From 06a8c629edb6104d68c8ac3c0d7a7b5e0ee45e44 Mon Sep 17 00:00:00 2001
From: Rostislav Svoboda <rsvoboda@redhat.com>
Date: Fri, 21 Jan 2022 13:53:56 +0100
Subject: [PATCH] Use SafeConstructor class for SnakeYAML

---
 .github/quarkusbuilditemdoc.java                               | 3 ++-
 .../vertx/http/deployment/devmode/console/DevConsole.java      | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/quarkusbuilditemdoc.java b/.github/quarkusbuilditemdoc.java
index 7b947446ad03e..c96c3d520ea7f 100755
--- a/.github/quarkusbuilditemdoc.java
+++ b/.github/quarkusbuilditemdoc.java
@@ -31,6 +31,7 @@
 import org.jboss.forge.roaster.model.source.FieldSource;
 import org.jboss.forge.roaster.model.source.JavaClassSource;
 import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 import picocli.CommandLine;
 import picocli.CommandLine.Command;
 
@@ -151,7 +152,7 @@ private Path findPom(Path path) {
 
     private Map<String, String> extractNames(Path root, Iterable<String> extensionDirs) throws IOException {
         Map<String, String> names = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
-        Yaml yaml = new Yaml();
+        Yaml yaml = new Yaml(new SafeConstructor());
         for (String extension : extensionDirs) {
             Path yamlPath = root.resolve("extensions/" + extension + "/runtime/src/main/resources/META-INF/quarkus-extension.yaml");
             if (Files.exists(yamlPath)) {
diff --git a/extensions/vertx-http/deployment/src/main/java/io/quarkus/vertx/http/deployment/devmode/console/DevConsole.java b/extensions/vertx-http/deployment/src/main/java/io/quarkus/vertx/http/deployment/devmode/console/DevConsole.java
index 15cb0309bd356..6de9a62bc6655 100644
--- a/extensions/vertx-http/deployment/src/main/java/io/quarkus/vertx/http/deployment/devmode/console/DevConsole.java
+++ b/extensions/vertx-http/deployment/src/main/java/io/quarkus/vertx/http/deployment/devmode/console/DevConsole.java
@@ -18,6 +18,7 @@
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.jboss.logging.Logger;
 import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 
 import io.netty.handler.codec.http.HttpHeaderNames;
 import io.quarkus.builder.Version;
@@ -72,7 +73,7 @@ private void initLazyState() {
             synchronized (extensions) {
                 if (extensions.isEmpty()) {
                     try {
-                        final Yaml yaml = new Yaml();
+                        final Yaml yaml = new Yaml(new SafeConstructor());
                         ClassPathUtils.consumeAsPaths("/META-INF/quarkus-extension.yaml", p -> {
                             try {
                                 final String desc;