RFR: 8321053: Use ByteArrayInputStream.buf directly when parameter of transferTo() is trusted [v2]
Brian Burkhalter
bpb at openjdk.org
Fri Dec 1 23:24:35 UTC 2023
On Fri, 1 Dec 2023 22:26:51 GMT, Brian Burkhalter <bpb at openjdk.org> wrote:
>> I see the problem that unless we have an explicit whitelist, we do open the risk of accidentially adding another wrapper stream in future to the JDK somewhere and forget to add it to the blacklist. So for safety, I would pleae for not using .startsWith() but explitly mention the actively proven-as-safe classes only. That way, the code might be slower (sad but true) but inherently future-proof.
>
> The case of `Channels.newOutputStream(AsynchronousByteChannel)` could be handled by changing the return value of that method. For example, `sun.nio.ch.Streams` could have a method `OutputStream of(AsynchronousByteChannel)` added to it which returned something like an `AsynChannelOutputStream` and we could use that.
>
> That said, it is true that a deny list is not inherently future-proof like an allow list, as stated.
I think that a sufficiently future-proof deny list could be had by changing
211 if (out.getClass().getPackageName().startsWith("java.") &&
back to
211 if ("java.io".equals(out.getClass().getPackageName()) &&
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16893#discussion_r1412658236
More information about the core-libs-dev
mailing list