Skip to content

Migrate JSON serialization to Jackson #344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Migrate JSON serialization to Jackson #344

wants to merge 1 commit into from

Conversation

@Umoxfo
Copy link

@Umoxfo Umoxfo commented Nov 15, 2025
edited
Loading

Replaces Gson with Jackson for JSON serialization in Zest core classes.

  • Introducing custom configuration for type handling, date formatting, and HTML-safe escaping
  • Adds a new custom Jackson serializer modifier for Zest-specific serialization needs
  • Updates dependencies
  • Adapts tests and constructors for Jackson

This improves extensibility, consistency, and future maintainability of serialization logic.

Fix #253

@psiinon
Copy link
Member

psiinon commented Nov 15, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details97ffff1d-1f6b-4d33-9447-412712c5f906

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH CVE-2022-25647 Maven-com.google.code.gson:gson-2.8.5

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

@thc202 thc202 changed the title Migrate JSON/YAML serialization to Jackson Migrate JSON serialization to Jackson Nov 15, 2025
@thc202
Copy link
Member

thc202 commented Nov 15, 2025

YAML was already using Jackson, please, update commit/PR messages accordingly.

thc202
thc202 reviewed Nov 15, 2025
View reviewed changes
build.gradle
implementation("com.fasterxml.jackson.core:jackson-annotations")
implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml")

implementation("io.github.classgraph:classgraph:4.8.184")
Copy link
Member

@thc202 thc202 Nov 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do not introduce unnecessary runtime dependencies.

Copy link
Author

@Umoxfo Umoxfo Nov 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These dependencies are required for the following purposes:

  • com.fasterxml.jackson.core:jackson-annotations:
    Used in src/main/java/org/zaproxy/zest/core/v1/ZestCookie.java, src/main/java/org/zaproxy/zest/core/v1/ZestLoopTokenFileSet.java, src/main/java/org/zaproxy/zest/core/v1/ZestResponse.java, and src/main/java/org/zaproxy/zest/impl/jackson/JacksonConfig.java
  • io.github.classgraph:classgraph:
    Look up subtypes of the ZestElement class and register them as subtypes for Jackson polymorphic type handling.
    Used in src/main/java/org/zaproxy/zest/impl/jackson/JacksonConfig.java.

Copy link
Member

@thc202 thc202 Nov 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note where the review comment is added. I'm talking about a single dependency, and no, it's not necessary to scan the classpath at runtime.

@thc202
Copy link
Member

thc202 commented Nov 15, 2025

Next time ask before working on assigned issues, avoids duplicating others time.

@Umoxfo Umoxfo force-pushed the jackson branch 3 times, most recently from b8bcc5f to 2254098 Compare November 16, 2025 00:07
@thc202
Copy link
Member

thc202 commented Nov 16, 2025

Please, update the changelog as well.

@Umoxfo
Migrate JSON serialization to Jackson
b0171a2 
Replaces Gson with Jackson for JSON serialization in Zest core classes.
* Introducing custom configuration for type handling, date formatting, and HTML-safe escaping
* Adds a new custom Jackson serializer modifier for Zest-specific serialization needs
* Updates dependencies
* Adapts tests and constructors for Jackson

This improves extensibility, consistency,
and future maintainability of serialization logic.

Signed-off-by: Umoxfo <[email protected]>
@Umoxfo
Copy link
Author

Umoxfo commented Nov 23, 2025

Please, update the changelog as well.

Done. b0171a2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thc202 thc202 thc202 left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Replace gson with Jackson

3 participants

@Umoxfo @psiinon @thc202