Package ch.qos.logback.core.net
Class HardenedObjectInputStream
- java.lang.Object
-
- java.io.InputStream
-
- java.io.ObjectInputStream
-
- ch.qos.logback.core.net.HardenedObjectInputStream
-
- All Implemented Interfaces:
Closeable
,DataInput
,ObjectInput
,ObjectStreamConstants
,AutoCloseable
- Direct Known Subclasses:
HardenedLoggingEventInputStream
@Deprecated(since="2022-01-27") public class HardenedObjectInputStream extends ObjectInputStream
Deprecated.This internal logback API is not supported by AEM as a Cloud Service.HardenedObjectInputStream restricts the set of classes that can be deserialized to a set of explicitly whitelisted classes. This prevents certain type of attacks from being successful.It is assumed that classes in the "java.lang" and "java.util" packages are always authorized.
- Since:
- 1.2.0
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField
-
-
Field Summary
-
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
-
Constructor Summary
Constructors Constructor Description HardenedObjectInputStream(InputStream in, String[] whilelist)
Deprecated.HardenedObjectInputStream(InputStream in, List<String> whitelist)
Deprecated.
-
Method Summary
-
Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readShort, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, setObjectInputFilter, skipBytes
-
Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo
-
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface java.io.ObjectInput
read, skip
-
-
-
-
Constructor Detail
-
HardenedObjectInputStream
public HardenedObjectInputStream(InputStream in, String[] whilelist) throws IOException
Deprecated.- Throws:
IOException
-
HardenedObjectInputStream
public HardenedObjectInputStream(InputStream in, List<String> whitelist) throws IOException
Deprecated.- Throws:
IOException
-
-