Skip to content

Commit 764ef4b

Browse files
EvenLjjliujianjun.ljj
EvenLjj
and
liujianjun.ljj
authored
Merge commit from fork
Co-authored-by: liujianjun.ljj <liujianjun.ljj@antgroup.com>
1 parent e6f59b9 commit 764ef4b

File tree

2 files changed

+165
-61
lines changed

2 files changed

+165
-61
lines changed

Diff for: src/main/resources/security/serialize.blacklist

+161-57
Original file line numberDiff line numberDiff line change
@@ -1,44 +1,157 @@
1-
org.codehaus.groovy.runtime.MethodClosure
2-
clojure.core$constantly
3-
clojure.main$eval_opt
4-
com.alibaba.citrus.springext.support.parser.AbstractNamedProxyBeanDefinitionParser$ProxyTargetFactory
5-
com.alibaba.citrus.springext.support.parser.AbstractNamedProxyBeanDefinitionParser$ProxyTargetFactoryImpl
6-
com.alibaba.citrus.springext.util.SpringExtUtil.AbstractProxy
7-
com.alipay.custrelation.service.model.redress.Pair
1+
aj.org.objectweb.asm.
2+
br.com.anteros.
3+
bsh.
4+
ch.qos.logback.
5+
clojure.
6+
com.alibaba.citrus.springext.support.parser.
7+
com.alibaba.citrus.springext.util.SpringExtUtil.
8+
com.alibaba.druid.pool.
9+
com.alibaba.druid.stat.JdbcDataSourceStat
10+
com.alibaba.fastjson.annotation.
11+
com.alibaba.hotcode.internal.org.apache.commons.collections.functors.
12+
com.alipay.custrelation.service.model.redress.
13+
com.alipay.oceanbase.obproxy.druid.pool.
814
com.caucho.hessian.test.TestCons
9-
com.mchange.v2.c3p0.JndiRefForwardingDataSource
10-
com.mchange.v2.c3p0.WrapperConnectionPoolDataSource
11-
com.rometools.rome.feed.impl.EqualsBean
12-
com.rometools.rome.feed.impl.ToStringBean
13-
com.sun.jndi.rmi.registry.BindingEnumeration
14-
com.sun.jndi.toolkit.dir.LazySearchEnumerationImpl
15-
com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl
16-
com.sun.rowset.JdbcRowSetImpl
17-
com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data
18-
java.rmi.server.UnicastRemoteObject
19-
java.security.SignedObject
20-
java.util.ServiceLoader$LazyIterator
21-
javax.imageio.ImageIO$ContainsFilter
22-
javax.imageio.spi.ServiceRegistry
23-
javax.management.BadAttributeValueExpException
24-
javax.naming.InitialContext
25-
javax.naming.spi.ObjectFactory
26-
javax.script.ScriptEngineManager
27-
javax.sound.sampled.AudioFormat$Encoding
28-
org.apache.carbondata.core.scan.expression.ExpressionResult
29-
org.apache.commons.dbcp.datasources.SharedPoolDataSource
30-
org.apache.ibatis.executor.loader.AbstractSerialStateHolder
31-
org.apache.ibatis.executor.loader.CglibSerialStateHolder
32-
org.apache.ibatis.executor.loader.JavassistSerialStateHolder
33-
org.apache.ibatis.executor.loader.cglib.CglibProxyFactory
34-
org.apache.ibatis.executor.loader.javassist.JavassistSerialStateHolder
35-
org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
36-
org.apache.wicket.util.upload.DiskFileItem
37-
org.apache.xalan.xsltc.trax.TemplatesImpl
38-
org.apache.xbean.naming.context.ContextUtil$ReadOnlyBinding
39-
org.apache.xpath.XPathContext
40-
org.eclipse.jetty.util.log.LoggerLog
41-
org.geotools.filter.ConstantExpression
15+
com.caucho.naming.Qname
16+
com.ibatis.
17+
com.ibm.jtc.jax.xml.bind.v2.runtime.unmarshaller.
18+
com.ibm.xltxe.rnm1.xtq.bcel.util.
19+
com.mchange.
20+
com.mysql.cj.jdbc.admin.
21+
com.mysql.cj.jdbc.MysqlConnectionPoolDataSource
22+
com.mysql.cj.jdbc.MysqlDataSource
23+
com.mysql.cj.jdbc.MysqlXADataSource
24+
com.mysql.cj.log.
25+
com.mysql.jdbc.util.
26+
com.p6spy.engine.
27+
com.rometools.rome.feed.
28+
com.sun.
29+
com.taobao.eagleeye.wrapper.
30+
com.taobao.vipserver.commons.collections.functors.
31+
com.zaxxer.hikari.
32+
flex.messaging.util.concurrent.
33+
groovy.lang.
34+
java.awt.
35+
java.beans.
36+
java.net.InetAddress
37+
java.net.Socket
38+
java.net.URL
39+
java.rmi.
40+
java.security.
41+
java.util.EventListener
42+
java.util.jar.
43+
java.util.logging.
44+
java.util.prefs.
45+
java.util.ServiceLoader
46+
java.util.StringTokenizer
47+
javassist.
48+
javax.activation.
49+
javax.imageio.
50+
javax.management.
51+
javax.media.jai.remote.
52+
javax.naming.
53+
javax.net.
54+
javax.print.
55+
javax.script.
56+
javax.sound.
57+
javax.swing.
58+
javax.tools.
59+
javax.xml
60+
jdk.internal.
61+
jodd.db.connection.
62+
junit.
63+
net.bytebuddy.dynamic.loading.
64+
net.sf.cglib.
