refactor(framework): replace fastjson with jackson#120
refactor(framework): replace fastjson with jackson#120halibobo1205 wants to merge 10 commits intodevelopfrom
Conversation
|
CodeAnt AI is reviewing your PR. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
codeant-ai
bot
added
the
size:XXL
![codeant-ai[bot]](https://avatars.githubusercontent.com/in/646884?s=60&v=4){kind=small}
framework/src/test/java/org/tron/core/services/http/ExchangeTransactionServletTest.java
Outdated
Show resolved
Hide resolved
framework/src/test/java/org/tron/core/services/http/ExchangeCreateServletTest.java
Outdated
Show resolved
Hide resolved
framework/src/test/java/org/tron/core/services/http/SetAccountIdServletTest.java
Outdated
Show resolved
Hide resolved
framework/src/test/java/org/tron/core/services/http/ExchangeWithdrawServletTest.java
Outdated
Show resolved
Hide resolved
framework/src/test/java/org/tron/json/JsonCompatibilityFuzzTest.java
Outdated
Show resolved
Hide resolved
|
CodeAnt AI finished reviewing your PR. |
…erministic fuzz - Use exact token_id/sell_token_id/buy_token_id byte assertions instead of non-empty checks in Exchange and Market servlet tests - Add account_id byte assertion in SetAccountIdServletTest - Switch fuzz test from non-deterministic SecureRandom to seeded Random for reproducible CI failures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@CodeAnt-AI: review |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
bot
added
size:XXL
Sequence DiagramThis PR replaces Fastjson with Jackson-backed JSON, JSONObject, and JSONArray wrappers and wires all HTTP servlets to use them, so request bodies are parsed and responses serialized via a shared, safely-configured ObjectMapper while preserving existing API contracts. sequenceDiagram
participant Client
participant HttpServlet
participant JSONWrapper
participant Wallet
participant Util
Client->>HttpServlet: POST transaction request (JSON body)
HttpServlet->>JSONWrapper: parseObject(requestBody) to JSONObject
HttpServlet->>Wallet: createTransactionCapsule(built from JSONObject fields)
Wallet-->>HttpServlet: Transaction object
HttpServlet->>Util: Serialize Transaction to JSON via JSON/JSONObject/JSONArray
Util-->>Client: 200 OK with transaction JSON response
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
@codex: review |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
fix(docs): contributing.md
opt(common): GenesisBlock timestamp valid message error
Remove the Fastjson dependency entirely and replace it with Jackson-backed drop-in wrappers (JSON, JSONObject, JSONArray, JSONException) that preserve the same public API surface. Motivation: - Fastjson has a history of critical CVEs and is no longer actively maintained for 1.x - Jackson-databind 2.18.6 addresses CVE GHSA-72hv-8253-57qq Core changes (common module): - Add org.tron.json.{JSON, JSONObject, JSONArray, JSONException} wrappers backed by a shared Jackson ObjectMapper configured to match Fastjson 1.x parsing/serialization defaults: - Unquoted field names and single-quoted strings (lenient parsing) - BigDecimal for floats, case-insensitive property matching - Null fields omitted (matches Fastjson default) - Type-safe accessors: getBoolean/getLong/getDouble/getIntValue/ getLongValue/getBigDecimal throw JSONException on invalid text instead of silently returning 0/false - parseObject(String) guards against ClassCastException on non-object JSON roots; parseArray handles whitespace-only input - parseObject(String, Class) delegates to parseObject/parseArray for wrapper types to avoid silent field loss via ObjectMapper - Upgrade jackson-databind 2.18.3 → 2.18.6 HTTP servlet changes (framework module): - Swap import from com.alibaba.fastjson → org.tron.json across all HTTP API servlets, JSON-RPC layer, and event/log parsers - No changes to request/response JSON structure — existing API contracts are preserved Test changes: - Add BaseHttpTest base class managing Args lifecycle, Wallet mock, MINIMAL_TX constant, and request/response factory methods (postRequest, getRequest, newResponse) - 44 servlet test classes refactored to extend BaseHttpTest, eliminating ~1400 lines of duplicated boilerplate - Strengthen weak assertNotNull checks to content-based assertions: assertTrue(contains("raw_data")) for transaction servlets, assertTrue(contains("blockID")) for block queries, etc. - Add Mockito verify for wallet service calls in query servlets to catch request-to-service mapping regressions - Fix test environment: initialize Args from config-test.conf (maxMessageSize) and use MINIMAL_TX with raw_data to prevent NPE in Util.printCreateTransaction - Add JsonCompatibilityFuzzTest: 500-round fuzz covering round-trip serialization, BigDecimal/BigInteger precision, deep nesting, unicode, and boundary values - Use SecureRandom for fuzz test randomization Build: - Remove fastjson from common/build.gradle dependencies - Update gradle/verification-metadata.xml for jackson 2.18.6 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: codeant-ai[bot] <151821869+codeant-ai[bot]@users.noreply.github.com> Co-Authored-By: codex <codex@openai.com>
halibobo1205
force-pushed
the
feat/jackjson2
branch
from
ef68a5d to
4ef0864
Compare
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
bot
added
size:XXL
|
CodeAnt AI Incremental review completed. |
|
@codex: review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4ef086465c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| .disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) | ||
| // Fastjson smart-match: field names are matched ignoring case/underscores by default | ||
| // (DisableFieldSmartMatch is OFF by default → smart match ON) | ||
| .configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES, true) |
There was a problem hiding this comment.
