diff options
3 files changed, 6 insertions, 2 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java index 1924e165..ebeeddb4 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java @@ -54,7 +54,8 @@ public class EaafObjectInputStream extends ObjectInputStream { throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName()); } else if (objectDeep > 0 - && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName()))) { + && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName()) + || Object[].class.getName().equals(desc.getName()))) { throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName()); } else { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java index efb4c9be..49b992f6 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java @@ -84,7 +84,7 @@ public class EaafSerializationUtils { * allow-list.<br> * <b>Hint:</b> Do NOT set {@link Object} as allowed class, because any class is * an super-type of {@link Object}. This method implementation allows - * {@link Object} as explicit type with strict check-mode. + * {@link Object} and Object[] as explicit type with strict check-mode. * </p> * * @param bytes a serialized object diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java index 98747b41..3535b217 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java @@ -112,6 +112,9 @@ public class EaafSerializationUtilsTest { assertThrows(IllegalArgumentException.class, () -> EaafSerializationUtils.typeSpecificDeserialize( object, Sets.newHashSet(DummyClassA.class, DummyClassB.class), DummyClassC.class)); + assertThrows(IllegalArgumentException.class, () -> EaafSerializationUtils.typeSpecificDeserialize( + object, Sets.newHashSet(DummyClassA.class, DummyClassB.class), DummyClassC.class)); + assertNotNull(EaafSerializationUtils.typeSpecificDeserialize( object, Sets.newHashSet(DummyClassA.class, DummyClassB.class, Throwable.class, StackTraceElement[].class, |