Fix: Require serializers to only produce valid target types

Author: Exlll

configlib-core/src/main/java/de/exlll/configlib/Reflect.java

@@ -12,6 +12,12 @@
 import static de.exlll.configlib.Validator.requireRecord;
 
 final class Reflect {
+    private static final Set<Class<?>> SIMPLE_TARGET_TYPES = Set.of(
+            Boolean.class,
+            Long.class,
+            Double.class,
+            String.class
+    );
     private static final Map<Class<?>, Object> DEFAULT_VALUES = initDefaultValues();
 
     private Reflect() {}
@@ -251,4 +257,8 @@ static Object invoke(Method method, Object object, Object... arguments) {
             throw new RuntimeException(e);
         }
     }
+
+    static boolean isSimpleTargetType(Class<?> cls) {
+        return SIMPLE_TARGET_TYPES.contains(cls);
+    }
 }

configlib-core/src/main/java/de/exlll/configlib/Serializer.java

@@ -5,27 +5,25 @@
  * {@code T2} and vice versa.
  * <p>
  * Which types {@code T2} are serializable depends on the underlying storage system. Currently,
- * all storage systems support the following types:
+ * all storage systems support the following target types:
  * <ul>
  *     <li>{@code Boolean}</li>
  *     <li>{@code Long}</li>
  *     <li>{@code Double}</li>
  *     <li>{@code String}</li>
  *     <li>(Nested) {@code List}s of the other types</li>
- *     <li>(Nested) {@code Set}s of the other types</li>
  *     <li>(Nested) {@code Map}s of the other types</li>
  * </ul>
  * <p>
- * That means that if you want to support all currently available configuration store formats,
- * your {@code Serializer} implementation should convert an object of type {@code T1} into one
- * of the seven types listed above.
+ * For all custom serializers, {@code T2} must be one of the six types listed above.
  *
  * @param <T1> the type of the objects that should be serialized
  * @param <T2> the serializable type
  */
 public interface Serializer<T1, T2> {
     /**
      * Serializes an element of type {@code T1} into an element of type {@code T2}.
+     * Type {@code T2} must be a valid target type.
      *
      * @param element the element of type {@code T1} that is serialized
      * @return the serialized element of type {@code T2}

configlib-core/src/main/java/de/exlll/configlib/TypeSerializer.java

@@ -16,6 +16,7 @@
 import java.util.stream.Collectors;
 
 import static de.exlll.configlib.Validator.requireNonNull;
+import static de.exlll.configlib.Validator.requireTargetType;
 
 sealed abstract class TypeSerializer<T, E extends ConfigurationElement<?>>
         implements Serializer<T, Map<?, ?>>
@@ -76,12 +77,16 @@ protected TypeSerializer(Class<T> type, ConfigurationProperties properties) {
     }
 
     protected final Object serializeElement(E element, Object value) {
+        if (value == null) return null;
+
         // This cast can lead to a ClassCastException if an element of type X is
         // serialized by a custom serializer that expects a different type Y.
         @SuppressWarnings("unchecked")
         final var serializer = (Serializer<Object, Object>) serializers.get(element.name());
         try {
-            return (value != null) ? serializer.serialize(value) : null;
+            final Object serialized = serializer.serialize(value);
+            validateTargetType(element, value, serialized);
+            return serialized;
         } catch (ClassCastException e) {
             String msg = ("Serialization of value '%s' for element '%s' of type '%s' failed.\n" +
                           "The type of the object to be serialized does not match the type " +
@@ -96,6 +101,25 @@ protected final Object serializeElement(E element, Object value) {
         }
     }
 
+    private static void validateTargetType(
+            ConfigurationElement<?> element,
+            Object value,
+            Object serialized
+    ) {
+        try {
+            requireTargetType(serialized);
+        } catch (ConfigurationException e) {
+            String msg = ("Serialization of value '%s' for element '%s' of type '%s' failed. " +
+                          "The serializer produced an invalid target type.")
+                    .formatted(
+                            value,
+                            element.element(),
+                            element.declaringType()
+                    );
+            throw new ConfigurationException(msg, e);
+        }
+    }
+
     protected final Object deserialize(E element, Object value) {
         // This unchecked cast leads to an exception if the type of the object which
         // is deserialized is not a subtype of the type the deserializer expects.

