Add ObjectMapper unescaping ASCII control characters when using DTOs #1429
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pgarrett
changed the title
arcuri82
requested changes
Jan 26, 2026
| import java.nio.file.Path | ||
|
|
||
| class JavaDtoOutput: JvmDtoOutput() { | ||
| class JavaDtoOutput(val outputFormat: OutputFormat): JvmDtoOutput() { |
Collaborator
There was a problem hiding this comment.
is any special reason to keep outputFormat here as a field? also, in that case, shouldnt we have a init{} block to validate it? (ie throw IllegalArgument if not for Java)
Collaborator
Author
There was a problem hiding this comment.
No special reason, but DtoOutput is instantiated depending on the actual OutputFormat:
| lines.add("public ObjectMapper create(Type cls, String charset) {") | ||
| lines.indented { | ||
| lines.add("ObjectMapper mapper = new ObjectMapper();") | ||
| lines.add("mapper.registerModule(new Jdk8Module());") |
Collaborator
There was a problem hiding this comment.
this needs some comment explanations
| import java.nio.file.Path | ||
|
|
||
| class KotlinDtoOutput: JvmDtoOutput() { | ||
| class KotlinDtoOutput(val outputFormat: OutputFormat): JvmDtoOutput() { |
| lines.indented { | ||
| lines.add(".jsonConfig(JsonConfig.jsonConfig().numberReturnType(JsonPathConfig.NumberReturnType.DOUBLE))") | ||
| lines.add(".redirect(redirectConfig().followRedirects(false))") | ||
| if (config.dtoSupportedForPayload() && containsDtos) { |
Collaborator
There was a problem hiding this comment.
need some comments here to explain why this is done
| lines.add(".redirect(redirectConfig().followRedirects(false))") | ||
| if (config.dtoSupportedForPayload() && containsDtos) { | ||
| lines.indented { | ||
| lines.add(".objectMapperConfig(") |
Collaborator
There was a problem hiding this comment.
is this now always applied? so we go through this custom mapper even if there are no issues with the payloads?
Collaborator
Author
There was a problem hiding this comment.
Yes, but it's only being applied for escaping:
and for that operation in particular we're just not escaping the ASCII control characters. Also, I wouldn't know how to apply or not the mapper depending on issues or not with the payload, how could we detect that there could be an issue?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ASCII control characters were being escaped by Jackson when using DTOs. Control characters in a JSON payload generate an invalid payload, which was being tested by EvoMaster. As such, we created a custom object mapper that will not escape the ASCII control characters, allowing for incorrect payloads to be tested.