chaokunyang commented on code in PR #2102:
URL: https://github.com/apache/fury/pull/2102#discussion_r1997629661
##########
java/fury-core/src/main/java/org/apache/fury/resolver/DisallowedList.java:
##########
@@ -24,15 +24,25 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.util.Set;
+import java.util.TreeSet;
import java.util.stream.Collectors;
import org.apache.fury.exception.InsecureException;
/** A class to record which classes are not allowed for serialization. */
class DisallowedList {
private static final String DISALLOWED_LIST_TXT_PATH = "fury/disallowed.txt";
+ // when disallowed.txt changed, update this hash by print the result of
`calculateSHA256`
+ private static final String SHA256_HASH =
+ "d418999c49b0aa83b8bde8a79aa758a16adb5599e384f842db65dbcd633c541b";
Review Comment:
I removed the main method. The chekc happs when class init. If check failed,
the class init will fail, existing tests in DisallowedListTest will all fail
too. Seems adding new tests is unnecesary @pjfanning
caculate the hash at build process will make the build complex. Since this
is not updated frequently, how about updating it manually every time?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
