Package org.apache.logging.log4j.util
Class FilteredObjectInputStream
- java.lang.Object
-
- java.io.InputStream
-
- java.io.ObjectInputStream
-
- org.apache.logging.log4j.util.FilteredObjectInputStream
-
- All Implemented Interfaces:
java.io.Closeable
,java.io.DataInput
,java.io.ObjectInput
,java.io.ObjectStreamConstants
,java.lang.AutoCloseable
public class FilteredObjectInputStream extends java.io.ObjectInputStream
ExtendsObjectInputStream
to only allow some built-in Log4j classes and caller-specified classes to be deserialized.- Since:
- 2.8.2
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Collection<java.lang.String>
allowedExtraClasses
private static java.util.Set<java.lang.String>
REQUIRED_JAVA_CLASSES
private static java.util.Set<java.lang.String>
REQUIRED_JAVA_PACKAGES
-
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
-
Constructor Summary
Constructors Constructor Description FilteredObjectInputStream()
FilteredObjectInputStream(java.io.InputStream inputStream)
FilteredObjectInputStream(java.io.InputStream inputStream, java.util.Collection<java.lang.String> allowedExtraClasses)
FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedExtraClasses)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.Collection<java.lang.String>
getAllowedClasses()
private static boolean
isAllowedByDefault(java.lang.String name)
private static boolean
isRequiredPackage(java.lang.String name)
protected java.lang.Class<?>
resolveClass(java.io.ObjectStreamClass desc)
-
Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes
-
Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo
-
-
-
-
Field Detail
-
REQUIRED_JAVA_CLASSES
private static final java.util.Set<java.lang.String> REQUIRED_JAVA_CLASSES
-
REQUIRED_JAVA_PACKAGES
private static final java.util.Set<java.lang.String> REQUIRED_JAVA_PACKAGES
-
allowedExtraClasses
private final java.util.Collection<java.lang.String> allowedExtraClasses
-
-
Constructor Detail
-
FilteredObjectInputStream
public FilteredObjectInputStream() throws java.io.IOException, java.lang.SecurityException
- Throws:
java.io.IOException
java.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream inputStream) throws java.io.IOException
- Throws:
java.io.IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedExtraClasses) throws java.io.IOException, java.lang.SecurityException
- Throws:
java.io.IOException
java.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream inputStream, java.util.Collection<java.lang.String> allowedExtraClasses) throws java.io.IOException
- Throws:
java.io.IOException
-
-
Method Detail
-
getAllowedClasses
public java.util.Collection<java.lang.String> getAllowedClasses()
-
resolveClass
protected java.lang.Class<?> resolveClass(java.io.ObjectStreamClass desc) throws java.io.IOException, java.lang.ClassNotFoundException
- Overrides:
resolveClass
in classjava.io.ObjectInputStream
- Throws:
java.io.IOException
java.lang.ClassNotFoundException
-
isAllowedByDefault
private static boolean isAllowedByDefault(java.lang.String name)
-
isRequiredPackage
private static boolean isRequiredPackage(java.lang.String name)
-
-