From 5de70b95169c6af36b8695d32a87b04c04684d4d Mon Sep 17 00:00:00 2001 From: Peter Taoussanis Date: Tue, 25 Aug 2020 23:26:19 +0200 Subject: [PATCH] `*serializable-whitelist*`: support "*" wildcards in class names --- src/taoensso/nippy.clj | 27 ++++++++++++++++++++++----- test/taoensso/nippy/tests/main.clj | 9 ++++++++- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/src/taoensso/nippy.clj b/src/taoensso/nippy.clj index 7dc48ad..02d9d66 100644 --- a/src/taoensso/nippy.clj +++ b/src/taoensso/nippy.clj @@ -305,6 +305,11 @@ See also `swap-serializable-whitelist!`. + Strings in sets may contain \"*\" wildcards. + + See also `taoensso.encore/compile-str-filter`, a util to help + easily build more advanced predicate functions. + ================ Further context: @@ -358,6 +363,15 @@ (comment (.getName (.getSuperclass (.getClass (java.util.concurrent.TimeoutException.))))) +(let [compile-whitelist (enc/memoize_ (fn [x] (if (set? x) (enc/compile-str-filter x) x)))] + (defn- serializable-whitelisted? [class-name] + ((compile-whitelist *serializable-whitelist*) class-name))) + +(comment + (enc/qb 1e5 (serializable-whitelisted? "foo")) + (binding [*serializable-whitelist* #{"foo.*" "bar"}] + (serializable-whitelisted? "foo.bar"))) + (defn set-freeze-fallback! [x] (alter-var-root #'*freeze-fallback* (constantly x))) (defn set-auto-freeze-compressor! [x] (alter-var-root #'*auto-freeze-compressor* (constantly x))) (defn swap-custom-readers! [f] (alter-var-root #'*custom-readers* f)) @@ -367,8 +381,11 @@ - (fn [_old] true) ; Whitelist everything (allow all classes) - (fn [_old] #{}) ; Whitelist nothing (disallow all classes) - - (fn [_old] #{\"java.lang.Throwable\"}) ; Reset class whitelist - - (fn [ old] (conj old \"java.lang.Throwable\"))) ; Add class to whitelist + - (fn [_old] #{\"java.lang.Throwable\"}) ; Reset class whitelist set + - (fn [ old] (conj old \"java.lang.Throwable\"))) ; Add class to whitelist set + - (fn [ old] (conj old \"java.lang.*\")) ; Add classes to whitelist set (note wildcard) + + Strings in sets may contain \"*\" wildcards. See also `*serializable-whitelist*." [f] (alter-var-root #'*serializable-whitelist* f)) @@ -815,7 +832,7 @@ (when (utils/serializable? x) (try (let [class-name (.getName (class x))] ; Reflect - (when (*serializable-whitelist* class-name) + (when (serializable-whitelisted? class-name) (write-serializable out x class-name) true)) (catch Throwable _ nil)))) @@ -1292,7 +1309,7 @@ (defn- read-serializable [^DataInput in class-name] (let [quarantined-ba (read-bytes in)] - (if (*serializable-whitelist* class-name) + (if (serializable-whitelisted? class-name) (read-object (DataInputStream. (ByteArrayInputStream. quarantined-ba)) class-name) {:type :serializable :nippy/unthawable @@ -1300,7 +1317,7 @@ :serializable-whitelist-pass? false}}))) (defn- read-serializable-depr1 [^DataInput in class-name] - (if (*serializable-whitelist* class-name) + (if (serializable-whitelisted? class-name) (read-object in class-name) (throw ; No way to skip bytes, so best we can do is throw (ex-info "Cannot thaw object: `*serializable-whitelist*` check failed. See docstring for details." diff --git a/test/taoensso/nippy/tests/main.clj b/test/taoensso/nippy/tests/main.clj index 2cabcc0..71c6c70 100644 --- a/test/taoensso/nippy/tests/main.clj +++ b/test/taoensso/nippy/tests/main.clj @@ -273,7 +273,14 @@ (binding [nippy/*serializable-whitelist* #{"java.util.concurrent.Semaphore"}] (nippy/thaw (nippy/freeze (java.util.concurrent.Semaphore. 1))))) - "Can freeze and thaw Serializable object if approved by whitelist")) + "Can freeze and thaw Serializable object if approved by whitelist") + + (is + (instance? java.util.concurrent.Semaphore + (binding [nippy/*serializable-whitelist* #{"java.util.concurrent.*"}] + (nippy/thaw (nippy/freeze (java.util.concurrent.Semaphore. 1))))) + + "Strings in whitelist sets may contain \"*\" wildcards")) ;;;; Benchmarks