Skip to content

Handle DisallowedClass error when X-Ray config file has YAML date

Leaminn Ma requested to merge handle-config-file-yaml-date-parsing-error into master

What does this MR do and why?

Context

We are rolling out the feature flag ai_enable_internal_repository_xray_service in #483928. It's at 75% roll out as of 2024-10-15 10:52 AM PT. The feature is a new in-monolith service that scans a project's repository for dependency config files and then parses a list of libraries from the file content. This service is executed by a Sidekiq job that is triggered upon a new commit to a Duo-enabled project's default branch.

This MR

While monitoring the Sidekiq failed job logs, we noticed the following error:

  • json.exception.class: Psych::DisallowedClass
  • json.exception.message: Tried to load unspecified class: Date

This error occurs when the config file is a YAML doc and it contains a Date value, which is not a permitted class (it's unsafe). In this MR, we handle the error so that it doesn't bubble up as a Sidekiq job error.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Error reproduced locally with new spec test Spec test passes after change
Screenshot_2024-10-15_at_10.57.31_AM Screenshot_2024-10-15_at_10.58.17_AM

Related to #483928

Edited by Leaminn Ma

Merge request reports