Package org.apache.logging.log4j.util
Class FilteredObjectInputStream
- java.lang.Object
-
- java.io.InputStream
-
- java.io.ObjectInputStream
-
- org.apache.logging.log4j.util.FilteredObjectInputStream
-
- All Implemented Interfaces:
java.io.Closeable,java.io.DataInput,java.io.ObjectInput,java.io.ObjectStreamConstants,java.lang.AutoCloseable
public class FilteredObjectInputStream extends java.io.ObjectInputStreamExtendsObjectInputStreamto only allow some built-in Log4j classes and caller-specified classes to be deserialized.- Since:
- 2.11.0
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Collection<java.lang.String>allowedExtraClasses-
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
-
Constructor Summary
Constructors Constructor Description FilteredObjectInputStream()FilteredObjectInputStream(java.io.InputStream inputStream)FilteredObjectInputStream(java.io.InputStream inputStream, java.util.Collection<java.lang.String> allowedExtraClasses)FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedExtraClasses)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.Collection<java.lang.String>getAllowedClasses()private static booleanisAllowedByDefault(java.lang.String name)private static booleanisRequiredPackage(java.lang.String name)protected java.lang.Class<?>resolveClass(java.io.ObjectStreamClass desc)-
Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes
-
Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo
-
-
-
-
Constructor Detail
-
FilteredObjectInputStream
public FilteredObjectInputStream() throws java.io.IOException, java.lang.SecurityException- Throws:
java.io.IOExceptionjava.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream inputStream) throws java.io.IOException- Throws:
java.io.IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedExtraClasses) throws java.io.IOException, java.lang.SecurityException- Throws:
java.io.IOExceptionjava.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream inputStream, java.util.Collection<java.lang.String> allowedExtraClasses) throws java.io.IOException- Throws:
java.io.IOException
-
-
Method Detail
-
getAllowedClasses
public java.util.Collection<java.lang.String> getAllowedClasses()
-
resolveClass
protected java.lang.Class<?> resolveClass(java.io.ObjectStreamClass desc) throws java.io.IOException, java.lang.ClassNotFoundException- Overrides:
resolveClassin classjava.io.ObjectInputStream- Throws:
java.io.IOExceptionjava.lang.ClassNotFoundException
-
isAllowedByDefault
private static boolean isAllowedByDefault(java.lang.String name)
-
isRequiredPackage
private static boolean isRequiredPackage(java.lang.String name)
-
-