diff options
author | Thomas <> | 2023-05-15 08:54:18 +0200 |
---|---|---|
committer | Thomas <> | 2023-05-15 08:54:18 +0200 |
commit | 00042becb5593d15138f7b5317c9d1f8db8108b2 (patch) | |
tree | a76e1d8822472111eb77933d5646e7a3f93506d1 /eaaf_core_utils | |
parent | 5865c9e49fb399c7690ed87925ba7b8ad5d98f13 (diff) | |
download | EAAF-Components-00042becb5593d15138f7b5317c9d1f8db8108b2.tar.gz EAAF-Components-00042becb5593d15138f7b5317c9d1f8db8108b2.tar.bz2 EAAF-Components-00042becb5593d15138f7b5317c9d1f8db8108b2.zip |
chore(utils): optimize type-specific deserialization
Diffstat (limited to 'eaaf_core_utils')
3 files changed, 6 insertions, 2 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java index 1924e165..ebeeddb4 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java @@ -54,7 +54,8 @@ public class EaafObjectInputStream extends ObjectInputStream { throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName()); } else if (objectDeep > 0 - && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName()))) { + && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName()) + || Object[].class.getName().equals(desc.getName()))) { throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName()); } else { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java index efb4c9be..49b992f6 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java @@ -84,7 +84,7 @@ public class EaafSerializationUtils { * allow-list.<br> * <b>Hint:</b> Do NOT set {@link Object} as allowed class, because any class is * an super-type of {@link Object}. This method implementation allows - * {@link Object} as explicit type with strict check-mode. + * {@link Object} and Object[] as explicit type with strict check-mode. * </p> * * @param bytes a serialized object diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java index 98747b41..3535b217 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java @@ -112,6 +112,9 @@ public class EaafSerializationUtilsTest { assertThrows(IllegalArgumentException.class, () -> EaafSerializationUtils.typeSpecificDeserialize( object, Sets.newHashSet(DummyClassA.class, DummyClassB.class), DummyClassC.class)); + assertThrows(IllegalArgumentException.class, () -> EaafSerializationUtils.typeSpecificDeserialize( + object, Sets.newHashSet(DummyClassA.class, DummyClassB.class), DummyClassC.class)); + assertNotNull(EaafSerializationUtils.typeSpecificDeserialize( object, Sets.newHashSet(DummyClassA.class, DummyClassB.class, Throwable.class, StackTraceElement[].class, |