diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 3f6893d634..13089b9efc 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -27,7 +27,7 @@ jobs: dry-run: false language: jvm - name: Upload Crash - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 if: failure() && steps.build.outcome == 'success' with: name: artifacts diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8a51041473..c7d905ede0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,7 +30,7 @@ jobs: env: JAVA_OPTS: "-XX:+TieredCompilation -XX:TieredStopAtLevel=1" steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Set up JDK uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 804d9102ad..34db713a80 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: - name: Validate version name run: | [[ "$TAG" =~ jackson-core-[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)? ]] || exit 1 - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Set up JDK uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index bf7e152373..6ae0d15441 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false @@ -52,7 +52,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 with: name: SARIF file path: results.sarif @@ -60,6 +60,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df5a14dc28094dc936e103b37d749c6628682b60 # v3.25.0 + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 with: sarif_file: results.sarif diff --git a/src/test/java/tools/jackson/core/JDKSerializabilityTest.java b/src/test/java/tools/jackson/core/JDKSerializabilityTest.java index de7b27edf2..4261dfba2a 100644 --- a/src/test/java/tools/jackson/core/JDKSerializabilityTest.java +++ b/src/test/java/tools/jackson/core/JDKSerializabilityTest.java @@ -12,6 +12,8 @@ import tools.jackson.core.util.JsonRecyclerPools; import tools.jackson.core.util.RecyclerPool; +import static com.fasterxml.jackson.core.util.JdkSerializationTestUtils.jdkDeserialize; +import static com.fasterxml.jackson.core.util.JdkSerializationTestUtils.jdkSerialize; import static org.junit.jupiter.api.Assertions.*; /** @@ -263,29 +265,6 @@ void pointerSerializationEmpty() throws Exception /********************************************************************** */ - protected byte[] jdkSerialize(Object o) throws IOException - { - ByteArrayOutputStream bytes = new ByteArrayOutputStream(1000); - ObjectOutputStream obOut = new ObjectOutputStream(bytes); - obOut.writeObject(o); - obOut.close(); - return bytes.toByteArray(); - } - - @SuppressWarnings("unchecked") - protected T jdkDeserialize(byte[] raw) throws IOException - { - ObjectInputStream objIn = new ObjectInputStream(new ByteArrayInputStream(raw)); - try { - return (T) objIn.readObject(); - } catch (ClassNotFoundException e) { - fail("Missing class: "+e.getMessage()); - return null; - } finally { - objIn.close(); - } - } - @SuppressWarnings("resource") protected String _copyJson(JsonFactory f, String json, boolean useBytes) throws IOException { diff --git a/src/test/java/tools/jackson/core/util/JdkSerializationTestUtils.java b/src/test/java/tools/jackson/core/util/JdkSerializationTestUtils.java new file mode 100644 index 0000000000..21bcccda7e --- /dev/null +++ b/src/test/java/tools/jackson/core/util/JdkSerializationTestUtils.java @@ -0,0 +1,34 @@ +package com.fasterxml.jackson.core.util; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; + +import static org.junit.jupiter.api.Assertions.fail; + +public class JdkSerializationTestUtils { + public static byte[] jdkSerialize(Object o) throws IOException + { + ByteArrayOutputStream bytes = new ByteArrayOutputStream(1000); + ObjectOutputStream obOut = new ObjectOutputStream(bytes); + obOut.writeObject(o); + obOut.close(); + return bytes.toByteArray(); + } + + @SuppressWarnings("unchecked") + public static T jdkDeserialize(byte[] raw) throws IOException + { + ObjectInputStream objIn = new ObjectInputStream(new ByteArrayInputStream(raw)); + try { + return (T) objIn.readObject(); + } catch (ClassNotFoundException e) { + fail("Missing class: "+e.getMessage()); + return null; + } finally { + objIn.close(); + } + } +} diff --git a/src/test/java/tools/jackson/core/util/TestSerializedString.java b/src/test/java/tools/jackson/core/util/TestSerializedString.java index e0f5355b09..083f8b0cc0 100644 --- a/src/test/java/tools/jackson/core/util/TestSerializedString.java +++ b/src/test/java/tools/jackson/core/util/TestSerializedString.java @@ -10,6 +10,8 @@ import tools.jackson.core.io.SerializedString; import static org.junit.jupiter.api.Assertions.assertEquals; +import static tools.jackson.core.util.JdkSerializationTestUtils.jdkDeserialize; +import static tools.jackson.core.util.JdkSerializationTestUtils.jdkSerialize; /** * Simple unit tests to try to verify that the default @@ -18,11 +20,12 @@ class TestSerializedString extends tools.jackson.core.JUnit5TestBase { + private static final String QUOTED = "\\\"quo\\\\ted\\\""; + @Test void appending() throws IOException { final String INPUT = "\"quo\\ted\""; - final String QUOTED = "\\\"quo\\\\ted\\\""; SerializableString sstr = new SerializedString(INPUT); // sanity checks first: @@ -63,4 +66,23 @@ void failedAccess() throws IOException assertEquals(-1, sstr.appendUnquoted(ch, 0)); assertEquals(-1, sstr.putUnquotedUTF8(bbuf)); } + + @Test + void testAppendQuotedUTF8() throws IOException { + SerializedString sstr = new SerializedString(QUOTED); + assertEquals(QUOTED, sstr.getValue()); + final byte[] buffer = new byte[100]; + final int len = sstr.appendQuotedUTF8(buffer, 3); + assertEquals("\\\\\\\"quo\\\\\\\\ted\\\\\\\"", new String(buffer, 3, len)); + } + + @Test + void testJdkSerialize() throws IOException { + final byte[] bytes = jdkSerialize(new SerializedString(QUOTED)); + SerializedString sstr = jdkDeserialize(bytes); + assertEquals(QUOTED, sstr.getValue()); + final byte[] buffer = new byte[100]; + final int len = sstr.appendQuotedUTF8(buffer, 3); + assertEquals("\\\\\\\"quo\\\\\\\\ted\\\\\\\"", new String(buffer, 3, len)); + } }