Example 6 with ObjectInputFilter
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class RegistryImpl method initRegistryFilter.
/**
* Initialize the registryFilter from the security properties or system property; if any
* @return an ObjectInputFilter, or null
*/
private static ObjectInputFilter initRegistryFilter() {
ObjectInputFilter filter = null;
String props = System.getProperty(REGISTRY_FILTER_PROPNAME);
if (props == null) {
props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
}
if (props != null) {
filter = ObjectInputFilter.Config.createFilter(props);
Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
if (regLog.isLoggable(Log.BRIEF)) {
regLog.log(Log.BRIEF, "registryFilter = " + filter);
}
}
return filter;
}
Also used :
ObjectInputFilter(sun.misc.ObjectInputFilter)
Log(sun.rmi.runtime.Log)
Example 7 with ObjectInputFilter
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class SerialFilterTest method testPatterns.
/**
* Create a filter from a pattern and API factory, then serialize and
* deserialize an object and check allowed or reject.
*
* @param pattern the pattern
* @param object the test object
* @param allowed the expected result from ObjectInputStream (exception or not)
*/
static void testPatterns(String pattern, Object object, boolean allowed) {
try {
byte[] bytes = SerialFilterTest.writeObjects(object);
ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
validate(bytes, filter);
Assert.assertTrue(allowed, "filter should have thrown an exception");
} catch (IllegalArgumentException iae) {
Assert.fail("bad format pattern", iae);
} catch (InvalidClassException ice) {
Assert.assertFalse(allowed, "filter should not have thrown an exception: " + ice);
} catch (IOException ioe) {
Assert.fail("Unexpected IOException", ioe);
}
}
Also used :
ObjectInputFilter(sun.misc.ObjectInputFilter)
InvalidClassException(java.io.InvalidClassException)
IOException(java.io.IOException)
Example 8 with ObjectInputFilter
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class GlobalFilterTest method globalFilter.
/**
* Test that the process-wide filter is set when the properties are set
* and has the toString matching the configured pattern.
*/
@Test()
static void globalFilter() {
String pattern = System.getProperty("jdk.serialFilter", Security.getProperty("jdk.serialFilter"));
ObjectInputFilter filter = ObjectInputFilter.Config.getSerialFilter();
System.out.printf("global pattern: %s, filter: %s%n", pattern, filter);
Assert.assertEquals(pattern, Objects.toString(filter, null), "process-wide filter pattern does not match");
}
Also used :
ObjectInputFilter(sun.misc.ObjectInputFilter)
Test(org.testng.annotations.Test)
Example 9 with ObjectInputFilter
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class CheckInputOrderTest method testRejectedInGlobal.
/**
* Test:
* "global filter reject" + "specific ObjectInputStream filter is empty" => should reject
* "global filter reject" + "specific ObjectInputStream filter allow" => should allow
*/
@Test(dataProvider = "Patterns")
public void testRejectedInGlobal(Object toDeserialized, String pattern, boolean allowed) throws Exception {
byte[] bytes = SerialFilterTest.writeObjects(toDeserialized);
ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
ObjectInputFilter.Config.setObjectInputFilter(ois, filter);
Object o = ois.readObject();
assertTrue(allowed, "filter should have thrown an exception");
} catch (InvalidClassException ice) {
assertFalse(allowed, "filter should have thrown an exception");
}
}
Also used :
ObjectInputFilter(sun.misc.ObjectInputFilter)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InvalidClassException(java.io.InvalidClassException)
ObjectInputStream(java.io.ObjectInputStream)
Test(org.testng.annotations.Test)
Example 10 with ObjectInputFilter
use of sun.misc.ObjectInputFilter in project jdk8u_jdk by JetBrains.
the class MixedFiltersTest method testAllowedInGlobal.
/**
* Test:
* "global filter allow" + "specific ObjectInputStream filter is empty" => should allow
* "global filter allow" + "specific ObjectInputStream filter reject" => should reject
*/
@Test(dataProvider = "AllowedInGlobal")
public void testAllowedInGlobal(Object toDeserialized, String pattern) throws Exception {
byte[] bytes = SerialFilterTest.writeObjects(toDeserialized);
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
Object o = ois.readObject();
}
ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
ObjectInputFilter.Config.setObjectInputFilter(ois, filter);
Object o = ois.readObject();
assertTrue(false, "filter should have thrown an exception");
} catch (InvalidClassException expected) {
}
}
Also used :
ObjectInputFilter(sun.misc.ObjectInputFilter)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InvalidClassException(java.io.InvalidClassException)
ObjectInputStream(java.io.ObjectInputStream)
Test(org.testng.annotations.Test)
Aggregations
ObjectInputFilter (sun.misc.ObjectInputFilter)11
Test (org.testng.annotations.Test)8
ByteArrayInputStream (java.io.ByteArrayInputStream)4
InvalidClassException (java.io.InvalidClassException)4
ObjectInputStream (java.io.ObjectInputStream)4
IOException (java.io.IOException)2
EOFException (java.io.EOFException)1
SerializablePermission (java.io.SerializablePermission)1
Log (sun.rmi.runtime.Log)1
