[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15006477#comment-15006477
]
Bertrand Delacretaz edited comment on IO-487 at 11/16/15 10:37 AM:
-------------------------------------------------------------------
Or maybe
{code}
ObjectInputStream ois =
new ValidatingObjectInputStream(is)
.accept(com.foo.Foo.class, Integer.class)
.accept("com.bar.Bar*")
.reject("com.baz.*")
{code}
You'd need to process those simplified regex but considering the conventions on
class names it should be sufficient to map dots to {{\.}} and stars to {{.*}}
And also include {{acceptPattern(Pattern p)}} and {{rejectPattern(Pattern p)}}
for edge cases. Or maybe better, {{accept(ClassNameMatcher m)}} and
{{reject(ClassNameMatcher m)}}
was (Author: bdelacretaz):
Or maybe
{code}
ObjectInputStream ois =
new ValidatingObjectInputStream(is)
.accept(com.foo.Foo.class, Integer.class)
.accept("com.bar.Bar*")
.reject("com.baz.*")
{code}
You'd need to process those simplified regex but considering the conventions on
class names it should be sufficient to map dots to {{\.}} and stars to {{.*}}
And also include {{acceptPattern(Pattern p)}} and {{rejectPattern(Pattern p)}}
for edge cases.
> SafeObjectInputStream contribution - restrict which classes can be
> deserialized
> -------------------------------------------------------------------------------
>
> Key: IO-487
> URL: https://issues.apache.org/jira/browse/IO-487
> Project: Commons IO
> Issue Type: Improvement
> Components: Utilities
> Affects Versions: 2.4
> Reporter: Bertrand Delacretaz
> Priority: Minor
> Labels: patch
> Fix For: 2.5
>
> Attachments: IO-487-2.patch, IO-487-matchers.patch,
> IO-487-name-regex-acceptor.patch, IO-487.patch, IO-487.patch, IO-487.patch,
> IO-487.patch, IO-487.patch, IO-487.patch
>
>
> As discussed on the commons dev list I'd like to contribute my SLING-5288
> code to commons-io. I'll attach a patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
