RFR: 8264859: Implement Context-Specific Deserialization Filters [v13]

Roger Riggs rriggs at openjdk.java.net
Mon May 31 15:44:06 UTC 2021 

> JEP 415: Context-specific Deserialization Filters extends the deserialization filtering mechanisms with more flexible and customizable protections against malicious deserialization.  See JEP 415: https://openjdk.java.net/jeps/415.
> The `java.io.ObjectInputFilter` and `java.io.ObjectInputStream` classes are extended with additional
> configuration mechanisms and filter utilities.
> 
> javadoc for `ObjectInputFilter`, `ObjectInputFilter.Config`, and `ObjectInputStream`:
>     http://cr.openjdk.java.net/~rriggs/filter-factory/java.base/java/io/ObjectInputFilter.html

Roger Riggs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision:

 - Added protections to aid in auditing of filter and filter factory to
   ensure effective filtering and compatibility with previous releases.
   Fixed a bug in allow/rejectFilter()
   Cleanup of error stages and messages related setting filter factory
   with Config.setSerialFilterFactory.
   Updated tests to match.
 - Merge branch 'master' into 8264859-context-filter-factory
 - Merge branch 'master' into 8264859-context-filter-factory
 - Added test for rejectUndecidedClass array cases
   Added test for preventing disabling filter factory
   Test cleanup
 - Editorial updates to review comments.
   Simplify the builtin filter factory implementation.
   Add atomic update to setting the filter factory.
   Clarify the description of OIS.setObjectInputFilter.
   Cleanup of the example code.
 - Editorial updates
   Updated java.security properties to include jdk.serialFilterFactory
   Added test cases to SerialFilterFactoryTest for java.security properties and
   enabling of the SecurityManager with existing policy permission files
   Corrected a test that OIS.setObjectInputFilter could not be called twice.
   Removed a Factory test that was not intended to be committed
 - Moved utility filter methods to be static on ObjectInputFilter
   Rearranged the class javadoc of OIF to describe the parts of
   deserialization filtering, filters, composite filters, and the filter factory.
   And other review comment updates...
 - Refactored tests for utility functions to SerialFilterFunctionTest.java
   Deleted confused Config.allowMaxLimits() method
   Updated example to match move of methods to Config
   Added test of restriction on setting the filterfactory after a OIS has been created
   Additional Editorial updates
 - Move merge and rejectUndecidedClass methods to OIF.Config
   As default methods on OIF, their implementations were not concrete and not trustable
 - Review suggestions included;
   Added @implSpec for default methods in OIF;
   Added restriction that the filter factory cannot be set after an ObjectInputStream has been created and applied the current filter factory
 - ... and 5 more: https://git.openjdk.java.net/jdk/compare/1325f0b0...6d07298f

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/3996/files
  - new: https://git.openjdk.java.net/jdk/pull/3996/files/0930f0f8..6d07298f

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3996&range=12
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3996&range=11-12

  Stats: 27002 lines in 388 files changed: 3591 ins; 22765 del; 646 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3996.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3996/head:pull/3996

PR: https://git.openjdk.java.net/jdk/pull/3996

More information about the core-libs-dev mailing list