[
https://issues.apache.org/jira/browse/AVRO-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17863025#comment-17863025
]
ASF subversion and git services commented on AVRO-3985:
-------------------------------------------------------
Commit f6b3bd7e50e6e09fedddb98c61558c022ba31285 in avro's branch
refs/heads/dependabot/cargo/lang/rust/env_logger-0.11.3 from JB Onofré
[ https://gitbox.apache.org/repos/asf?p=avro.git;h=f6b3bd7e5 ]
AVRO-3985: Add trusted packages support in SpecificData (#2934)
* AVRO-3985: Add trusted packages support in SpecificData
* Apply suggestions from code review
Co-authored-by: Martin Grigorov <[email protected]>
* Move to SecurityException
* Remove redundant import
---------
Co-authored-by: Fokko Driesprong <[email protected]>
Co-authored-by: Martin Grigorov <[email protected]>
> Restrict trusted packages in ReflectData and SpecificData
> ---------------------------------------------------------
>
> Key: AVRO-3985
> URL: https://issues.apache.org/jira/browse/AVRO-3985
> Project: Apache Avro
> Issue Type: Improvement
> Components: java
> Reporter: Jean-Baptiste Onofré
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.12.0, 1.11.4
>
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> Right now, there's no check in allowed packages in {{ReflectData}} and
> {{{}SpecificData{}}}.
> That could be problematic for marshalling/unmarshalling, as the as malicious
> payload can exploit the host system.
> I propose to introduce a {{org.apache.avro.TRUSTED_PACKAGES}} system property:
> {code:java}
> -Dorg.apache.avro.TRUSTED_PACKAGES=my.package,my.other.package,...{code}
> In case we want to shortcut the mechanism, we would be able to allow all
> packages to be trusted using {{*}} wildcard:
> {code:java}
> -Dorg.apache.avro.TRUSTED_PACKAGES=*{code}
> By default, I would recommend to have limited trusted packages:
> {{{}java.lang,javax.security,java.util,org.apache.avro{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
