Skip to content

Disable Jackson default JSON processing limits#17854

Merged
findepi merged 1 commit intotrinodb:masterfrom
wendigo:serafin/json-factory-ban
Jun 21, 2023
Merged

Disable Jackson default JSON processing limits#17854
findepi merged 1 commit intotrinodb:masterfrom
wendigo:serafin/json-factory-ban

Conversation

@wendigo
Copy link
Copy Markdown
Contributor

@wendigo wendigo commented Jun 12, 2023
edited by findepi
Loading

Description

Additional context and related issues

Release notes

( ) This is not user-visible or docs only and no release notes are required.
( ) Release notes are required, please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

Fixes #17843

@wendigo wendigo requested a review from kokosing June 12, 2023 15:00
@cla-bot cla-bot bot added the cla-signed label Jun 12, 2023
@wendigo wendigo requested a review from hashhar June 12, 2023 15:00
@wendigo
Copy link
Copy Markdown
Contributor Author

wendigo commented Jun 12, 2023

I tried to create smallest change possible

@github-actions github-actions bot added iceberg Iceberg connector tests:hive labels Jun 12, 2023
electrum
electrum approved these changes Jun 12, 2023
View reviewed changes
@wendigo wendigo force-pushed the serafin/json-factory-ban branch from bcd058c to 5abda7b Compare June 12, 2023 18:44
findepi
findepi reviewed Jun 12, 2023
View reviewed changes
@wendigo wendigo force-pushed the serafin/json-factory-ban branch 3 times, most recently from f8f79a5 to e6ee843 Compare June 13, 2023 04:22
hashhar
hashhar approved these changes Jun 13, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@hashhar hashhar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good % comments.

re: allowing default factory on serialization paths - we won't know when code is introduced in the serialization places which also does de-serialization. Why not use the no-limits JsonFactory in serialization path as well - doesn't seem to hurt?

@wendigo wendigo force-pushed the serafin/json-factory-ban branch from e6ee843 to 3483904 Compare June 13, 2023 07:37
@wendigo wendigo requested review from findepi and hashhar June 13, 2023 07:37
kokosing
kokosing reviewed Jun 13, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@kokosing kokosing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change not only ban json direct usage of JsonFactory but it also fixes #17843. Logically these are two different changes it would be nice to keep them as separate commits. Also we should provide test coverage for #17843

@wendigo wendigo force-pushed the serafin/json-factory-ban branch from 3483904 to c340024 Compare June 14, 2023 08:57
@wendigo wendigo requested review from electrum, kokosing and martint June 14, 2023 08:58
hashhar
hashhar approved these changes Jun 14, 2023
View reviewed changes
@wendigo wendigo force-pushed the serafin/json-factory-ban branch from c340024 to d723f00 Compare June 14, 2023 12:07
@findepi
Copy link
Copy Markdown
Member

findepi commented Jun 14, 2023

added "Fixes #17843" in the description

findepi
findepi requested changes Jun 14, 2023
View reviewed changes
@findepi
Copy link
Copy Markdown
Member

findepi commented Jun 19, 2023

#17854 (comment) is resolved, please help me understand what the resolution is.
What TrinoJsonFactory subclass is for?

@wendigo
Copy link
Copy Markdown
Contributor Author

wendigo commented Jun 19, 2023

@findepi disallow mutating already configured JsonFacfory. Instead you should use a builder if you want a different configuration. This makes it easier to reason about factories that are used since they configuration is immutable in the runtime

@findepi findepi mentioned this pull request Jun 19, 2023
Merged
@wendigo wendigo force-pushed the serafin/json-factory-ban branch 2 times, most recently from 82e38e3 to e27855f Compare June 21, 2023 10:26
@wendigo
Copy link
Copy Markdown
Contributor Author

wendigo commented Jun 21, 2023

@findepi @kokosing dropped the immutability checks. Please review

findepi
findepi reviewed Jun 21, 2023
View reviewed changes
@wendigo wendigo force-pushed the serafin/json-factory-ban branch from e27855f to 5a4aac1 Compare June 21, 2023 12:11
@wendigo wendigo requested review from findepi and losipiuk June 21, 2023 12:11
findepi
findepi reviewed Jun 21, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@findepi findepi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Provide safe way to create JsonFactories"

findepi
findepi reviewed Jun 21, 2023
View reviewed changes
@findepi
Copy link
Copy Markdown
Member

findepi commented Jun 21, 2023

lgtm %

@wendigo wendigo force-pushed the serafin/json-factory-ban branch from 5a4aac1 to a9dbb01 Compare June 21, 2023 13:44
@wendigo wendigo requested a review from findepi June 21, 2023 14:21
findepi
findepi approved these changes Jun 21, 2023
View reviewed changes
@findepi
Copy link
Copy Markdown
Member

findepi commented Jun 21, 2023

CI checkstyle failure looks related

@wendigo wendigo force-pushed the serafin/json-factory-ban branch 2 times, most recently from b929265 to 48e5c93 Compare June 21, 2023 15:53
@wendigo @findepi
Disable Jackson default JSON processing limits
89c61de 
Jackson 2.15 introduced read constraints that are meant to protect deserialization path
from deeply nested/long string JSON documents. Introduced limits are too small for Trino
to work properly. Airlift is already disabling those limits when ObjectMapperProvider is used.

Additionaly ban direct usage of JsonFactory and JsonFactoryBuilder.
Instead JsonUtils.jsonFactory() or JsonUtils.jsonFactoryBuilder() should be used.
@findepi findepi changed the title Provide safe way to create JsonFactories Disable Jackson default JSON processing limits Jun 21, 2023
@findepi findepi force-pushed the serafin/json-factory-ban branch from 48e5c93 to 89c61de Compare June 21, 2023 20:35
@findepi findepi merged commit 0c0f86c into trinodb:master Jun 21, 2023
@wendigo wendigo deleted the serafin/json-factory-ban branch June 21, 2023 20:38
@github-actions github-actions bot added this to the 420 milestone Jun 21, 2023
@colebow colebow mentioned this pull request Jun 22, 2023
Merged
@sgoncharov1 sgoncharov1 mentioned this pull request Sep 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@findepi findepi findepi approved these changes

@kokosing kokosing kokosing approved these changes

@chenjian2664 chenjian2664 chenjian2664 approved these changes

@electrum electrum Awaiting requested review from electrum

@martint martint Awaiting requested review from martint

@hashhar hashhar Awaiting requested review from hashhar

@losipiuk losipiuk Awaiting requested review from losipiuk

Assignees

No one assigned

Labels

cla-signed iceberg Iceberg connector

Milestone

420

Development

Successfully merging this pull request may close these issues.

JSON functions fail on large input due to Jackson's string length limit

8 participants

@wendigo @findepi @martint @electrum @losipiuk @kokosing @hashhar @chenjian2664