/sdk/cli/bin/arv +++ b/sdk/cli/bin/arv @@ -172,7 +172,7 @@ def edit_and_commit_object initial_obj, tmp_stem, global_opts, &block # Load the new object newobj = case global_opts[:format] when 'json' - Oj.load(newcontent) + Oj.safe_load(newcontent) when 'yaml' YAML.load(newcontent) else -- 2.30.2