Closed jonnii closed 3 years ago
Updated to note that this still persists with 2.5.1.
We probably need to remove that SafeConstructor
I'm unsure we should, there are open CVEs related to using SnakeYAML without it https://securitylab.github.com/research/swagger-yaml-parser-vulnerability/
@graemerocher is there a work around you can suggest?
Can you provide an example that reproduces the issue?
@jonnii The snippet you included parses OK. Need an example to pursue this further
I've been working on creating a reproduction and in the process I've realized that my initial thoughts are/were a red herring. At this point I'm trying to narrow it down.
Ok I've narrowed down the problem, turns out it's nothing like what I originally thought it was. We do the following as part of our tests to make them run in parallel:
tasks.withType(Test) {
systemProperty("junit.jupiter.execution.parallel.enabled", true)
systemProperty("junit.jupiter.execution.parallel.mode.default", "concurrent")
systemProperty("kotest.framework.parallelism", "4") // <-- this is what causes the issue
}
Removing the kotest framework parallelization makes everything work fine, which is a little surprising.
The same happens to me with the property junit.jupiter.execution.parallel.enabled = true
Somebody needs to provide an example with steps to reproduce
Here you will find an example https://github.com/noeliajimenezg/micronaut-issue-5388 If you comment one of the 2 test classes, the tests run fine but if you want to run both classes, it throws the error.
While trying to upgrade to
2.5.1
from2.4.2
our test suite fails to load ourapplication.yml
from test resources which we use to override a variety of options, most notably the jwt secret settings.We believe the part of the config causing the issue is:
An example of the stack trace caused is as follows:
Additionally we have noted that running a version of
2.5.0
with #5306 (Init/Bean context performance improvements) reverted does not have the same problem. As an additional note a similar change to the Yaml constructor was reverted previously https://github.com/micronaut-projects/micronaut-core/commit/30c3a1480f529734a56db4184ad77ca4a805130d#diff-443c370ab31590ea9d58cfa3682e9cd761a2554511e2b4665212a9fc88f9ff3e.The line in question in the above diff is the change:
Task List
Environment Information
Please let me know if there's any additional information that would be useful to provide to help pin this down.