[JIRA] (JENKINS-61428) Control chars in Git commit messages cause invalid JSON from REST API

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-61428 Control chars in Git commit messages cause invalid JSON from REST API Change By: Mark Waite Summary: Control chars in Git commit messages cause invalid JSON from REST API Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

[drug.knight@gmail.com (JIRA)]

Evgeny Boloboshkin commented on JENKINS-61428

Re: Control chars in Git commit messages cause invalid JSON from REST API Mark Waite assign the ticket please.

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev edited a comment on JENKINS-61428

Re: Control chars in Git commit messages cause invalid JSON from REST API

I confirm this is an issue in the Jenkins core, likely even in the Stapler framework: *  There is no special filtering in the constructor or getter of [https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/scm/ChangeLogSet.java] . Since the class does not control export formats on its own, I believe this is a right behavior (though a risky one) * JSON serialization is a maze, but I believe that the data escaping is done here: [https://github.com/stapler/stapler/blob/master/core/src/main/java/org/kohsuke/stapler/export/JSONDataWriter.java#L103-L138] * The escaping code does not seem to be sufficient for the reported issue [~covid19] Jenkins is a contributor-driven project, everybody is welcome to submit pull requests or to facilitate issue resolution in any other ways (visibility, reviews, etc.). There is no default assignee in the Jenkins core by default, and there is no ETA for the fix. If you are interested to submit a fix, please see the guidelines here: [https://github.com/jenkinsci/jenkins/blob/master/CONTRIBUTING.md]

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev commented on JENKINS-61428

Re: Control chars in Git commit messages cause invalid JSON from REST API

I confirm this is an issue in the Jenkins core, likely even in the Stapler framework:

There is no special filtering in the constructor or getter of https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/scm/ChangeLogSet.java . Since the class does not control export formats on its own, I believe this is a right behavior (though a risky one)

JSON serialization is a maze, but I believe that the data escaping is done here: https://github.com/stapler/stapler/blob/master/core/src/main/java/org/kohsuke/stapler/export/JSONDataWriter.java#L103-L138

The escaping code does not seem to be sufficient for the reported issue

Evgeny Boloboshkin Jenkins is a contributor-driven project, everybody is welcome to submit pull requests or to facilitate issue resolution in any other ways (visibility, reviews, etc.). There is no default assignee in the Jenkins core by default, and there is no ETA for the fix. If you are interested to submit a fix, please see the guidelines here: https://github.com/jenkinsci/jenkins/blob/master/CONTRIBUTING.md

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev updated an issue

Jenkins / JENKINS-61428

Control chars in Git commit messages cause invalid JSON from REST API

Change By: Oleg Nenashev Labels: json serialization stapler

Add Comment