configlib-core/src/main/java/de/exlll/configlib/Validator.java

@@ -1,5 +1,7 @@
 package de.exlll.configlib;
 
+import java.util.List;
+import java.util.Map;
 import java.util.Objects;
 
 final class Validator {
@@ -52,4 +54,32 @@ static void requirePrimitiveOrWrapperNumberType(Class<?> cls) {
             throw new IllegalArgumentException(msg);
         }
     }
+
+    static void requireTargetType(Object object) {
+        if (object == null) return;
+
+        final Class<?> cls = object.getClass();
+        if (cls == Boolean.class ||
+            cls == Long.class ||
+            cls == Double.class ||
+            cls == String.class) {
+            return;
+        }
+
+        if (object instanceof List<?> list) {
+            list.forEach(Validator::requireTargetType);
+            return;
+        }
+
+        if (object instanceof Map<?, ?> map) {
+            map.keySet().forEach(Validator::requireTargetType);
+            map.values().forEach(Validator::requireTargetType);
+            return;
+        }
+
+        final String msg =
+                "Object '" + object + "' does not have a valid target type. " +
+                "Its type is: " + object.getClass();
+        throw new ConfigurationException(msg);
+    }
 }

configlib-core/src/test/java/de/exlll/configlib/ReflectTest.java

@@ -7,9 +7,7 @@
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
+import java.util.*;
 
 import static de.exlll.configlib.TestUtils.*;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -447,4 +445,22 @@ void invokeMethod() throws Exception {
         Object object = Reflect.invoke(method, new ReflectTest());
         assertThat(object, is("AB"));
     }
+
+    @Test
+    void isSimpleTargetType() {
+        enum E {E;}
+        record R(Long l) {}
+
+        assertThat(Reflect.isSimpleTargetType(Boolean.class), is(true));
+        assertThat(Reflect.isSimpleTargetType(Long.class), is(true));
+        assertThat(Reflect.isSimpleTargetType(Double.class), is(true));
+        assertThat(Reflect.isSimpleTargetType(String.class), is(true));
+
+        assertThat(Reflect.isSimpleTargetType(Map.class), is(false));
+        assertThat(Reflect.isSimpleTargetType(Set.class), is(false));
+        assertThat(Reflect.isSimpleTargetType(List.class), is(false));
+        assertThat(Reflect.isSimpleTargetType(E.class), is(false));
+        assertThat(Reflect.isSimpleTargetType(R.class), is(false));
+        assertThat(Reflect.isSimpleTargetType(Object.class), is(false));
+    }
 }

configlib-core/src/test/java/de/exlll/configlib/TypeSerializerTest.java

@@ -21,8 +21,7 @@
 import static de.exlll.configlib.TestUtils.assertThrowsConfigurationException;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 class TypeSerializerTest {
     private static <T> TypeSerializer<T, ?> newTypeSerializer(
@@ -581,6 +580,27 @@ record S(@SerializeWith(serializer = DoubleIntSerializer.class) String s) {}
                 "the custom serializer of type " +
                 "'class de.exlll.configlib.TestUtils$DoubleIntSerializer' expects."
         );
+    }
 
+    @Test
+    void serializingObjectThatProducesInvalidTargetTypeFails() {
+        record S(@SerializeWith(serializer = DoubleIntSerializer.class) Integer i) {}
+        final var serializer = newTypeSerializer(S.class);
+
+        ConfigurationException ex1 = assertThrows(
+                ConfigurationException.class,
+                () -> serializer.serialize(new S(10))
+        );
+        assertThat(ex1.getMessage(), is(
+                "Serialization of value '10' for element 'java.lang.Integer i' of type " +
+                "'class de.exlll.configlib.TypeSerializerTest$2S' failed. " +
+                "The serializer produced an invalid target type."
+        ));
+
+        ConfigurationException ex2 = (ConfigurationException) ex1.getCause();
+        assertThat(ex2.getMessage(), is(
+                "Object '20' does not have a valid target type. " +
+                "Its type is: class java.lang.Integer"
+        ));
     }
 }