NotEvil/TiedUp-
2
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(D-01): warn on non-object component config, deep-copy configs (RISK-001, RISK-002)

Browse Source 
- Deep-copy JsonObject configs via deepCopy() before storing in the
  definition to prevent external mutation of the parsed JSON tree
- Log a warning when a component config value is not a JsonObject,
  making misconfigured JSON easier to diagnose
This commit is contained in:
NotEvil
2026-04-14 02:27:59 +02:00
parent 456335e0dd
commit bb589d44f8
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/main/java/com/tiedup/remake/v2/bondage/datadriven/DataDrivenItemParser.java
View File

@@ -279,9 +279,17 @@ public final class DataDrivenItemParser {
entry.getKey() entry.getKey()
); );
if (compType != null) { if (compType != null) {
JsonObject config = entry.getValue().isJsonObject() JsonObject config;
? entry.getValue().getAsJsonObject() if (entry.getValue().isJsonObject()) {
: new JsonObject(); config = entry.getValue().getAsJsonObject().deepCopy();
} else {
LOGGER.warn(
"[DataDrivenItemParser] Component '{}' in item '{}' has non-object config, using defaults",
entry.getKey(),
fileId
);
config = new JsonObject();
}
componentConfigs.put(compType, config); componentConfigs.put(compType, config);
} else { } else {
LOGGER.warn( LOGGER.warn(