commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IO-487) SafeObjectInputStream contribution - restrict which classes can be deserialized
Date Mon, 16 Nov 2015 10:44:11 GMT

    [ https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15006495#comment-15006495
] 

Sebb commented on IO-487:
-------------------------

Wildcard matching such as {{withClass("com.bar.Bar*")}} uses a syntax which AFAIK is not directly
supported by Java or Commons.

Implementation will require analysis of the parameter in order to either convert it to a Java
regex or to directly implement the new search syntax.
This is likely to be non-trivial.
Also the syntax will need to be clearly documented and tested.

The other fixed parameter syntaxes look OK.

> SafeObjectInputStream contribution - restrict which classes can be deserialized
> -------------------------------------------------------------------------------
>
>                 Key: IO-487
>                 URL: https://issues.apache.org/jira/browse/IO-487
>             Project: Commons IO
>          Issue Type: Improvement
>          Components: Utilities
>    Affects Versions: 2.4
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>              Labels: patch
>             Fix For: 2.5
>
>         Attachments: IO-487-2.patch, IO-487-matchers.patch, IO-487-name-regex-acceptor.patch,
IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch
>
>
> As discussed on the commons dev list I'd like to contribute my SLING-5288 code to commons-io.
I'll attach a patch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message