private void init() { // list up types that should be marshalled out like a value, without referential integrity tracking. addImmutableType(Result.class); // http://www.openwall.com/lists/oss-security/2017/04/03/4 denyTypes(new Class[] { void.class, Void.class }); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new RobustMapConverter(getMapper()), 10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSortedSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableListConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // SECURITY-637 against URL deserialization registerConverter(new SafeURLConverter(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this), -10); registerConverter(new BlacklistedTypesConverter(), PRIORITY_VERY_HIGH); // SECURITY-247 defense registerConverter(new DynamicProxyConverter(getMapper()) { // SECURITY-105 defense @Override public boolean canConvert(Class type) { return /* this precedes NullConverter */ type != null && super.canConvert(type); } @Override public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("<dynamic-proxy> not supported"); } }, PRIORITY_VERY_HIGH); }
@Override protected Converter createDefaultConverter() { // replace default reflection converter reflectionConverter = new RobustReflectionConverter(getMapper(),new JVM().bestReflectionProvider(), new PluginClassOwnership()); return reflectionConverter; }
/** * Tries to load the the class if it is not null. If null or failure it returns * {@link PatchsetCreated} as a safety measure. * * @param clazz the class to try and load. * @return the class. */ private Class<? extends GerritTriggeredEvent> calculateEventClass(String clazz) { if (clazz == null) { //Probably old data, assume PatchsetCreated return PatchsetCreated.class; } Class<? extends GerritTriggeredEvent> theClass = null; try { theClass = Run.XSTREAM2.getMapper().realClass(clazz); return theClass; } catch (CannotResolveClassException e) { logger.error("Failed to unmarshall event type for trigger context!", e); } catch (ClassCastException e) { logger.error("Failed to unmarshall event type for trigger context!", e); } //Fallback to PatchsetCreated and pray return PatchsetCreated.class; }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ConcurrentHashMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this),-10); }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ConcurrentHashMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this),-10); }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ConcurrentHashMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this),-10); }
@Override protected Converter createDefaultConverter() { // replace default reflection converter reflectionConverter = new RobustReflectionConverter(getMapper(),new JVM().bestReflectionProvider()); return reflectionConverter; }
@Override protected Converter createDefaultConverter() { // replace default reflection converter reflectionConverter = new RobustReflectionConverter(getMapper(),new JVM().bestReflectionProvider()); return reflectionConverter; }
@Override protected Converter createDefaultConverter() { // replace default reflection converter reflectionConverter = new RobustReflectionConverter(getMapper(),new JVM().bestReflectionProvider()); return reflectionConverter; }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(), getReflectionProvider()), XStream.PRIORITY_NORMAL); registerConverter(new ImmutableMapConverter(getMapper(), getReflectionProvider()), XStream.PRIORITY_NORMAL); registerConverter(new ConcurrentHashMapConverter(getMapper(), getReflectionProvider()), XStream.PRIORITY_NORMAL); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()), XStream.PRIORITY_NORMAL); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()), XStream.PRIORITY_NORMAL); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(), XStream.PRIORITY_NORMAL); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this), XStream.PRIORITY_LOW); reflectionConverter = new RobustReflectionConverter(getMapper(), new JVM().bestReflectionProvider()); registerConverter(reflectionConverter, XStream.PRIORITY_VERY_LOW); }
private void init() { // list up types that should be marshalled out like a value, without referential integrity tracking. addImmutableType(Result.class); // http://www.openwall.com/lists/oss-security/2017/04/03/4 denyTypes(new Class[] { void.class, Void.class }); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new RobustMapConverter(getMapper()), 10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSortedSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableListConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this), -10); registerConverter(new BlacklistedTypesConverter(), PRIORITY_VERY_HIGH); // SECURITY-247 defense registerConverter(new DynamicProxyConverter(getMapper()) { // SECURITY-105 defense @Override public boolean canConvert(Class type) { return /* this precedes NullConverter */ type != null && super.canConvert(type); } @Override public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("<dynamic-proxy> not supported"); } }, PRIORITY_VERY_HIGH); }
@Override protected Converter createDefaultConverter() { // replace default reflection converter reflectionConverter = new RobustReflectionConverter(getMapper(),new JVM().bestReflectionProvider(), new PluginClassOwnership()); return reflectionConverter; }