[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107618#comment-16107618
]
Jon Harper commented on IO-487:
---
Hi,
just adding a comment here as this is the best documentatio
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018154#comment-15018154
]
Thomas Neidhart commented on IO-487:
btw. some observations from a few tests that I made:
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018147#comment-15018147
]
Adrian Crum commented on IO-487:
Or create static ClassNameMatcher members for common class ca
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018108#comment-15018108
]
Christopher Schultz commented on IO-487:
Instantiating the java.lang.Class object for
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018084#comment-15018084
]
Bertrand Delacretaz commented on IO-487:
Regarding the various usability suggestions I
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018083#comment-15018083
]
Bertrand Delacretaz commented on IO-487:
To match against Class objects you'd need to
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15015417#comment-15015417
]
Emmanuel Bourg commented on IO-487:
---
Another usability suggestion: if the type {{T}} is trus
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15015408#comment-15015408
]
Thomas Neidhart commented on IO-487:
The ClassNameMatcher as it is now implemented is quit
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15015407#comment-15015407
]
Emmanuel Bourg commented on IO-487:
---
Another idea we could consider, if trusting some packag
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014580#comment-15014580
]
Emmanuel Bourg commented on IO-487:
---
What about trusting {{java.lang}} by default?
> Valid
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014417#comment-15014417
]
Bertrand Delacretaz commented on IO-487:
bq. If you have to declare any accepted class
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014154#comment-15014154
]
Bertrand Delacretaz commented on IO-487:
Done, http://svn.apache.org/r1715240
> Valid
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014025#comment-15014025
]
Kristian Rosenvold commented on IO-487:
---
Yes please !
> ValidatingObjectInputStream co
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014017#comment-15014017
]
Bertrand Delacretaz commented on IO-487:
Ran the Cobertura coverage with "mvn site",
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15013966#comment-15013966
]
Bertrand Delacretaz commented on IO-487:
Added the class name in the InvalidClassExcep
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15013951#comment-15013951
]
Bertrand Delacretaz commented on IO-487:
bq. If I try to exploit code by desrializing
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15013920#comment-15013920
]
Bertrand Delacretaz commented on IO-487:
I have committed IO-487-accept-reject-2.patch
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15013889#comment-15013889
]
Adrian Crum commented on IO-487:
Without the class name, the exception is not useful to the de
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15013031#comment-15013031
]
Emmanuel Bourg commented on IO-487:
---
The name isn't included on purpose to avoid disclosing
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15012207#comment-15012207
]
Niall Pemberton commented on IO-487:
Go for it - looks good to me, the only minor comment
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011647#comment-15011647
]
Bertrand Delacretaz commented on IO-487:
at least you spelled it right, that's no so c
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011623#comment-15011623
]
Gary Gregory commented on IO-487:
-
This is also {{DelacretazObjectInputStream}} ... ;-)
> Val
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011611#comment-15011611
]
Bertrand Delacretaz commented on IO-487:
RestrictedObjectInputStream maybe, but Valida
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011403#comment-15011403
]
Christopher Schultz commented on IO-487:
I would suggest Filter[ing]ObjectInputStream,
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011354#comment-15011354
]
Gary Gregory commented on IO-487:
-
I like {{ValidatingObjectInputStream}} for the name.
> Val
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011332#comment-15011332
]
Bertrand Delacretaz commented on IO-487:
bq. if nobody objects you can even do it you
[
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011319#comment-15011319
]
Emmanuel Bourg commented on IO-487:
---
Its looks ready to be committed to me, and if nobody ob
27 matches
Mail list logo