RFR: 8264859: Implement Context-Specific Deserialization Filters [v12]

Roger Riggs rriggs at openjdk.java.net
Wed May 26 22:11:54 UTC 2021 

> JEP 415: Context-specific Deserialization Filters extends the deserialization filtering mechanisms with more flexible and customizable protections against malicious deserialization.  See JEP 415: https://openjdk.java.net/jeps/415.
> The `java.io.ObjectInputFilter` and `java.io.ObjectInputStream` classes are extended with additional
> configuration mechanisms and filter utilities.
> 
> javadoc for `ObjectInputFilter`, `ObjectInputFilter.Config`, and `ObjectInputStream`:
>     http://cr.openjdk.java.net/~rriggs/filter-factory/java.base/java/io/ObjectInputFilter.html

Roger Riggs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 13 additional commits since the last revision:

 - Merge branch 'master' into 8264859-context-filter-factory
 - Added test for rejectUndecidedClass array cases
   Added test for preventing disabling filter factory
   Test cleanup
 - Editorial updates to review comments.
   Simplify the builtin filter factory implementation.
   Add atomic update to setting the filter factory.
   Clarify the description of OIS.setObjectInputFilter.
   Cleanup of the example code.
 - Editorial updates
   Updated java.security properties to include jdk.serialFilterFactory
   Added test cases to SerialFilterFactoryTest for java.security properties and
   enabling of the SecurityManager with existing policy permission files
   Corrected a test that OIS.setObjectInputFilter could not be called twice.
   Removed a Factory test that was not intended to be committed
 - Moved utility filter methods to be static on ObjectInputFilter
   Rearranged the class javadoc of OIF to describe the parts of
   deserialization filtering, filters, composite filters, and the filter factory.
   And other review comment updates...
 - Refactored tests for utility functions to SerialFilterFunctionTest.java
   Deleted confused Config.allowMaxLimits() method
   Updated example to match move of methods to Config
   Added test of restriction on setting the filterfactory after a OIS has been created
   Additional Editorial updates
 - Move merge and rejectUndecidedClass methods to OIF.Config
   As default methods on OIF, their implementations were not concrete and not trustable
 - Review suggestions included;
   Added @implSpec for default methods in OIF;
   Added restriction that the filter factory cannot be set after an ObjectInputStream has been created and applied the current filter factory
 - Editorial javadoc updated based on review comments.
   Clarified behavior of rejectUndecidedClass method.
   Example test added to check status returned from file.
 - Editorial updates to review comments
   Add filter tracing support
 - ... and 3 more: https://git.openjdk.java.net/jdk/compare/9870b028...0930f0f8

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/3996/files
  - new: https://git.openjdk.java.net/jdk/pull/3996/files/19b6aad3..0930f0f8

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3996&range=11
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3996&range=10-11

  Stats: 44803 lines in 2037 files changed: 20137 ins; 18278 del; 6388 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3996.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3996/head:pull/3996

PR: https://git.openjdk.java.net/jdk/pull/3996

More information about the core-libs-dev mailing list