Package org.apache.logging.log4j.util
Class FilteredObjectInputStream
java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
org.apache.logging.log4j.util.FilteredObjectInputStream
- All Implemented Interfaces:
Closeable,DataInput,ObjectInput,ObjectStreamConstants,AutoCloseable
Extends
ObjectInputStream to only allow some built-in Log4j classes and caller-specified classes to be
deserialized.- Since:
- 2.8.2
-
Nested Class Summary
Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField -
Field Summary
FieldsFields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING -
Constructor Summary
ConstructorsConstructorDescriptionFilteredObjectInputStream(InputStream inputStream) FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) FilteredObjectInputStream(Collection<String> allowedExtraClasses) -
Method Summary
Modifier and TypeMethodDescriptionprivate static booleanisAllowedByDefault(String name) private static booleanisRequiredPackage(String name) protected Class<?> Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytesMethods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferToMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface java.io.ObjectInput
read, skip
-
Field Details
-
REQUIRED_JAVA_CLASSES
-
REQUIRED_JAVA_PACKAGES
-
allowedExtraClasses
-
-
Constructor Details
-
FilteredObjectInputStream
- Throws:
IOExceptionSecurityException
-
FilteredObjectInputStream
- Throws:
IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(Collection<String> allowedExtraClasses) throws IOException, SecurityException - Throws:
IOExceptionSecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) throws IOException - Throws:
IOException
-
-
Method Details
-
getAllowedClasses
-
resolveClass
- Overrides:
resolveClassin classObjectInputStream- Throws:
IOExceptionClassNotFoundException
-
isAllowedByDefault
-
isRequiredPackage
-