-
-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JENKINS-73687] Make deserialization of Map
fields in XML files more robust
#9653
[JENKINS-73687] Make deserialization of Map
fields in XML files more robust
#9653
Conversation
See x-stream/xstream#106 and https://issues.jenkins.io/browse/JENKINS-49169 and #3248 for some context. |
Yes, I think x-stream/xstream#106 would have prevented the main issue here.
With this patch, Jenkins core no longer has any calls to
There are some converters in plugins though which call |
After some filtering, I think there are really only 4 semi-relevant plugins, but none of them seem particularly problematic:
Usage in other plugins was either guarded by |
Map
fields in XML files more robust
Here is an example of the error message with 41433d8 showing that the path to the relevant element is included in the message:
|
Map
fields in XML files more robustMap
fields in XML files more robust
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I followed all the discussion.
Not sure what the preferred process is here. The PR has the necessary approvals. Should I just add the |
Yes, you can add the ready-for-merge label and start the 24 merge clock yourself. |
See JENKINS-73687.
I was recently made aware of a change in
hashicorp-vault
plugin that accidentally broke serial compatibility of a folder property in a way that unexpectedly caused the folder to become very corrupted after deserialization. See jenkinsci/hashicorp-vault-plugin#326 (comment) for details, but the summary is thatconfig.xml
for the folder had an element for a map which looked like this associated with a field of typeMap<String, Calendar>
, which is not correct.The correct format would have been something like this:
This led to a bare
RuntimeException
being thrown here as a result of this call, which expects that it has just read the<entry>
element and needs to move down to read the key, but in this case has in fact just read the element named<time>
, and so there are no children to read:jenkins/core/src/main/java/hudson/util/RobustMapConverter.java
Line 67 in fb09eaf
Since this is a
RuntimeException
, it actually escapes quite far up through the converter hierarchy until it is caught here and then the wrapped exception is caught inRobustReflectionConverter.doUnmarshal
, but at that point things go pretty badly wrong and the content thatXStream
is reading is associated with the wrong field in the class, leading to further problems and eventually a corrupted object. In the original issue, I saw this warning in the logs:Cannot convert type hudson.util.DescribableList to type hudson.model.ViewGroup
, indicating pretty bad type confusion.Here is the full stack trace of the
OldDataMontior
warning:Here are some things that I still want to check:
XStream
throwsRuntimeException
where we'd like for one of ourRobust*Converter
classes to instead just ignore the offending element?Map
fields in XML files more robust #9653 (comment). I did not see any other obvious things that we can improve here.Testing done
Proposed changelog entries
Map
fields in XML files more robust.Proposed upgrade guidelines
N/A
Submitter checklist
Desired reviewers
Before the changes are marked as
ready-for-merge
:Maintainer checklist