commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bertrand Delacretaz (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (IO-487) SafeObjectInputStream contribution - restrict which classes can be deserialized
Date Wed, 18 Nov 2015 16:11:11 GMT

     [ https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Bertrand Delacretaz updated IO-487:
-----------------------------------
    Attachment: IO-487-accept-reject-2.patch

Here's an updated {{IO-487-accept-reject-2.patch}} that adds a protected {{invalidClassNameFound}}
method to {{ValidatingObjectInputStream}}, as suggested by [~ebourg]. That method could be
overridden to log invalid classes instead of failing, and it also includes the comment about
not logging the invalid class name.

Do you guys think this can be committed? I guess what's important is to agree on the API-like
elements which are only the {{ClassNameMatcher}} interface and the public/protected methods
of {{ValidatingObjectInputStream}}.

> SafeObjectInputStream contribution - restrict which classes can be deserialized
> -------------------------------------------------------------------------------
>
>                 Key: IO-487
>                 URL: https://issues.apache.org/jira/browse/IO-487
>             Project: Commons IO
>          Issue Type: Improvement
>          Components: Utilities
>    Affects Versions: 2.4
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>              Labels: patch
>             Fix For: 2.5
>
>         Attachments: IO-487-2.patch, IO-487-accept-reject-2.patch, IO-487-accept-reject.patch,
IO-487-matchers.patch, IO-487-name-regex-acceptor.patch, IO-487.patch, IO-487.patch, IO-487.patch,
IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch
>
>
> As discussed on the commons dev list I'd like to contribute my SLING-5288 code to commons-io.
I'll attach a patch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message