21
21
import io .fury .memory .MemoryBuffer ;
22
22
import io .fury .serializer .Serializer ;
23
23
import io .fury .util .LoggerFactory ;
24
+ import java .util .Collection ;
24
25
import java .util .HashSet ;
25
26
import java .util .Set ;
26
27
import java .util .WeakHashMap ;
@@ -49,7 +50,7 @@ public enum CheckLevel {
49
50
STRICT
50
51
}
51
52
52
- private final CheckLevel checkLevel ;
53
+ private volatile CheckLevel checkLevel ;
53
54
private final Set <String > allowList ;
54
55
private final Set <String > allowListPrefix ;
55
56
private final Set <String > disallowList ;
@@ -71,8 +72,25 @@ public AllowListChecker(CheckLevel checkLevel) {
71
72
listeners = new WeakHashMap <>();
72
73
}
73
74
75
+ public CheckLevel getCheckLevel () {
76
+ return checkLevel ;
77
+ }
78
+
79
+ public void setCheckLevel (CheckLevel checkLevel ) {
80
+ this .checkLevel = checkLevel ;
81
+ }
82
+
74
83
@ Override
75
84
public boolean checkClass (ClassResolver classResolver , String className ) {
85
+ try {
86
+ lock .readLock ().lock ();
87
+ return check (className );
88
+ } finally {
89
+ lock .readLock ().unlock ();
90
+ }
91
+ }
92
+
93
+ private boolean check (String className ) {
76
94
switch (checkLevel ) {
77
95
case DISABLE :
78
96
return true ;
@@ -106,41 +124,56 @@ public boolean checkClass(ClassResolver classResolver, String className) {
106
124
}
107
125
}
108
126
109
- boolean containsPrefix (Set <String > set , Set <String > prefixSet , String className ) {
110
- try {
111
- lock .readLock ().lock ();
112
- if (set .contains (className )) {
127
+ static boolean containsPrefix (Set <String > set , Set <String > prefixSet , String className ) {
128
+ if (set .contains (className )) {
129
+ return true ;
130
+ }
131
+ for (String prefix : prefixSet ) {
132
+ if (className .startsWith (prefix )) {
113
133
return true ;
114
134
}
115
- for (String prefix : prefixSet ) {
116
- if (className .startsWith (prefix )) {
117
- return true ;
118
- }
119
- }
120
- return false ;
121
- } finally {
122
- lock .readLock ().unlock ();
123
135
}
136
+ return false ;
124
137
}
125
138
126
139
/**
127
140
* Add class to allow list.
128
141
*
129
- * @param classNameOrPrefix class name or class name prefix ends with *.
142
+ * @param classNameOrPrefix class name or name prefix ends with *.
130
143
*/
131
144
public void allowClass (String classNameOrPrefix ) {
132
145
try {
133
146
lock .writeLock ().lock ();
134
- if (classNameOrPrefix .endsWith ("*" )) {
135
- allowListPrefix .add (classNameOrPrefix .substring (0 , classNameOrPrefix .length () - 1 ));
136
- } else {
137
- allowList .add (classNameOrPrefix );
147
+ allow (classNameOrPrefix );
148
+ } finally {
149
+ lock .writeLock ().unlock ();
150
+ }
151
+ }
152
+
153
+ /**
154
+ * Add classes to allow list.
155
+ *
156
+ * @param classNamesOrPrefixes class names or name prefixes ends with *.
157
+ */
158
+ public void allowClasses (Collection <String > classNamesOrPrefixes ) {
159
+ try {
160
+ lock .writeLock ().lock ();
161
+ for (String namesOrPrefix : classNamesOrPrefixes ) {
162
+ allow (namesOrPrefix );
138
163
}
139
164
} finally {
140
165
lock .writeLock ().unlock ();
141
166
}
142
167
}
143
168
169
+ private void allow (String classNameOrPrefix ) {
170
+ if (classNameOrPrefix .endsWith ("*" )) {
171
+ allowListPrefix .add (classNameOrPrefix .substring (0 , classNameOrPrefix .length () - 1 ));
172
+ } else {
173
+ allowList .add (classNameOrPrefix );
174
+ }
175
+ }
176
+
144
177
/**
145
178
* Add class to disallow list.
146
179
*
@@ -149,35 +182,55 @@ public void allowClass(String classNameOrPrefix) {
149
182
public void disallowClass (String classNameOrPrefix ) {
150
183
try {
151
184
lock .writeLock ().lock ();
152
- if (classNameOrPrefix .endsWith ("*" )) {
153
- String prefix = classNameOrPrefix .substring (0 , classNameOrPrefix .length () - 1 );
154
- disallowListPrefix .add (prefix );
155
- for (ClassResolver classResolver : listeners .keySet ()) {
156
- try {
157
- classResolver .getFury ().getJITContext ().lock ();
158
- // clear serializer may throw NullPointerException for field serialization.
159
- classResolver .setSerializers (prefix , DisallowSerializer .class );
160
- } finally {
161
- classResolver .getFury ().getJITContext ().unlock ();
162
- }
163
- }
164
- } else {
165
- disallowList .add (classNameOrPrefix );
166
- for (ClassResolver classResolver : listeners .keySet ()) {
167
- try {
168
- classResolver .getFury ().getJITContext ().lock ();
169
- // clear serializer may throw NullPointerException for field serialization.
170
- classResolver .setSerializer (classNameOrPrefix , DisallowSerializer .class );
171
- } finally {
172
- classResolver .getFury ().getJITContext ().unlock ();
173
- }
174
- }
185
+ disallow (classNameOrPrefix );
186
+ } finally {
187
+ lock .writeLock ().unlock ();
188
+ }
189
+ }
190
+
191
+ /**
192
+ * Add classes to disallow list.
193
+ *
194
+ * @param classNamesOrPrefixes class names or name prefixes ends with *.
195
+ */
196
+ public void disallowClasses (Collection <String > classNamesOrPrefixes ) {
197
+ try {
198
+ lock .writeLock ().lock ();
199
+ for (String prefix : classNamesOrPrefixes ) {
200
+ disallow (prefix );
175
201
}
176
202
} finally {
177
203
lock .writeLock ().unlock ();
178
204
}
179
205
}
180
206
207
+ private void disallow (String classNameOrPrefix ) {
208
+ if (classNameOrPrefix .endsWith ("*" )) {
209
+ String prefix = classNameOrPrefix .substring (0 , classNameOrPrefix .length () - 1 );
210
+ disallowListPrefix .add (prefix );
211
+ for (ClassResolver classResolver : listeners .keySet ()) {
212
+ try {
213
+ classResolver .getFury ().getJITContext ().lock ();
214
+ // clear serializer may throw NullPointerException for field serialization.
215
+ classResolver .setSerializers (prefix , DisallowSerializer .class );
216
+ } finally {
217
+ classResolver .getFury ().getJITContext ().unlock ();
218
+ }
219
+ }
220
+ } else {
221
+ disallowList .add (classNameOrPrefix );
222
+ for (ClassResolver classResolver : listeners .keySet ()) {
223
+ try {
224
+ classResolver .getFury ().getJITContext ().lock ();
225
+ // clear serializer may throw NullPointerException for field serialization.
226
+ classResolver .setSerializer (classNameOrPrefix , DisallowSerializer .class );
227
+ } finally {
228
+ classResolver .getFury ().getJITContext ().unlock ();
229
+ }
230
+ }
231
+ }
232
+ }
233
+
181
234
/**
182
235
* Add listener to in response to disallow list. So if object of a class is serialized before,
183
236
* future serialization will be refused.
0 commit comments