ch.qos.logback/logback-core/1.2.3 : ch/qos/logback/core/net/HardenedObjectInputStream.class

HardenedObjectInputStream
http://logback.qos.ch/logback-core: logback-core module (QOS.ch)
Ceki Gulcu
Joern Huxhorn
public class ch.qos.logback.core.net.HardenedObjectInputStream extends java.io.ObjectInputStream
  minor version: 0
  major version: 59
  flags: flags: (0x0021) ACC_PUBLIC, ACC_SUPER
  this_class: ch.qos.logback.core.net.HardenedObjectInputStream
  super_class: java.io.ObjectInputStream
{
  final java.util.List<java.lang.String> whitelistedClassNames;
    descriptor: Ljava/util/List;
    flags: (0x0010) ACC_FINAL
    Signature: Ljava/util/List<Ljava/lang/String;>;

  static final java.lang.String[] JAVA_PACKAGES;
    descriptor: [Ljava/lang/String;
    flags: (0x0018) ACC_STATIC, ACC_FINAL

  static void <clinit>();
    descriptor: ()V
    flags: (0x0008) ACC_STATIC
    Code:
      stack=4, locals=0, args_size=0
         0: .line 24
            iconst_2
            anewarray java.lang.String
            dup
            iconst_0
            ldc "java.lang"
            aastore
            dup
            iconst_1
            ldc "java.util"
            aastore
            putstatic ch.qos.logback.core.net.HardenedObjectInputStream.JAVA_PACKAGES:[Ljava/lang/String;
            return
      LocalVariableTable:
        Start  End  Slot  Name  Signature

  public void <init>(java.io.InputStream, java.lang.String[]);
    descriptor: (Ljava/io/InputStream;[Ljava/lang/String;)V
    flags: (0x0001) ACC_PUBLIC
    Code:
      stack=3, locals=4, args_size=3
        start local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
        start local 1 // java.io.InputStream in
        start local 2 // java.lang.String[] whilelist
         0: .line 27
            aload 0 /* this */
            aload 1 /* in */
            invokespecial java.io.ObjectInputStream.<init>:(Ljava/io/InputStream;)V
         1: .line 29
            aload 0 /* this */
            new java.util.ArrayList
            dup
            invokespecial java.util.ArrayList.<init>:()V
            putfield ch.qos.logback.core.net.HardenedObjectInputStream.whitelistedClassNames:Ljava/util/List;
         2: .line 30
            aload 2 /* whilelist */
            ifnull 8
         3: .line 31
            iconst_0
            istore 3 /* i */
        start local 3 // int i
         4: goto 7
         5: .line 32
      StackMap locals: ch.qos.logback.core.net.HardenedObjectInputStream java.io.InputStream java.lang.String[] int
      StackMap stack:
            aload 0 /* this */
            getfield ch.qos.logback.core.net.HardenedObjectInputStream.whitelistedClassNames:Ljava/util/List;
            aload 2 /* whilelist */
            iload 3 /* i */
            aaload
            invokeinterface java.util.List.add:(Ljava/lang/Object;)Z
            pop
         6: .line 31
            iinc 3 /* i */ 1
      StackMap locals:
      StackMap stack:
         7: iload 3 /* i */
            aload 2 /* whilelist */
            arraylength
            if_icmplt 5
        end local 3 // int i
         8: .line 35
      StackMap locals:
      StackMap stack:
            return
        end local 2 // java.lang.String[] whilelist
        end local 1 // java.io.InputStream in
        end local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
      LocalVariableTable:
        Start  End  Slot       Name  Signature
            0    9     0       this  Lch/qos/logback/core/net/HardenedObjectInputStream;
            0    9     1         in  Ljava/io/InputStream;
            0    9     2  whilelist  [Ljava/lang/String;
            4    8     3          i  I
    Exceptions:
      throws java.io.IOException
    MethodParameters:
           Name  Flags
      in         
      whilelist  