65+
net.sf.ehcache.hibernate.
66+
net.sf.ehcache.transaction.manager.
67+
ognl.
68+
oracle.jdbc.
69+
oracle.jms.aq.
70+
oracle.net.
71+
org.aoju.bus.proxy.provider.
72+
org.apache.activemq.ActiveMQConnectionFactory
73+
org.apache.activemq.ActiveMQXAConnectionFactory
74+
org.apache.activemq.jms.pool.
75+
org.apache.activemq.pool.
76+
org.apache.activemq.spring.
77+
org.apache.aries.transaction.
78+
org.apache.axis2.jaxws.spi.handler.
79+
org.apache.axis2.transport.jms.
80+
org.apache.bcel.
81+
org.apache.carbondata.core.scan.expression.
82+
org.apache.catalina.
83+
org.apache.cocoon.
84+
org.apache.commons.beanutils.
85+
org.apache.commons.codec.
86+
org.apache.commons.collections.comparators.
87+
org.apache.commons.collections.functors.
88+
org.apache.commons.collections.Transformer
89+
org.apache.commons.collections4.comparators.
90+
org.apache.commons.collections4.functors.
91+
org.apache.commons.collections4.Transformer
92+
org.apache.commons.configuration.
93+
org.apache.commons.configuration2.
94+
org.apache.commons.dbcp.
95+
org.apache.commons.fileupload.
96+
org.apache.commons.jelly.
97+
org.apache.commons.logging.
98+
org.apache.commons.proxy.
99+
org.apache.cxf.jaxrs.provider.
100+
org.apache.hadoop.shaded.com.zaxxer.hikari.
101+
org.apache.http.auth.
102+
org.apache.http.conn.
103+
org.apache.http.cookie.
104+
org.apache.http.impl.
105+
org.apache.ibatis.datasource.
106+
org.apache.ibatis.executor.
107+
org.apache.ibatis.javassist.
108+
org.apache.ibatis.ognl.
109+
org.apache.ibatis.parsing.
110+
org.apache.ibatis.reflection.
111+
org.apache.ibatis.scripting.
112+
org.apache.ignite.cache.
113+
org.apache.ignite.cache.jta.
114+
org.apache.log.output.db.
115+
org.apache.log4j.
116+
org.apache.logging.
117+
org.apache.myfaces.context.servlet.
118+
org.apache.myfaces.view.facelets.el.
119+
org.apache.openjpa.ee.
120+
org.apache.shiro.
121+
org.apache.tomcat.
122+
org.apache.velocity.
123+
org.apache.wicket.util.
124+
org.apache.xalan.
125+
org.apache.xbean.
126+
org.apache.xpath.
127+
org.apache.zookeeper.
128+
org.aspectj.
129+
org.codehaus.groovy.runtime.
130+
org.codehaus.jackson.
131+
org.datanucleus.store.rdbms.datasource.dbcp.datasources.
132+
org.dom4j.
133+
org.eclipse.jetty.
134+
org.geotools.filter.
135+
org.h2.jdbcx.
136+
org.h2.server.
137+
org.h2.value.
138+
org.hibernate.
139+
org.javasimon.
140+
org.jaxen.
141+
org.jboss.
142+
org.jdom.
143+
org.jdom2.transform.
144+
org.junit.
145+
org.logicalcobwebs.
146+
org.mockito.
147+
org.mortbay.jetty.
148+
org.mortbay.log.
149+
org.mozilla.javascript.
150+
org.objectweb.asm.
151+
org.osjava.sj.
152+
org.python.core.
153+
org.quartz.
154+
org.slf4j.
42155
org.springframework.aop.aspectj.autoproxy.AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder
43156
org.springframework.aop.support.DefaultBeanFactoryPointcutAdvisor
44157
org.springframework.beans.factory.BeanFactory
@@ -47,22 +160,13 @@ org.springframework.beans.factory.support.DefaultListableBeanFactory
47160
org.springframework.jndi.support.SimpleJndiBeanFactory
48161
org.springframework.orm.jpa.AbstractEntityManagerFactoryBean
49162
org.springframework.transaction.jta.JtaTransactionManager
50-
org.yaml.snakeyaml.tokens.DirectiveToken
51-
sun.rmi.server.UnicastRef
52-
javax.management.ImmutableDescriptor
53163
org.springframework.jndi.JndiObjectTargetSource
54-
ch.qos.logback.core.db.JNDIConnectionSource
55-
java.beans.Expression
56-
javassist.bytecode
57-
org.apache.ibatis.javassist.bytecode
58164
org.springframework.beans.factory.config.MethodInvokingFactoryBean
59-
com.alibaba.druid.pool.DruidDataSource
60-
com.sun.org.apache.bcel.internal.util.ClassLoader
61-
com.alibaba.druid.stat.JdbcDataSourceStat
62-
org.apache.tomcat.dbcp.dbcp.BasicDataSource
63-
com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput
64-
javassist.tools.web.Viewer
65-
net.bytebuddy.dynamic.loading.ByteArrayClassLoader
66-
org.apache.commons.beanutils.BeanMap
67-
com.caucho.naming.Qname
68-
com.sun.org.apache.xpath.internal.objects.Xstring
165+
org.thymeleaf.
166+
org.yaml.snakeyaml.tokens.
167+
pstore.shaded.org.apache.commons.collections.
168+
sun.print.
169+
sun.rmi.server.
170+
sun.rmi.transport.
171+
weblogic.ejb20.internal.
172+
weblogic.jms.common.

