use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class GlobalFilterTest method setGlobalFilter.
/**
* If the Global filter is already set, it should always refuse to be
* set again.
* If there is a security manager, setting the serialFilter should fail
* without the appropriate permission.
* If there is no security manager then setting it should work.
*/
@Test()
static void setGlobalFilter() {
SecurityManager sm = System.getSecurityManager();
ObjectInputFilter filter = new SerialFilterTest.Validator();
ObjectInputFilter global = ObjectInputFilter.Config.getSerialFilter();
if (global != null) {
// once set, can never be re-set
try {
ObjectInputFilter.Config.setSerialFilter(filter);
Assert.fail("set only once process-wide filter");
} catch (IllegalStateException ise) {
if (sm != null) {
Assert.fail("wrong exception when security manager is set", ise);
}
} catch (SecurityException se) {
if (sm == null) {
Assert.fail("wrong exception when security manager is not set", se);
}
}
} else {
if (sm == null) {
// no security manager
try {
ObjectInputFilter.Config.setSerialFilter(filter);
// Note once set, it can not be reset; so other tests
System.out.printf("Global Filter set to Validator%n");
} catch (SecurityException se) {
Assert.fail("setGlobalFilter should not get SecurityException", se);
}
try {
// Try to set it again, expecting it to throw
ObjectInputFilter.Config.setSerialFilter(filter);
Assert.fail("set only once process-wide filter");
} catch (IllegalStateException ise) {
// Normal case
}
} else {
// Security manager
SecurityException expectSE = null;
try {
sm.checkPermission(new SerializablePermission("serialFilter"));
} catch (SecurityException se1) {
expectSE = se1;
}
SecurityException actualSE = null;
try {
ObjectInputFilter.Config.setSerialFilter(filter);
} catch (SecurityException se2) {
actualSE = se2;
}
if (expectSE == null | actualSE == null) {
Assert.assertEquals(expectSE, actualSE, "SecurityException");
} else {
Assert.assertEquals(expectSE.getClass(), actualSE.getClass(), "SecurityException class");
}
}
}
}
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class MixedFiltersTest method testRejectedInGlobal.
/**
* Test:
* "global filter reject" + "specific ObjectInputStream filter is empty" => should reject
* "global filter reject" + "specific ObjectInputStream filter allow" => should allow
*/
@Test(dataProvider = "RejectedInGlobal")
public void testRejectedInGlobal(Object toDeserialized, String pattern) throws Exception {
byte[] bytes = SerialFilterTest.writeObjects(toDeserialized);
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
Object o = ois.readObject();
fail("filter should have thrown an exception");
} catch (InvalidClassException expected) {
}
ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
ObjectInputFilter.Config.setObjectInputFilter(ois, filter);
Object o = ois.readObject();
}
}
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class SerialFilterTest method testEmptyPattern.
/**
* Test that Config.create returns null if the argument does not contain any patterns or limits.
*/
@Test()
static void testEmptyPattern() {
ObjectInputFilter filter = ObjectInputFilter.Config.createFilter("");
Assert.assertNull(filter, "empty pattern did not return null");
filter = ObjectInputFilter.Config.createFilter(";;;;");
Assert.assertNull(filter, "pattern with only delimiters did not return null");
}
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class SerialFilterTest method testLimits.
/**
* Test repeated limits use the last value.
* Construct a filter with the limit and the limit repeated -1.
* Invoke the filter with the limit to make sure it is rejected.
* Invoke the filter with the limit -1 to make sure it is accepted.
* @param name the name of the limit to test
* @param value a test value
*/
@Test(dataProvider = "Limits")
static void testLimits(String name, int value) {
Class<?> arrayClass = new int[0].getClass();
String pattern = String.format("%s=%d;%s=%d", name, value, name, value - 1);
ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
Assert.assertEquals(filter.checkInput(new FilterValues(arrayClass, value, value, value, value)), ObjectInputFilter.Status.REJECTED, "last limit value not used: " + filter);
Assert.assertEquals(filter.checkInput(new FilterValues(arrayClass, value - 1, value - 1, value - 1, value - 1)), ObjectInputFilter.Status.UNDECIDED, "last limit value not used: " + filter);
}
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class DGCImpl method initDgcFilter.
/**
* Initialize the dgcFilter from the security properties or system property; if any
* @return an ObjectInputFilter, or null
*/
private static ObjectInputFilter initDgcFilter() {
ObjectInputFilter filter = null;
String props = System.getProperty(DGC_FILTER_PROPNAME);
if (props == null) {
props = Security.getProperty(DGC_FILTER_PROPNAME);
}
if (props != null) {
filter = ObjectInputFilter.Config.createFilter(props);
if (dgcLog.isLoggable(Log.BRIEF)) {
dgcLog.log(Log.BRIEF, "dgcFilter = " + filter);
}
}
return filter;
}
Aggregations