oloflarsson opened a new pull request #171: feature/improve-tests-for-restrictedobjectinputstream URL: https://github.com/apache/httpcomponents-client/pull/171 @ok2c Thank you for the quick merge of my previous pull requests. It in fact happened much faster than I expected. Was expecting some feedback and iterations 😄. In this pull request I have improved the testability of the whitelist and added a bunch of unit tests. I took some inspiration from this blacklist: https://github.com/ikkisoft/SerialKiller/blob/master/config/serialkiller.conf Notably these unit tests would catch a future addition of vulnerabilities in "org.apache.commons.collections..." which might be good to avoid hypothetical future mistakes. Also we can now feel more certain the regexes do what I intended them to. Looks like they did (this pull request does not change them), but better write some tests to be on the safe side.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
