RFR: 8321053: Use ByteArrayInputStream.buf directly when parameter of transferTo() is trusted [v2]
Brian Burkhalter
bpb at openjdk.org
Fri Dec 1 22:29:27 UTC 2023
On Fri, 1 Dec 2023 13:46:59 GMT, Markus KARG <duke at openjdk.org> wrote:
>> @bplb You did it right. The reason it works is because the ChannelOutputStream is in the "sun." package and not the "java." package. That is not the case for Channels.newOutputStream(AsynchronousByteChannel ch) as that wrapper should be able to access the byte array.
>
> I see the problem that unless we have an explicit whitelist, we do open the risk of accidentially adding another wrapper stream in future to the JDK somewhere and forget to add it to the blacklist. So for safety, I would pleae for not using .startsWith() but explitly mention the actively proven-as-safe classes only. That way, the code might be slower (sad but true) but inherently future-proof.
The case of `Channels.newOutputStream(AsynchronousByteChannel)` could be handled by changing the return value of that method. For example, `sun.nio.ch.Streams` could have a method `OutputStream of(AsynchronousByteChannel)` added to it which returned something like an `AsynChannelOutputStream` and we could use that.
That said, it is true that a deny list is not inherently future-proof like an allow list, as stated.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16893#discussion_r1412626371
More information about the core-libs-dev
mailing list