@Test(expected = InvalidClassException.class) public void rejectPrecedence() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(MockSerializedClass.class) .reject(MockSerializedClass.class, Integer.class) ); }
/** Trusting java.lang.* and the array variants of that means we have * to define a number of accept classes explicitly. Quite safe but * might become a bit verbose. */ @Test public void trustJavaLang() throws IOException, ClassNotFoundException { assertSerialization(willClose( new ValidatingObjectInputStream(inputStream) .accept(MoreComplexObject.class, ArrayList.class, Random.class) .accept("java.lang.*","[Ljava.lang.*") )); }
@Test(expected = InvalidClassException.class) public void noAccept() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream))); }
@Test public void testSimplePatternFromString() { final ClassNameMatcher ca = new RegexpClassNameMatcher("foo.*"); assertTrue(ca.matches("foo.should.match")); assertFalse(ca.matches("bar.should.not.match")); }
@Test public void noPattern() { final ClassNameMatcher ca = new WildcardClassNameMatcher("org.foo"); assertTrue(ca.matches("org.foo")); assertFalse(ca.matches("org.foo.and.more")); assertFalse(ca.matches("org_foo")); }
@Test(expected = InvalidClassException.class) public void reject() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(Long.class) .reject(MockSerializedClass.class, Integer.class) ); }
/** Trusting java.* is probably reasonable and avoids having to be too * detailed in the accepts. */ @Test public void trustJavaIncludingArrays() throws IOException, ClassNotFoundException { assertSerialization(willClose( new ValidatingObjectInputStream(inputStream) .accept(MoreComplexObject.class) .accept("java.*","[Ljava.*") )); }
@Test public void testOrPattern() { final ClassNameMatcher ca = new RegexpClassNameMatcher("foo.*|bar.*"); assertTrue(ca.matches("foo.should.match")); assertTrue(ca.matches("bar.should.match")); assertFalse(ca.matches("zoo.should.not.match")); }
@Test(expected = InvalidClassException.class) public void rejectCustomMatcher() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(MockSerializedClass.class) .reject(ALWAYS_TRUE) ); }
@Test(expected = InvalidClassException.class) public void rejectWildcard() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(MockSerializedClass.class) .reject("org.*") ); }
@Test public void ourTestClassOnlyAccepted() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(MockSerializedClass.class) ); }
@Test public void ourTestClassAcceptedSecondWildcard() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept("*Integer","*MockSerializedClass") ); }
@Test public void acceptWildcard() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept("org.apache.commons.io.*") ); }
@Test public void ourTestClassAcceptedFirst() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(MockSerializedClass.class, Integer.class) ); }
@Test(expected = InvalidClassException.class) public void rejectOnly() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .reject(Integer.class) ); }
@Test public void acceptCustomMatcher() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(ALWAYS_TRUE) ); }
@Test(expected = InvalidClassException.class) public void ourTestClassNotAccepted() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(Integer.class) ); }
@Test public void ourTestClassAcceptedSecond() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(Integer.class, MockSerializedClass.class) ); }
@Test public void ourTestClassAcceptedFirstWildcard() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept("*MockSerializedClass","*Integer") ); }
@Test(expected = InvalidClassException.class) public void rejectPattern() throws Exception { assertSerialization( willClose(new ValidatingObjectInputStream(testStream)) .accept(MockSerializedClass.class) .reject(Pattern.compile("org.*")) ); }