[jira] [Work logged] (ARTEMIS-4763) properties config - support metrics plugin, conversion of .class for non string attributes and empty init

Tue, 07 May 2024 11:59:03 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4763?focusedWorklogId=918167&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-918167
 ]

ASF GitHub Bot logged work on ARTEMIS-4763:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/May/24 18:58
            Start Date: 07/May/24 18:58
    Worklog Time Spent: 10m 
      Work Description: tabish121 commented on PR #4924:
URL: 
https://github.com/apache/activemq-artemis/pull/4924#issuecomment-2099105340

   > Does this need to have validation on allowed class types added? Just 
wondering if there are any potential security concerns like we recently had 
with the OpenWire protocol not validating class types.
   
   In general we have learned through a number of security reports that blindly 
creating any class instance is usually not the greatest idea.  It would be 
beneficial to at least scope the class created to an instance of an expected 
type, the test seems to be creating Transformer types to validating that before 
newInstance somehow would be beneficial.  




Issue Time Tracking
-------------------

    Worklog Id:     (was: 918167)
    Time Spent: 0.5h  (was: 20m)

> properties config - support metrics plugin, conversion of .class for non 
> string attributes and empty init 
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-4763
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4763
>             Project: ActiveMQ Artemis
>          Issue Type: New Feature
>          Components: Configuration
>    Affects Versions: 2.33.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> the metrics plugin is not a broker plugin, so cannot be initialised via the 
> broker plugins collection. We can only add .class instances to collections.
> The metrics instance is an attribute that needs a class type argument on the 
> metrics configuration.
> supporting a conversion to any non string scalar type using a .class value 
> will work nicely.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to