Merge pull request #312 from AbhishekKumar9984/json-version-04

AbhishekKumar9984 · web-flow · commit ffd0f1c883da · 2025-08-12T15:13:22.000Z
Fix: Vulnerability for json_version
diff --git a/pom.xml b/pom.xml
@@ -73,7 +73,7 @@
     <commons.csv.version>1.6</commons.csv.version>
     <jackson.version>1.9.13</jackson.version>
     <jackson2.version>2.17.1</jackson2.version>
-    <json.version>20180813</json.version>
+    <json.version>20231013</json.version>
     <awaitility.version>3.1.6</awaitility.version>
     <commons-logging.version>1.2</commons-logging.version>
     <testSourceLocation>${project.basedir}/src/test/java/</testSourceLocation>
diff --git a/src/main/java/io/cdap/plugin/salesforce/plugin/source/streaming/SalesforceStreamingSourceUtil.java b/src/main/java/io/cdap/plugin/salesforce/plugin/source/streaming/SalesforceStreamingSourceUtil.java
@@ -33,6 +33,7 @@
 import org.slf4j.LoggerFactory;
 import scala.reflect.ClassTag$;
 
+import java.math.BigDecimal;
 import java.time.Instant;
 import java.time.LocalTime;
 import java.time.format.DateTimeFormatter;
@@ -148,6 +149,13 @@ private static Object convertValue(Object value, Schema.Field field) {
       }
     }
 
+    // NOTE: org.json >= 20230227 returns BigDecimal for all non-integer JSON numbers.
+    if (value instanceof BigDecimal && fieldSchemaType.equals(Schema.Type.DOUBLE)) {
+      // Avro Schema.Type.DOUBLE expects a Double instance (or primitive double) at serialization time,
+      // so converting BigDecimal → double for compatibility.
+      return ((BigDecimal) value).doubleValue();
+    }
+
     return value;
   }
 

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@`
`33`	`33`	`import org.slf4j.LoggerFactory;`
`34`	`34`	`import scala.reflect.ClassTag$;`
`35`	`35`
	`36`	`+import java.math.BigDecimal;`
`36`	`37`	`import java.time.Instant;`
`37`	`38`	`import java.time.LocalTime;`
`38`	`39`	`import java.time.format.DateTimeFormatter;`
`@@ -148,6 +149,13 @@ private static Object convertValue(Object value, Schema.Field field) {`
`148`	`149`	`}`
`149`	`150`	`}`
`150`	`151`
	`152`	`+ // NOTE: org.json >= 20230227 returns BigDecimal for all non-integer JSON numbers.`
	`153`	`+ if (value instanceof BigDecimal && fieldSchemaType.equals(Schema.Type.DOUBLE)) {`
	`154`	`+ // Avro Schema.Type.DOUBLE expects a Double instance (or primitive double) at serialization time,`
	`155`	`+ // so converting BigDecimal → double for compatibility.`
	`156`	`+ return ((BigDecimal) value).doubleValue();`
	`157`	`+ }`
	`158`	`+`
`151`	`159`	`return value;`
`152`	`160`	`}`
`153`	`161`