[arvados] created: 2.1.0-2816-g80b2655db

git repository hosting git at public.arvados.org
Wed Aug 3 19:36:08 UTC 2022


        at  80b2655dbb69a4ceacce0a7f58845b3ee7fb5853 (commit)


commit 80b2655dbb69a4ceacce0a7f58845b3ee7fb5853
Author: Tom Clegg <tom at curii.com>
Date:   Wed Aug 3 15:34:07 2022 -0400

    19316: Change wb1 and sdk/cli to Oj.safe_load / strict_load.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/apps/workbench/app/controllers/actions_controller.rb b/apps/workbench/app/controllers/actions_controller.rb
index df489d2ee..7b8c8eafc 100644
--- a/apps/workbench/app/controllers/actions_controller.rb
+++ b/apps/workbench/app/controllers/actions_controller.rb
@@ -167,7 +167,7 @@ class ActionsController < ApplicationController
     flash = {}
 
     # set owner_uuid to current project, provided it is writable
-    action_data = Oj.load(params['action_data'] || "{}")
+    action_data = Oj.safe_load(params['action_data'] || "{}")
     if action_data['current_project_uuid'] and
         current_project = Group.find?(action_data['current_project_uuid']) and
         current_project.writable_by.andand.include?(current_user.uuid)
diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index 7481575a6..c2636bf5d 100644
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -152,12 +152,12 @@ class ApplicationController < ActionController::Base
     if params[:filters]
       filters = params[:filters]
       if filters.is_a? String
-        filters = Oj.load filters
+        filters = Oj.safe_load filters
       elsif filters.is_a? Array
         filters = filters.collect do |filter|
           if filter.is_a? String
             # Accept filters[]=["foo","=","bar"]
-            Oj.load filter
+            Oj.safe_load filter
           else
             # Accept filters=[["foo","=","bar"]]
             filter
@@ -361,7 +361,7 @@ class ApplicationController < ActionController::Base
     @updates.keys.each do |attr|
       if @object.send(attr).is_a? Hash
         if @updates[attr].is_a? String
-          @updates[attr] = Oj.load @updates[attr]
+          @updates[attr] = Oj.safe_load @updates[attr]
         end
         if params[:merge] || params["merge_#{attr}".to_sym]
           # Merge provided Hash with current Hash, instead of
diff --git a/apps/workbench/app/models/arvados_api_client.rb b/apps/workbench/app/models/arvados_api_client.rb
index 3c9bfa793..47fcc4ce5 100644
--- a/apps/workbench/app/models/arvados_api_client.rb
+++ b/apps/workbench/app/models/arvados_api_client.rb
@@ -40,7 +40,7 @@ class ArvadosApiClient
     def initialize(request_url, api_response)
       @api_status = api_response.status_code
       @api_response_s = api_response.content
-      @api_response = Oj.load(@api_response_s, :symbol_keys => true)
+      @api_response = Oj.strict_load(@api_response_s, :symbol_keys => true)
       errors = @api_response[:errors]
       if errors.respond_to?(:join)
         errors = errors.join("\n\n")
@@ -167,7 +167,7 @@ class ArvadosApiClient
     end
 
     begin
-      resp = Oj.load(msg.content, :symbol_keys => true)
+      resp = Oj.strict_load(msg.content, :symbol_keys => true)
     rescue Oj::ParseError
       resp = nil
     end
diff --git a/apps/workbench/test/test_helper.rb b/apps/workbench/test/test_helper.rb
index 84728b8c6..2e8ead94c 100644
--- a/apps/workbench/test/test_helper.rb
+++ b/apps/workbench/test/test_helper.rb
@@ -158,7 +158,7 @@ class ActiveSupport::TestCase
     }
   end
   def json_response
-    Oj.load(@response.body)
+    Oj.safe_load(@response.body)
   end
 end
 
diff --git a/sdk/cli/bin/arv b/sdk/cli/bin/arv
index f20268d19..e5aa4e4f2 100755
--- a/sdk/cli/bin/arv
+++ b/sdk/cli/bin/arv
@@ -172,7 +172,7 @@ def edit_and_commit_object initial_obj, tmp_stem, global_opts, &block
         # Load the new object
         newobj = case global_opts[:format]
                  when 'json'
-                   Oj.load(newcontent)
+                   Oj.safe_load(newcontent)
                  when 'yaml'
                    YAML.load(newcontent)
                  else

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list