[jira] [Updated] (AVRO-3985) Restrict trusted packages in ReflectData and SpecificData

Thu, 02 May 2024 07:32:04 -0700 


     [ 
https://issues.apache.org/jira/browse/AVRO-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jean-Baptiste Onofré updated AVRO-3985:
---------------------------------------
    Description: 
Right now, there's no check in allowed packages in {{ReflectData}} and 
{{{}SpecificData{}}}.

That could be problematic for marshalling/unmarshalling, as the as malicious 
payload can exploit the host system.

I propose to introduce a {{org.apache.avro.TRUSTED_PACKAGES}} system property:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=my.package,my.other.package,...{code}
In case we want to shortcut the mechanism, we would be able to allow all 
packages to be trusted using {{*}} wildcard:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=*{code}
By default, I would recommend to have limited trusted packages: 
{{{}java.lang,javax.security,java.util,org.apache.avro{}}}.

  was:
Right now, there's no check in allowed packages in {{ReflectData}} and 
{{{}SpecificData{}}}.

That could be problematic for marshalling/unmarshalling, as the as malicious 
payload can exploit the host system.

I propose to introduce a {{org.apache.avro.TRUSTED_PACKAGES}} system property:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=java.lang,javax.security,java.util,...{code}
In case we want to shortcut the mechanism, we would be able to allow all 
packages to be trusted using {{*}} wildcard:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=*{code}
By default, I would recommend to have limited trusted packages: 
{{{}java.lang,javax.security,java.util,org.apache.avro{}}}.


> Restrict trusted packages in ReflectData and SpecificData
> ---------------------------------------------------------
>
>                 Key: AVRO-3985
>                 URL: https://issues.apache.org/jira/browse/AVRO-3985
>             Project: Apache Avro
>          Issue Type: Improvement
>          Components: java
>            Reporter: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 1.12.0, 1.11.4
>
>
> Right now, there's no check in allowed packages in {{ReflectData}} and 
> {{{}SpecificData{}}}.
> That could be problematic for marshalling/unmarshalling, as the as malicious 
> payload can exploit the host system.
> I propose to introduce a {{org.apache.avro.TRUSTED_PACKAGES}} system property:
> {code:java}
> -Dorg.apache.avro.TRUSTED_PACKAGES=my.package,my.other.package,...{code}
> In case we want to shortcut the mechanism, we would be able to allow all 
> packages to be trusted using {{*}} wildcard:
> {code:java}
> -Dorg.apache.avro.TRUSTED_PACKAGES=*{code}
> By default, I would recommend to have limited trusted packages: 
> {{{}java.lang,javax.security,java.util,org.apache.avro{}}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to