jprdonnelly/tcommon-studio-se
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2025-12-25. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
4e4f161d1af775625fed13df7a00ce3e4a2a51f2
tcommon-studio-se/main/plugins/org.talend.librariesmanager/resources/java/routines/system/NoHeaderObjectInputStream.java

82 lines
2.6 KiB
Java
Raw Blame History

// ============================================================================
//
// Copyright (C) 2006-2021 Talend Inc. - www.talend.com
//
// This source code is available under agreement available at
// %InstallDIR%\features\org.talend.rcp.branding.%PRODUCTNAME%\%PRODUCTNAME%license.txt
//
// You should have received a copy of the agreement
// along with this program; if not, write to Talend SA
// 9 rue Pages 92150 Suresnes, France
//
// ============================================================================
package routines.system;
import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.io.StreamCorruptedException;
import java.util.Arrays;
/**
* DOC bchen class global comment. Detailled comment <br/>
*
* $Id: talend.epf 55206 2011-02-15 17:32:14Z mhirt $
*
*/
public class NoHeaderObjectInputStream extends ObjectInputStream {
/**
* Expected types for deserialized object (optional - for security purpose)
*/
private Class<?>[] expectedTypes;
/**
* If {@link #expectedTypes} is set, flags if the class has already been checked
*/
private boolean valid = false;
public NoHeaderObjectInputStream(InputStream in) throws IOException {
super(in);
}
public NoHeaderObjectInputStream(InputStream in, Class<?>... expectedTypes) throws IOException {
this(in);
if (expectedTypes != null) {
this.expectedTypes = new Class<?>[expectedTypes.length];
System.arraycopy(expectedTypes, 0, this.expectedTypes, 0, expectedTypes.length) ;
}
}
/**
* DOC bchen NoHeaderObjectInputStream constructor comment.
*
* @throws IOException
* @throws SecurityException
*/
protected NoHeaderObjectInputStream() throws IOException, SecurityException {
super();
// TODO Auto-generated constructor stub
}
@Override
protected void readStreamHeader() throws IOException, StreamCorruptedException {
// don't need to check the header
}
@Override
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
if (expectedTypes != null && !valid) {
if (Arrays.stream(expectedTypes)
.anyMatch(c -> c.getName().equals(desc.getName()))) {
valid = true;
} else {
throw new InvalidClassException("Unauthorized deserialization attempt : " + desc.getName());
}
}
return super.resolveClass(desc);
}
}
Reference in New Issue View Git Blame Copy Permalink