Diff for: src/test/java/com/caucho/hessian/test/SerializerFactoryTest.java

+4-4
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,8 @@
2121
import org.junit.Assert;
2222
import org.junit.Test;
2323

24-
import java.awt.Color;
2524
import java.lang.reflect.Field;
25+
import java.util.Date;
2626
import java.util.Map;
2727

2828
/**
@@ -41,7 +41,7 @@ public void getDeserializerByType() throws Exception {
4141
.get(serializerFactory));
4242
ClassLoader cl = Thread.currentThread().getContextClassLoader();
4343

44-
final String testClassName = Color.class.getName();
44+
final String testClassName = Date.class.getName();
4545
Deserializer d1 = serializerFactory.getDeserializer(testClassName);
4646
Assert.assertNotNull("TestClass Deserializer!", d1);
4747

@@ -67,7 +67,7 @@ public void getDeserializerByType2() throws Exception {
6767
.get(serializerFactory));
6868
ClassLoader cl = Thread.currentThread().getContextClassLoader();
6969

70-
final String testClassName = Color.class.getName();
70+
final String testClassName = Date.class.getName();
7171
Deserializer d1 = serializerFactory.getDeserializer(testClassName);
7272
Assert.assertNotNull("TestClass Deserializer!", d1);
7373

@@ -93,7 +93,7 @@ public void testDynamicLoadEnableDefaultFalse() throws Exception {
9393
.get(serializerFactory));
9494
ClassLoader cl = Thread.currentThread().getContextClassLoader();
9595

96-
final String testClassName = Color.class.getName();
96+
final String testClassName = Date.class.getName();
9797
Deserializer d1 = serializerFactory.getDeserializer(testClassName);
9898
Assert.assertNotNull("TestClass Deserializer!", d1);
9999

0 commit comments

Comments
 (0)