diff --git a/mailbox-core/build.gradle b/mailbox-core/build.gradle
index a7db1b0abe8a16ec6e1b2fbdad818edb304c3506..1cb3903a10d8d445b939ea3141109b1b2fb12702 100644
--- a/mailbox-core/build.gradle
+++ b/mailbox-core/build.gradle
@@ -42,6 +42,7 @@ dependencies {
testImplementation "ch.qos.logback:logback-classic:1.2.5"
testImplementation "io.ktor:ktor-client-cio:$ktor_version"
testImplementation "io.ktor:ktor-client-jackson:$ktor_version"
+ testImplementation "io.ktor:ktor-client-logging:$ktor_version"
testImplementation "com.google.dagger:hilt-core:$hilt_version"
kaptTest "com.google.dagger:dagger-compiler:$hilt_version"
}
diff --git a/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/WebServerManager.kt b/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/WebServerManager.kt
index 34edb4591bf784a3d54482536bd1fbe2ff88db4b..5b5ce78539a57b495dd68329eb35753c43bf1afd 100644
--- a/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/WebServerManager.kt
+++ b/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/WebServerManager.kt
@@ -1,5 +1,6 @@
package org.briarproject.mailbox.core.server
+import com.fasterxml.jackson.databind.MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES
import io.ktor.application.install
import io.ktor.auth.Authentication
import io.ktor.features.CallLogging
@@ -52,7 +53,9 @@ internal class WebServerManagerImpl @Inject constructor(
}
}
install(ContentNegotiation) {
- jackson()
+ jackson {
+ enable(BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES)
+ }
}
configureBasicApi(metadataRouteManager, setupRouteManager, wipeManager)
configureContactApi(contactsManager)
diff --git a/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/IntegrationTest.kt b/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/IntegrationTest.kt
index 6cc47fc86c90a88124f59d10c1183298e42b0a8b..d07a815ceec4fb13cff9791f73413cebec95d63d 100644
--- a/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/IntegrationTest.kt
+++ b/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/IntegrationTest.kt
@@ -4,6 +4,8 @@ import io.ktor.client.HttpClient
import io.ktor.client.engine.cio.CIO
import io.ktor.client.features.json.JacksonSerializer
import io.ktor.client.features.json.JsonFeature
+import io.ktor.client.features.logging.LogLevel
+import io.ktor.client.features.logging.Logging
import io.ktor.client.request.HttpRequestBuilder
import io.ktor.client.request.headers
import io.ktor.http.HttpHeaders
@@ -35,6 +37,9 @@ abstract class IntegrationTest(private val installJsonFeature: Boolean = true) {
serializer = JacksonSerializer()
}
}
+ install(Logging) {
+ level = LogLevel.ALL
+ }
}
protected val baseUrl = "http://127.0.0.1:$PORT"
diff --git a/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/WebServerIntegrationTest.kt b/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/WebServerIntegrationTest.kt
index 0d363e3a69042d8aa4879c8e719ade079da9b909..f84eee6329f8e8cd1c38ca41c4856868356c4e40 100644
--- a/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/WebServerIntegrationTest.kt
+++ b/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/WebServerIntegrationTest.kt
@@ -1,9 +1,27 @@
package org.briarproject.mailbox.core.server
+import com.fasterxml.jackson.annotation.JsonTypeInfo
+import com.fasterxml.jackson.databind.MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES
+import io.ktor.application.call
+import io.ktor.application.install
import io.ktor.client.request.get
+import io.ktor.client.request.post
import io.ktor.client.statement.HttpResponse
import io.ktor.client.statement.readText
+import io.ktor.features.CallLogging
+import io.ktor.features.ContentNegotiation
+import io.ktor.http.ContentType
+import io.ktor.http.HttpStatusCode
+import io.ktor.http.contentType
+import io.ktor.jackson.jackson
+import io.ktor.request.receive
+import io.ktor.response.respond
+import io.ktor.routing.post
+import io.ktor.routing.routing
+import io.ktor.server.engine.embeddedServer
+import io.ktor.server.netty.Netty
import kotlinx.coroutines.runBlocking
+import org.briarproject.mailbox.core.server.WebServerManager.Companion.PORT
import org.junit.jupiter.api.Test
import kotlin.test.assertEquals
@@ -22,4 +40,38 @@ class WebServerIntegrationTest : IntegrationTest() {
assertEquals(404, response.status.value)
}
+ @Test
+ fun testJacksonUnsafeDeserialization(): Unit = runBlocking {
+ val port = PORT + 1
+ val server = embeddedServer(Netty, port, watchPaths = emptyList()) {
+ install(CallLogging)
+ install(ContentNegotiation) {
+ jackson {
+ enable(BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES)
+ }
+ }
+ routing {
+ post("/") {
+ println(call.receive<Wrapper>())
+ call.respond(HttpStatusCode.OK, "OK")
+ }
+ }
+ }
+ try {
+ server.start()
+ val response = httpClient.post<HttpResponse>("http://127.0.0.1:$port/") {
+ contentType(ContentType.Application.Json)
+ body = Wrapper().apply { value = "foo" }
+ }
+ assertEquals(500, response.status.value)
+ } finally {
+ server.stop(0, 0)
+ }
+ }
+
+ internal class Wrapper {
+ @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+ var value: Any? = null
+ }
+
}