JSON.parseObject(text, clazz) is documented as Fastjson-compatible smart matching, but the mapper only enables case-insensitive properties here; it does not map snake_case JSON keys to camelCase fields. Because FAIL_ON_UNKNOWN_PROPERTIES is disabled, payloads like {"fee_limit":...} are silently dropped instead of populating feeLimit, which can produce incorrect default values without any error in downstream request/object binding.
Useful? React with 👍 / 👎.
| * Drop-in replacement for {@code com.alibaba.fastjson.JSONObject}. | ||
| * Swap the import line; no other source changes required for basic usages. | ||
| */ | ||
| public class JSONObject { |
There was a problem hiding this comment.
This wrapper is declared as a drop-in replacement for Fastjson JSONObject, but it no longer implements Map<String, Object>. Any caller that follows the advertised “swap import line” migration and passes JSONObject to APIs expecting Map, or relies on Map methods/typing, will fail to compile (or require invasive rewrites), so the replacement is not source-compatible for common usages.
Useful? React with 👍 / 👎.
| * Drop-in replacement for {@code com.alibaba.fastjson.JSONArray}. | ||
| * Swap the import line; no other source changes required for basic usages. | ||
| */ | ||
| public class JSONArray implements Iterable<Object> { |
There was a problem hiding this comment.
Fastjson JSONArray is widely used as a List<Object>, but this replacement only implements Iterable<Object>. Existing call sites that use List-typed parameters/utilities (e.g., collections helpers, interface-based method signatures) are no longer compatible after an import swap, which breaks the stated drop-in migration path and forces non-trivial refactors.
Useful? React with 👍 / 👎.
…appers
Remove methods that were implemented for Fastjson API compatibility but
have zero call sites in the java-tron codebase:
JSONObject: getDouble(), toMap(), parseArray() (proxy)
JSONArray: isEmpty(), getJSONArray(int), getBoolean(int), toJavaList(),
add(JSONArray), add(String), add(Object)
Also fix EventParserJsonTest to call JSONArray.parseArray() directly
and clean up 22 corresponding test methods in JsonCompatibilityFuzzTest.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
bot
added
size:XXL
|
CodeAnt AI Incremental review completed. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5227cca3d5
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (value == null) { | ||
| node.remove(key); | ||
| } else { |
There was a problem hiding this comment.
The new wrapper removes a field when put(..., null) is called, but Fastjson JSONObject.put keeps the key with a JSON null value. This causes silent data loss: containsKey flips from true to false and serialized payloads drop explicitly-null fields (e.g. {"address":null} becomes {}), which can change behavior for callers that intentionally send null to represent an explicit unset value. Use putNull-style assignment instead of removing the key in null branches.
Useful? React with 👍 / 👎.
5 participants
User description
Remove the Fastjson dependency entirely and replace it with Jackson-backed drop-in wrappers (JSON, JSONObject, JSONArray, JSONException) that preserve the same public API surface.
Motivation:
Core changes (common module):
HTTP servlet changes (framework module):
com.alibaba.fastjson→ org.tron.json` across all HTTP API servlets, JSON-RPC layer, and event/log parsersTest changes:
Build:
CodeAnt-AI Description
Replace Fastjson with Jackson-backed JSON handling and tighten test/CI coverage
What Changed
Impact
✅ Safer API JSON parsing✅ Clearer validation errors for invalid inputs✅ Fewer missed regressions in HTTP endpoints💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.