Olof Larsson created HTTPCLIENT-2023:
----------------------------------------
Summary: Whitelist Char Array in DefaultHttpCacheEntrySerializer
Key: HTTPCLIENT-2023
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2023
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpCache
Affects Versions: 4.5.10
Reporter: Olof Larsson
*Intro*
Please add char array to ALLOWED_CLASS_PATTERNS in
DefaultHttpCacheEntrySerializer.
*Further Explanation*
The current ALLOWED_CLASS_PATTERNS looks like this:
{code:java}
private static final List<Pattern> ALLOWED_CLASS_PATTERNS =
Collections.unmodifiableList(Arrays.asList(
Pattern.compile("^(\\[L)?org\\.apache\\.http\\.(.*)"),
Pattern.compile("^(\\[L)?java\\.util\\.(.*)"),
Pattern.compile("^(\\[L)?java\\.lang\\.(.*)$"),
Pattern.compile("^\\[B$")));
{code}
As we can se byte arrays are allowed (at the end) but not char arrays. This
currently blocks me from upgrading from 4.5.8 to 4.5.10 because the
HttpCacheEntry may contain char arrays.
The field "HttpCacheEntry.responseHeaders.headers" can be of the implementing
type "BufferedHeader" which contains a "private final CharArrayBuffer buffer;"
field, which contains "private char[] buffer;".
*Proposed Solution*
Maybe it would make sense to *whitelist all arrays of primitives* (as opposed
to just arrays of bytes)? That way future code changes does not risk breaking
the DefaultHttpCacheEntrySerializer?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
