RFR: 8264859: Implement Context-Specific Deserialization Filters [v12]

Roger Riggs rriggs at openjdk.java.net
Fri May 28 19:55:37 UTC 2021 

On Fri, 28 May 2021 15:43:14 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Roger Riggs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 13 additional commits since the last revision:
>> 
>>  - Merge branch 'master' into 8264859-context-filter-factory
>>  - Added test for rejectUndecidedClass array cases
>>    Added test for preventing disabling filter factory
>>    Test cleanup
>>  - Editorial updates to review comments.
>>    Simplify the builtin filter factory implementation.
>>    Add atomic update to setting the filter factory.
>>    Clarify the description of OIS.setObjectInputFilter.
>>    Cleanup of the example code.
>>  - Editorial updates
>>    Updated java.security properties to include jdk.serialFilterFactory
>>    Added test cases to SerialFilterFactoryTest for java.security properties and
>>    enabling of the SecurityManager with existing policy permission files
>>    Corrected a test that OIS.setObjectInputFilter could not be called twice.
>>    Removed a Factory test that was not intended to be committed
>>  - Moved utility filter methods to be static on ObjectInputFilter
>>    Rearranged the class javadoc of OIF to describe the parts of
>>    deserialization filtering, filters, composite filters, and the filter factory.
>>    And other review comment updates...
>>  - Refactored tests for utility functions to SerialFilterFunctionTest.java
>>    Deleted confused Config.allowMaxLimits() method
>>    Updated example to match move of methods to Config
>>    Added test of restriction on setting the filterfactory after a OIS has been created
>>    Additional Editorial updates
>>  - Move merge and rejectUndecidedClass methods to OIF.Config
>>    As default methods on OIF, their implementations were not concrete and not trustable
>>  - Review suggestions included;
>>    Added @implSpec for default methods in OIF;
>>    Added restriction that the filter factory cannot be set after an ObjectInputStream has been created and applied the current filter factory
>>  - Editorial javadoc updated based on review comments.
>>    Clarified behavior of rejectUndecidedClass method.
>>    Example test added to check status returned from file.
>>  - Editorial updates to review comments
>>    Add filter tracing support
>>  - ... and 3 more: https://git.openjdk.java.net/jdk/compare/0c26d863...0930f0f8
>
> src/java.base/share/classes/java/io/ObjectInputFilter.java line 396:
> 
>> 394:      * are {@code REJECTED}.  Either the class is not {@code ALLOWED} or
>> 395:      * if the class is an array and the base component type is not allowed,
>> 396:      * otherwise the result is {@code UNDECIDED}.
> 
> Is there some part of the sentence missing here? I don't fully understand the "Either, or, otherwise" construct.

There is an extra "if" at line 395.
it should be a more readable version of the list below implementing checkfilter.
If it does not aid in understanding, it can be removed.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3996

More information about the core-libs-dev mailing list