Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
30e1bbbd
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
30e1bbbd
编写于
4月 16, 2020
作者:
R
rriggs
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8234836: Improve serialization handling
Reviewed-by: skoivu, rhalade, chegar
上级
ab86581a
变更
2
显示空白变更内容
内联
并排
Showing
2 changed file
with
68 addition
and
0 deletion
+68
-0
src/share/classes/java/io/ObjectInputStream.java
src/share/classes/java/io/ObjectInputStream.java
+22
-0
test/java/io/Serializable/serialFilter/SerialFilterTest.java
test/java/io/Serializable/serialFilter/SerialFilterTest.java
+46
-0
未找到文件。
src/share/classes/java/io/ObjectInputStream.java
浏览文件 @
30e1bbbd
...
...
@@ -50,6 +50,7 @@ import sun.misc.SharedSecrets;
import
sun.reflect.misc.ReflectUtil
;
import
sun.misc.JavaOISAccess
;
import
sun.util.logging.PlatformLogger
;
import
sun.security.action.GetBooleanAction
;
/**
* An ObjectInputStream deserializes primitive data and objects previously
...
...
@@ -243,6 +244,23 @@ public class ObjectInputStream
/** queue for WeakReferences to audited subclasses */
static
final
ReferenceQueue
<
Class
<?>>
subclassAuditsQueue
=
new
ReferenceQueue
<>();
/**
* Property to permit setting a filter after objects
* have been read.
* See {@link #setObjectInputFilter(ObjectInputFilter)}
*/
static
final
boolean
SET_FILTER_AFTER_READ
=
privilegedGetProperty
(
"jdk.serialSetFilterAfterRead"
);
private
static
boolean
privilegedGetProperty
(
String
theProp
)
{
if
(
System
.
getSecurityManager
()
==
null
)
{
return
Boolean
.
getBoolean
(
theProp
);
}
else
{
return
AccessController
.
doPrivileged
(
new
GetBooleanAction
(
theProp
));
}
}
}
static
{
...
...
@@ -1250,6 +1268,10 @@ public class ObjectInputStream
serialFilter
!=
ObjectInputFilter
.
Config
.
getSerialFilter
())
{
throw
new
IllegalStateException
(
"filter can not be set more than once"
);
}
if
(
totalObjectRefs
>
0
&&
!
Caches
.
SET_FILTER_AFTER_READ
)
{
throw
new
IllegalStateException
(
"filter can not be set after an object has been read"
);
}
this
.
serialFilter
=
filter
;
}
...
...
test/java/io/Serializable/serialFilter/SerialFilterTest.java
浏览文件 @
30e1bbbd
...
...
@@ -51,8 +51,10 @@ import org.testng.annotations.Test;
import
org.testng.annotations.DataProvider
;
/* @test
* @bug 8234836
* @build SerialFilterTest
* @run testng/othervm SerialFilterTest
* @run testng/othervm -Djdk.serialSetFilterAfterRead=true SerialFilterTest
*
* @summary Test ObjectInputFilters
*/
...
...
@@ -76,6 +78,10 @@ public class SerialFilterTest implements Serializable {
*/
private
static
final
Object
otherObject
=
Integer
.
valueOf
(
0
);
// Cache value of jdk.serialSetFilterAfterRead property.
static
final
boolean
SET_FILTER_AFTER_READ
=
Boolean
.
getBoolean
(
"jdk.serialSetFilterAfterRead"
);
/**
* DataProvider for the individual patterns to test.
* Expand the patterns into cases for each of the Std and Compatibility APIs.
...
...
@@ -297,6 +303,46 @@ public class SerialFilterTest implements Serializable {
}
}
/**
* After reading some objects from the stream, setting a filter is disallowed.
* If the filter was allowed to be set, it would have unpredictable behavior.
* Objects already read would not be checked again, including class descriptors.
*
* Note: To mitigate possible incompatibility a system property can be set
* to revert to the old behavior but it re-enables the incorrect use.
*/
@Test
static
void
testNonSettableAfterReadObject
()
throws
IOException
,
ClassNotFoundException
{
String
expected1
=
"text1"
;
String
expected2
=
"text2"
;
byte
[]
bytes
=
writeObjects
(
expected1
,
expected2
);
for
(
boolean
toggle:
new
boolean
[]
{
true
,
false
})
{
try
(
ByteArrayInputStream
bais
=
new
ByteArrayInputStream
(
bytes
);
ObjectInputStream
ois
=
new
ObjectInputStream
(
bais
))
{
Object
actual1
=
toggle
?
ois
.
readObject
()
:
ois
.
readUnshared
();
Assert
.
assertEquals
(
actual1
,
expected1
,
"unexpected string"
);
// Attempt to set filter
ObjectInputFilter
filter
=
new
ObjectInputFilter
()
{
@Override
public
Status
checkInput
(
FilterInfo
filterInfo
)
{
return
null
;
}
};
ObjectInputFilter
.
Config
.
setObjectInputFilter
(
ois
,
filter
);
if
(!
SET_FILTER_AFTER_READ
)
Assert
.
fail
(
"Should not be able to set filter after readObject has been called"
);
}
catch
(
IllegalStateException
ise
)
{
// success, the exception was expected
if
(
SET_FILTER_AFTER_READ
)
Assert
.
fail
(
"With jdk.serialSetFilterAfterRead property set = true; "
+
"should be able to set the filter after a read"
);
}
catch
(
EOFException
eof
)
{
Assert
.
fail
(
"Should not reach end-of-file"
,
eof
);
}
}
}
/**
* Test that if an Objects readReadResolve method returns an array
* that the callback to the filter includes the proper array length.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录