Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation #1039

Closed
cowtowncoder opened this issue May 31, 2023 · 0 comments
Closed

Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation #1039

cowtowncoder opened this issue May 31, 2023 · 0 comments
Labels
2.16 Issue planned (at earliest) for 2.16
Milestone
2.16.0

Comments

@cowtowncoder
Copy link
Member

(note: follow-up to #991 changes)

Currently (up to Jackson 2.15) there is no distinction between two input indicators (ContentReference) that can be included in JsonLocation instead of proper ContentReference:

  1. Missing source (either not available or not passed) and
  2. Blocked source (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled)

and both are described as "UNKNOWN". But it would be useful to distinguish these so that second case would indicate something like:

REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled)

leaving plain UNKNOWN for case where content reference is truly missing.

The main reason for this is that since (... if) we change default inclusion to more secure it is otherwise hard for users/developers to realize what is needed to enable source inclusion in case they do want to expose it.
@cowtowncoder cowtowncoder added the 2.16 Issue planned (at earliest) for 2.16 label May 31, 2023
cowtowncoder added a commit that referenced this issue May 31, 2023
@cowtowncoder
First part of #1039 (content redacted marker)
7d9930f
cowtowncoder added a commit that referenced this issue May 31, 2023
@cowtowncoder
Complete #1039: REDACTED for non-included content reference
2fdd89a
@cowtowncoder cowtowncoder changed the title Indicate explicitly blocked sources as "REDACTED" (or similar) instead of "UNKNOWN" in JsonLocation Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation Jun 3, 2023
@cowtowncoder cowtowncoder added this to the 2.16.0 milestone Jun 3, 2023
@jamesagnew jamesagnew mentioned this issue Dec 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.16 Issue planned (at earliest) for 2.16
Projects
None yet
Milestone
2.16.0
Development

No branches or pull requests
1 participant
@cowtowncoder