Knife JSON::ParserError


#1

Hi Chefs,

I have an interesting problem that cropped up late last week and I haven’t
been able to figure out whats going on.
There is one particular org that is throwing ‘ERROR: JSON::ParserError:
Unsupported json_class type ‘Symbol’’ on any node search or node edit via
knife. Role searches and edits are working fine. Other orgs seem to be
working fine though. I tried a node search from shef on one of the nodes in
the org that returns the knife error and it worked fine.
I’ve tried various combinations of Chef versions up though 11.6 and the
latest JSON gem to no avail. Several other people on my team are running
into this as well for the same org.

Anyone run into this before or have any suggestions?


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.


#2

On Tuesday, October 8, 2013 at 7:43 AM, Chris wrote:

Hi Chefs,

I have an interesting problem that cropped up late last week and I haven’t been able to figure out whats going on.
There is one particular org that is throwing ‘ERROR: JSON::ParserError: Unsupported json_class type ‘Symbol’’ on any node search or node edit via knife. Role searches and edits are working fine. Other orgs seem to be working fine though. I tried a node search from shef on one of the nodes in the org that returns the knife error and it worked fine.
I’ve tried various combinations of Chef versions up though 11.6 and the latest JSON gem to no avail. Several other people on my team are running into this as well for the same org.

Anyone run into this before or have any suggestions?
Your node data has somehow converted a ruby symbol object into something like:

{“json_class”: “Symbol”, “s” => “foo”}

I don’t remember exactly what causes this, it might have to do with using active support or something. In any case, this behavior of the JSON gem is implicated in a security vulnerability from earlier in this year: https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/

Because Chef currently relies on the old behavior of the json gem turning JSON data directly into non-core objects (like Chef::Node, role, etc.), Chef uses a whitelist to restrict what classes it supports with this behavior, and symbol is not allowed.


Daniel DeLeo


#3

I had a feeling it was going to be related to that. Thanks for confirming.
Now, to figure out how its happening.

On Tue, Oct 8, 2013 at 8:07 AM, Daniel DeLeo dan@kallistec.com wrote:

On Tuesday, October 8, 2013 at 7:43 AM, Chris wrote:

Hi Chefs,

I have an interesting problem that cropped up late last week and I haven’t
been able to figure out whats going on.
There is one particular org that is throwing ‘ERROR: JSON::ParserError:
Unsupported json_class type ‘Symbol’’ on any node search or node edit via
knife. Role searches and edits are working fine. Other orgs seem to be
working fine though. I tried a node search from shef on one of the nodes in
the org that returns the knife error and it worked fine.
I’ve tried various combinations of Chef versions up though 11.6 and the
latest JSON gem to no avail. Several other people on my team are running
into this as well for the same org.

Anyone run into this before or have any suggestions?

Your node data has somehow converted a ruby symbol object into something
like:

{“json_class”: “Symbol”, “s” => “foo”}

I don’t remember exactly what causes this, it might have to do with using
active support or something. In any case, this behavior of the JSON gem is
implicated in a security vulnerability from earlier in this year:
https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/

Because Chef currently relies on the old behavior of the json gem turning
JSON data directly into non-core objects (like Chef::Node, role, etc.),
Chef uses a whitelist to restrict what classes it supports with this
behavior, and symbol is not allowed.


Daniel DeLeo


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.


#4

any attribute that is defined like
’default.rsyslog.central.ebs.stripe_action = :create’ is getting converted
to

{“json_class”:“Symbol”,“s”:“create”}

On Tue, Oct 8, 2013 at 9:01 AM, Chris grocerylist@gmail.com wrote:

I had a feeling it was going to be related to that. Thanks for confirming.
Now, to figure out how its happening.

On Tue, Oct 8, 2013 at 8:07 AM, Daniel DeLeo dan@kallistec.com wrote:

On Tuesday, October 8, 2013 at 7:43 AM, Chris wrote:

Hi Chefs,

I have an interesting problem that cropped up late last week and I
haven’t been able to figure out whats going on.
There is one particular org that is throwing ‘ERROR: JSON::ParserError:
Unsupported json_class type ‘Symbol’’ on any node search or node edit via
knife. Role searches and edits are working fine. Other orgs seem to be
working fine though. I tried a node search from shef on one of the nodes in
the org that returns the knife error and it worked fine.
I’ve tried various combinations of Chef versions up though 11.6 and the
latest JSON gem to no avail. Several other people on my team are running
into this as well for the same org.

Anyone run into this before or have any suggestions?

Your node data has somehow converted a ruby symbol object into something
like:

{“json_class”: “Symbol”, “s” => “foo”}

I don’t remember exactly what causes this, it might have to do with using
active support or something. In any case, this behavior of the JSON gem is
implicated in a security vulnerability from earlier in this year:
https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/

Because Chef currently relies on the old behavior of the json gem turning
JSON data directly into non-core objects (like Chef::Node, role, etc.),
Chef uses a whitelist to restrict what classes it supports with this
behavior, and symbol is not allowed.


Daniel DeLeo


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.


#5

On Tuesday, October 8, 2013 at 1:19 PM, Chris wrote:

any attribute that is defined like ‘default.rsyslog.central.ebs.stripe_action = :create’ is getting converted to
{“json_class”:“Symbol”,“s”:“create”}

Something is writing a custom #to_json method on the symbol class. If the method is defined in ruby code (not a C extension) you can see where with:

:foo.method(:to_json).source_location

HTH,


Daniel DeLeo