Skip to content

SLING-11458 - fixed a regresssion for the original Ticket SLING-9626 #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
schaefa wants to merge 4 commits into
base: master
Choose a base branch
from
Open

SLING-11458 - fixed a regresssion for the original Ticket SLING-9626 #29

schaefa wants to merge 4 commits into from

Conversation

@schaefa
Copy link
Contributor

@schaefa schaefa commented Jul 15, 2022

The Json Writer that wraps the response writer must not be flushed or closed as this can lead to issues down the chain

SLING-11458 - fixed a regresssion for the original Ticket SLING-9626
939ee99 
The Json Writer that wraps the response writer must not be flushed or closed as this can lead to issues down the chain
@kwin
Copy link
Member

kwin commented Jul 16, 2022

I would suggest using https://commons.apache.org/proper/commons-io/apidocs/org/apache/commons/io/output/CloseShieldWriter.html#wrap-java.io.Writer- instead. Then you can continue using try with resources because not calling close on JSONWriter is dangerous as it might perform other operations than just closing the underlying writer.

@schaefa
Copy link
Contributor Author

schaefa commented Jul 18, 2022

@kwin First this does not work as it replaces the writer when closed is called but I also think that we should make it explicit there as this is important. Also SonarCloud is wrong here - I think.

@kwin
Copy link
Member

kwin commented Jul 18, 2022

First this does not work as it replaces the writer when closed is called

I am not following here. You can just use try (JsonWriter writer = Json.createWriter(CloseShieldWriter.wrap(response.getWriter()))) in

sling-org-apache-sling-graphql-core/src/main/java/org/apache/sling/graphql/core/servlet/GraphQLServlet.java

Line 318 in 9989848

try (JsonWriter writer = Json.createWriter(response.getWriter())) {
.

but I also think that we should make it explicit there as this is important.

I think using CloseShieldWriter is way more explicit than just not closing.

Also SonarCloud is wrong here - I think.

In this particular case maybe yes, but as stated above, it may be possible that in the future another implementation of JSONWriter may do necessary cleanup in its close() apart from just delegating to its underlying writer.

@schaefa
Copy link
Contributor Author

schaefa commented Jul 18, 2022

@kwin The Close Shield Writer is not just preventing the close but it is replacing the writer:

public void close() {
    this.out = ClosedWriter.CLOSED_WRITER;
}

This will lead to failures in the IT tests of this module but I am pretty sure this will lead to issues when using it.

@kwin
Copy link
Member

kwin commented Jul 18, 2022

close() is the last method called on an instance of try with resources so I fail to see how this would have a negative impact. The CloseShieldWriter uses that to detect in case close is called twice, but it won’t have an effect on either the wrapped reader nor on any wrappers of CloseShieldWriter.

@schaefa
Copy link
Contributor Author

schaefa commented Jul 18, 2022

@kwin You give it a try (on both execute() methods):
try (JsonWriter writer = Json.createWriter(CloseShieldWriter.wrap(response.getWriter()))) {

This will yield 4 IT test failure:

[ERROR] Errors:
[ERROR] GraphQLServletIT.testGqlExt:112->GraphQLCoreTestSupport.getContent:198->GraphQLCoreTestSupport.executeRequest:188 » IO
[ERROR] GraphQLServletIT.testMultipleSchemaProviders:245->GraphQLCoreTestSupport.getContent:198->GraphQLCoreTestSupport.executeRequest:188 » IO
[ERROR] GraphQLServletIT.testOtherExtAndOtherSelector:222->GraphQLCoreTestSupport.getContent:198->GraphQLCoreTestSupport.executeRequest:188 » IO
[ERROR] GraphQLServletIT.testOtherExtAndTestingSelector:216->GraphQLCoreTestSupport.getContent:198->GraphQLCoreTestSupport.executeRequest:188 » IO

No failure with my solution

@schaefa
Copy link
Contributor Author

schaefa commented Jul 21, 2022

Updated the code to use a Wrapper to prevent the closure to satisfy the SonarCloud code check

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 21, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

100.0% 100.0% Coverage
0.0% 0.0% Duplication

@raducotescu
Copy link
Member

raducotescu commented Jul 25, 2022
edited
Loading

This issue should be fixed in Sling in a more generic way and not only in this module - see https://lists.apache.org/thread/lytsl0b23d56xkmvsvnoxm4d7skxcq5h for more details.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 5, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

100.0% 100.0% Coverage
0.0% 0.0% Duplication

2 similar comments
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 20, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

100.0% 100.0% Coverage
0.0% 0.0% Duplication

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 12, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

100.0% 100.0% Coverage
0.0% 0.0% Duplication

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 8, 2024

Quality Gate Passed Quality Gate passed

The SonarCloud Quality Gate passed, but some issues were introduced.

1 New issue
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 8, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 28, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented May 19, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

2 similar comments
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 25, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 20, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raducotescu raducotescu Awaiting requested review from raducotescu

@bdelacretaz bdelacretaz Awaiting requested review from bdelacretaz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@schaefa @kwin @raducotescu