  public void <init>(java.io.InputStream, java.util.List<java.lang.String>);
    descriptor: (Ljava/io/InputStream;Ljava/util/List;)V
    flags: (0x0001) ACC_PUBLIC
    Code:
      stack=3, locals=3, args_size=3
        start local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
        start local 1 // java.io.InputStream in
        start local 2 // java.util.List whitelist
         0: .line 38
            aload 0 /* this */
            aload 1 /* in */
            invokespecial java.io.ObjectInputStream.<init>:(Ljava/io/InputStream;)V
         1: .line 40
            aload 0 /* this */
            new java.util.ArrayList
            dup
            invokespecial java.util.ArrayList.<init>:()V
            putfield ch.qos.logback.core.net.HardenedObjectInputStream.whitelistedClassNames:Ljava/util/List;
         2: .line 41
            aload 0 /* this */
            getfield ch.qos.logback.core.net.HardenedObjectInputStream.whitelistedClassNames:Ljava/util/List;
            aload 2 /* whitelist */
            invokeinterface java.util.List.addAll:(Ljava/util/Collection;)Z
            pop
         3: .line 42
            return
        end local 2 // java.util.List whitelist
        end local 1 // java.io.InputStream in
        end local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
      LocalVariableTable:
        Start  End  Slot       Name  Signature
            0    4     0       this  Lch/qos/logback/core/net/HardenedObjectInputStream;
            0    4     1         in  Ljava/io/InputStream;
            0    4     2  whitelist  Ljava/util/List<Ljava/lang/String;>;
    Exceptions:
      throws java.io.IOException
    Signature: (Ljava/io/InputStream;Ljava/util/List<Ljava/lang/String;>;)V
    MethodParameters:
           Name  Flags
      in         
      whitelist  

  protected java.lang.Class<?> resolveClass(java.io.ObjectStreamClass);
    descriptor: (Ljava/io/ObjectStreamClass;)Ljava/lang/Class;
    flags: (0x0004) ACC_PROTECTED
    Code:
      stack=4, locals=3, args_size=2
        start local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
        start local 1 // java.io.ObjectStreamClass anObjectStreamClass
         0: .line 47
            aload 1 /* anObjectStreamClass */
            invokevirtual java.io.ObjectStreamClass.getName:()Ljava/lang/String;
            astore 2 /* incomingClassName */
        start local 2 // java.lang.String incomingClassName
         1: .line 49
            aload 0 /* this */
            aload 2 /* incomingClassName */
            invokevirtual ch.qos.logback.core.net.HardenedObjectInputStream.isWhitelisted:(Ljava/lang/String;)Z
            ifne 3
         2: .line 50
            new java.io.InvalidClassException
            dup
            ldc "Unauthorized deserialization attempt"
            aload 1 /* anObjectStreamClass */
            invokevirtual java.io.ObjectStreamClass.getName:()Ljava/lang/String;
            invokespecial java.io.InvalidClassException.<init>:(Ljava/lang/String;Ljava/lang/String;)V
            athrow
         3: .line 53
      StackMap locals: java.lang.String
      StackMap stack:
            aload 0 /* this */
            aload 1 /* anObjectStreamClass */
            invokespecial java.io.ObjectInputStream.resolveClass:(Ljava/io/ObjectStreamClass;)Ljava/lang/Class;
            areturn
        end local 2 // java.lang.String incomingClassName
        end local 1 // java.io.ObjectStreamClass anObjectStreamClass
        end local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
      LocalVariableTable:
        Start  End  Slot                 Name  Signature
            0    4     0                 this  Lch/qos/logback/core/net/HardenedObjectInputStream;
            0    4     1  anObjectStreamClass  Ljava/io/ObjectStreamClass;
            1    4     2    incomingClassName  Ljava/lang/String;
    Exceptions:
      throws java.io.IOException, java.lang.ClassNotFoundException
    Signature: (Ljava/io/ObjectStreamClass;)Ljava/lang/Class<*>;
    MethodParameters:
                     Name  Flags
      anObjectStreamClass  

