Jean-Baptiste Onofré created AVRO-3985:
------------------------------------------
Summary: Restrict allowed packages in ReflectData and SpecificData
Key: AVRO-3985
URL: https://issues.apache.org/jira/browse/AVRO-3985
Project: Apache Avro
Issue Type: Improvement
Reporter: Jean-Baptiste Onofré
Right now, there's no check in allowed packages in {{ReflectData}} and
{{{}SpecificData{}}}.
That could be problematic for marshalling/unmarshalling, as the as malicious
payload can exploit the host system.
I propose to introduce a {{org.apache.avro.TRUSTED_PACKAGES}} system property:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=java.lang,javax.security,java.util,...{code}
In case we want to shortcut the mechanism, we would be able to allow all
packages to be trusted using {{*}} wildcard:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=*{code}
By default, I would recommend to have limited trusted packages:
{{{}java.lang,javax.security,java.util,org.apache.avro{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
