Package ch.qos.logback.core.net

Class HardenedObjectInputStream

  • All Implemented Interfaces:
    java.io.Closeable, java.io.DataInput, java.io.ObjectInput, java.io.ObjectStreamConstants, java.lang.AutoCloseable
    Direct Known Subclasses:
    HardenedLoggingEventInputStream
    @Deprecated(since="2022-01-27")
public class HardenedObjectInputStream
extends java.io.ObjectInputStream
    Deprecated.
    This internal logback API is not supported by AEM as a Cloud Service.
    HardenedObjectInputStream restricts the set of classes that can be deserialized to a set of explicitly whitelisted classes. This prevents certain type of attacks from being successful.

    It is assumed that classes in the "java.lang" and "java.util" packages are always authorized.

    Since:
    1.2.0

    • Nested Class Summary

      • Nested classes/interfaces inherited from class java.io.ObjectInputStream

        java.io.ObjectInputStream.GetField

    • Field Summary

      • Fields inherited from interface java.io.ObjectStreamConstants

        baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING

    • Constructor Summary

      Constructors 
      Constructor Description
      HardenedObjectInputStream​(java.io.InputStream in, java.lang.String[] whilelist)
      Deprecated.
       
      HardenedObjectInputStream​(java.io.InputStream in, java.util.List<java.lang.String> whitelist)
      Deprecated.
       

    • Method Summary

      • Methods inherited from class java.io.ObjectInputStream

        available, close, defaultReadObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readShort, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, setObjectInputFilter, skipBytes

      • Methods inherited from class java.io.InputStream

        mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface java.io.ObjectInput

        read, skip

    • Constructor Detail

      • HardenedObjectInputStream

        public HardenedObjectInputStream​(java.io.InputStream in,
                                 java.lang.String[] whilelist)
                          throws java.io.IOException
        Deprecated.
        Throws:
        java.io.IOException

      • HardenedObjectInputStream

        public HardenedObjectInputStream​(java.io.InputStream in,
                                 java.util.List<java.lang.String> whitelist)
                          throws java.io.IOException
        Deprecated.
        Throws:
        java.io.IOException