  private boolean isWhitelisted(java.lang.String);
    descriptor: (Ljava/lang/String;)Z
    flags: (0x0002) ACC_PRIVATE
    Code:
      stack=3, locals=4, args_size=2
        start local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
        start local 1 // java.lang.String incomingClassName
         0: .line 57
            iconst_0
            istore 2 /* i */
        start local 2 // int i
         1: goto 5
         2: .line 58
      StackMap locals: int
      StackMap stack:
            aload 1 /* incomingClassName */
            getstatic ch.qos.logback.core.net.HardenedObjectInputStream.JAVA_PACKAGES:[Ljava/lang/String;
            iload 2 /* i */
            aaload
            invokevirtual java.lang.String.startsWith:(Ljava/lang/String;)Z
            ifeq 4
         3: .line 59
            iconst_1
            ireturn
         4: .line 57
      StackMap locals:
      StackMap stack:
            iinc 2 /* i */ 1
      StackMap locals:
      StackMap stack:
         5: iload 2 /* i */
            getstatic ch.qos.logback.core.net.HardenedObjectInputStream.JAVA_PACKAGES:[Ljava/lang/String;
            arraylength
            if_icmplt 2
        end local 2 // int i
         6: .line 61
            aload 0 /* this */
            getfield ch.qos.logback.core.net.HardenedObjectInputStream.whitelistedClassNames:Ljava/util/List;
            invokeinterface java.util.List.iterator:()Ljava/util/Iterator;
            astore 3
            goto 10
      StackMap locals: ch.qos.logback.core.net.HardenedObjectInputStream java.lang.String top java.util.Iterator
      StackMap stack:
         7: aload 3
            invokeinterface java.util.Iterator.next:()Ljava/lang/Object;
            checkcast java.lang.String
            astore 2 /* whiteListed */
        start local 2 // java.lang.String whiteListed
         8: .line 62
            aload 1 /* incomingClassName */
            aload 2 /* whiteListed */
            invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
            ifeq 10
         9: .line 63
            iconst_1
            ireturn
        end local 2 // java.lang.String whiteListed
        10: .line 61
      StackMap locals:
      StackMap stack:
            aload 3
            invokeinterface java.util.Iterator.hasNext:()Z
            ifne 7
        11: .line 65
            iconst_0
            ireturn
        end local 1 // java.lang.String incomingClassName
        end local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
      LocalVariableTable:
        Start  End  Slot               Name  Signature
            0   12     0               this  Lch/qos/logback/core/net/HardenedObjectInputStream;
            0   12     1  incomingClassName  Ljava/lang/String;
            1    6     2                  i  I
            8   10     2        whiteListed  Ljava/lang/String;
    MethodParameters:
                   Name  Flags
      incomingClassName  

  protected void addToWhitelist(java.util.List<java.lang.String>);
    descriptor: (Ljava/util/List;)V
    flags: (0x0004) ACC_PROTECTED
    Code:
      stack=2, locals=2, args_size=2
        start local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
        start local 1 // java.util.List additionalAuthorizedClasses
         0: .line 69
            aload 0 /* this */
            getfield ch.qos.logback.core.net.HardenedObjectInputStream.whitelistedClassNames:Ljava/util/List;
            aload 1 /* additionalAuthorizedClasses */
            invokeinterface java.util.List.addAll:(Ljava/util/Collection;)Z
            pop
         1: .line 70
            return
        end local 1 // java.util.List additionalAuthorizedClasses
        end local 0 // ch.qos.logback.core.net.HardenedObjectInputStream this
      LocalVariableTable:
        Start  End  Slot                         Name  Signature
            0    2     0                         this  Lch/qos/logback/core/net/HardenedObjectInputStream;
            0    2     1  additionalAuthorizedClasses  Ljava/util/List<Ljava/lang/String;>;
    Signature: (Ljava/util/List<Ljava/lang/String;>;)V
    MethodParameters:
                             Name  Flags
      additionalAuthorizedClasses  
}
SourceFile: "HardenedObjectInputStream.java"
/

ch.qos.logback/ logback-core/ 1.2.3/ ch/qos/logback/core/net/HardenedObjectInputStream.class
