Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.1:Staging:E
slf4j
slf4j-Disallow-EventData-deserialization-by-def...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File slf4j-Disallow-EventData-deserialization-by-default.patch of Package slf4j
Index: slf4j-1.7.12/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java =================================================================== --- slf4j-1.7.12.orig/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java +++ slf4j-1.7.12/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java @@ -76,12 +76,21 @@ public class EventData implements Serial */ @SuppressWarnings("unchecked") public EventData(String xml) { - ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes()); - try { - XMLDecoder decoder = new XMLDecoder(bais); - this.eventData = (Map<String, Object>) decoder.readObject(); - } catch (Exception e) { - throw new EventException("Error decoding " + xml, e); + if ("1".equals(System.getProperty("org.slf4j.ext.allowInsecureDeserialization"))) { + ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes()); + try { + XMLDecoder decoder = new XMLDecoder(bais); + this.eventData = (Map<String, Object>) decoder.readObject(); + } catch (Exception e) { + throw new EventException("Error decoding " + xml, e); + } + } else { + throw new UnsupportedOperationException( + "Constructing EventData from XML is vulnerable to remote " + + "excution and is not allowed by default. If you're " + + "completely sure the source data is trusted, you can enable " + + "it by setting org.slf4j.ext.allowInsecureDeserialization " + + "JVM property to 1"); } } @@ -302,4 +311,4 @@ public class EventData implements Serial public int hashCode() { return this.eventData.hashCode(); } -} \ No newline at end of file +}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor