[SPARK-52381][Core] JsonProtocol: Only accept valid SparkListenerEvent subclasses

pjfanning · pjfanning · commit d9754f36e64e · 2025-06-26T13:12:46.000+01:00
extra check

scalastyle

Update JsonProtocolSuite.scala
diff --git a/core/src/main/scala/org/apache/spark/util/JsonProtocol.scala b/core/src/main/scala/org/apache/spark/util/JsonProtocol.scala
@@ -919,8 +919,18 @@ private[spark] class JsonProtocol(sparkConf: SparkConf) extends JsonUtils {
       case `stageExecutorMetrics` => stageExecutorMetricsFromJson(json)
       case `blockUpdate` => blockUpdateFromJson(json)
       case `resourceProfileAdded` => resourceProfileAddedFromJson(json)
-      case other => mapper.readValue(json.toString, Utils.classForName(other))
-        .asInstanceOf[SparkListenerEvent]
+      case other =>
+        if (other.startsWith("org.apache.spark")) {
+          val otherClass = Utils.classForName(other)
+          if (classOf[SparkListenerEvent].isAssignableFrom(otherClass)) {
+            mapper.readValue(json.toString, otherClass)
+              .asInstanceOf[SparkListenerEvent]
+          } else {
+            throw new SparkException(s"Unknown event type: $other")
+          }
+        } else {
+          throw new SparkException(s"Unknown event type: $other")
+        }
     }
   }
 
diff --git a/core/src/test/scala/org/apache/spark/util/JsonProtocolSuite.scala b/core/src/test/scala/org/apache/spark/util/JsonProtocolSuite.scala
@@ -1022,6 +1022,37 @@ class jsonProtocolSuite extends SparkFunSuite {
       "String value length (10000) exceeds the maximum allowed"
     ))
   }
+
+  test("SPARK-52381: only read Spark classes") {
+    val unknownJson =
+      """{
+        |  "Event" : "com.example.UnknownEvent",
+        |  "foo" : "foo"
+        |}""".stripMargin
+    try {
+      jsonProtocol.sparkEventFromJson(unknownJson)
+      fail("Expected SparkException for unknown event type")
+    } catch {
+      case e: SparkException =>
+        assert(e.getMessage.startsWith("Unknown event type"))
+    }
+  }
+
+  test("SPARK-52381: only read classes that extend SparkListenerEvent") {
+    val unknownJson =
+      """{
+        |  "Event" : "org.apache.spark.SparkException",
+        |  "foo" : "foo"
+        |}""".stripMargin
+    try {
+      jsonProtocol.sparkEventFromJson(unknownJson)
+      fail("Expected SparkException for unknown event type")
+    } catch {
+      case e: SparkException =>
+        assert(e.getMessage.startsWith("Unknown event type"))
+    }
+  }
+
 }
 
 
