You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2021/12/15 00:18:55 UTC
[commons-net] branch master updated: Prevent serialization
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-net.git
The following commit(s) were added to refs/heads/master by this push:
new 991b775 Prevent serialization
991b775 is described below
commit 991b775f2052e150c4c16d1c1cd2073021d40c2e
Author: Sebb <se...@apache.org>
AuthorDate: Wed Dec 15 00:18:48 2021 +0000
Prevent serialization
It is not useful and is unlikely to work properly.
---
src/changes/changes.xml | 4 ++++
.../apache/commons/net/ProtocolCommandSupport.java | 18 +++++++++++++++++-
.../java/org/apache/commons/net/ftp/FTPFile.java | 20 +++++++++++++++++++-
.../java/org/apache/commons/net/ntp/TimeStamp.java | 16 ++++++++++++++++
.../org/apache/commons/net/util/ListenerList.java | 15 +++++++++++++++
5 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 95fbce2..d388412 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -92,6 +92,10 @@ The <action> type attribute can be add,update,fix,remove.
[FTP] Add FTPFile.getTimestampInstant().
</action>
<!-- UPDATE -->
+ <action type="update" dev="sebb">
+ Prevent serialization of the 4 classes that implement Serializable.
+ It is not useful and is unlikely to work properly.
+ </action>
<action type="update" dev="ggregory" due-to="Dependabot">
Bump junit from 4.13.1 to 4.13.2 #74.
</action>
diff --git a/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java b/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
index c2e409d..9057d55 100644
--- a/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
+++ b/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
@@ -17,6 +17,8 @@
package org.apache.commons.net;
+import java.io.IOException;
+import java.io.ObjectStreamException;
import java.io.Serializable;
import java.util.EventListener;
@@ -131,5 +133,19 @@ public class ProtocolCommandSupport implements Serializable
listeners.removeListener(listener);
}
-}
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable attribute can be dropped.
+ */
+ private void writeObject(java.io.ObjectOutputStream out) throws IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
+}
diff --git a/src/main/java/org/apache/commons/net/ftp/FTPFile.java b/src/main/java/org/apache/commons/net/ftp/FTPFile.java
index b7ea2fe..fa45ccb 100644
--- a/src/main/java/org/apache/commons/net/ftp/FTPFile.java
+++ b/src/main/java/org/apache/commons/net/ftp/FTPFile.java
@@ -17,6 +17,7 @@
package org.apache.commons.net.ftp;
+import java.io.IOException;
import java.io.Serializable;
import java.time.Instant;
import java.util.Calendar;
@@ -82,7 +83,7 @@ public class FTPFile implements Serializable {
private Calendar calendar;
/** If this is null, then list entry parsing failed. */
- private final boolean[] permissions[]; // e.g. _permissions[USER_ACCESS][READ_PERMISSION]
+ private final boolean[][] permissions; // e.g. _permissions[USER_ACCESS][READ_PERMISSION]
/** Creates an empty FTPFile. */
public FTPFile() {
@@ -475,4 +476,21 @@ public class FTPFile implements Serializable {
public String toString() {
return getRawListing();
}
+
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable attribute can be dropped.
+ */
+
+ private void writeObject(java.io.ObjectOutputStream out) throws IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
+
}
diff --git a/src/main/java/org/apache/commons/net/ntp/TimeStamp.java b/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
index d31dafb..ec66ab7 100644
--- a/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
+++ b/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
@@ -18,6 +18,7 @@ package org.apache.commons.net.ntp;
+import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
@@ -449,4 +450,19 @@ public class TimeStamp implements java.io.Serializable, Comparable<TimeStamp>
return utcFormatter.format(ntpDate);
}
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable attribute can be dropped.
+ */
+
+ private void writeObject(java.io.ObjectOutputStream out) throws IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
}
diff --git a/src/main/java/org/apache/commons/net/util/ListenerList.java b/src/main/java/org/apache/commons/net/util/ListenerList.java
index 2db5a3a..de1bb09 100644
--- a/src/main/java/org/apache/commons/net/util/ListenerList.java
+++ b/src/main/java/org/apache/commons/net/util/ListenerList.java
@@ -63,4 +63,19 @@ public class ListenerList implements Serializable, Iterable<EventListener>
listeners.remove(listener);
}
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable attribute can be dropped.
+ */
+
+ private void writeObject(java.io.ObjectOutputStream out) throws IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not supported");
+ }
+
}
Re: [commons-net] branch master updated: Prevent serialization
Posted by sebb <se...@gmail.com>.
On Wed, 15 Dec 2021 at 00:30, Gary Gregory <ga...@gmail.com> wrote:
>
> Why not import java.io.ObjectOutputStream instead of always using the fully
> qualified class name?
Because I copy-pasted the signature.
Feel free to fix it.
> Gary
>
> ---------- Forwarded message ---------
> From: <se...@apache.org>
> Date: Tue, Dec 14, 2021 at 7:19 PM
> Subject: [commons-net] branch master updated: Prevent serialization
> To: commits@commons.apache.org <co...@commons.apache.org>
>
>
> This is an automated email from the ASF dual-hosted git repository.
>
> sebb pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/commons-net.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 991b775 Prevent serialization
> 991b775 is described below
>
> commit 991b775f2052e150c4c16d1c1cd2073021d40c2e
> Author: Sebb <se...@apache.org>
> AuthorDate: Wed Dec 15 00:18:48 2021 +0000
>
> Prevent serialization
>
> It is not useful and is unlikely to work properly.
> ---
> src/changes/changes.xml | 4 ++++
> .../apache/commons/net/ProtocolCommandSupport.java | 18
> +++++++++++++++++-
> .../java/org/apache/commons/net/ftp/FTPFile.java | 20
> +++++++++++++++++++-
> .../java/org/apache/commons/net/ntp/TimeStamp.java | 16 ++++++++++++++++
> .../org/apache/commons/net/util/ListenerList.java | 15 +++++++++++++++
> 5 files changed, 71 insertions(+), 2 deletions(-)
>
> diff --git a/src/changes/changes.xml b/src/changes/changes.xml
> index 95fbce2..d388412 100644
> --- a/src/changes/changes.xml
> +++ b/src/changes/changes.xml
> @@ -92,6 +92,10 @@ The <action> type attribute can be add,update,fix,remove.
> [FTP] Add FTPFile.getTimestampInstant().
> </action>
> <!-- UPDATE -->
> + <action type="update" dev="sebb">
> + Prevent serialization of the 4 classes that implement Serializable.
> + It is not useful and is unlikely to work properly.
> + </action>
> <action type="update" dev="ggregory" due-to="Dependabot">
> Bump junit from 4.13.1 to 4.13.2 #74.
> </action>
> diff --git
> a/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
> b/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
> index c2e409d..9057d55 100644
> --- a/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
> +++ b/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
> @@ -17,6 +17,8 @@
>
> package org.apache.commons.net;
>
> +import java.io.IOException;
> +import java.io.ObjectStreamException;
> import java.io.Serializable;
> import java.util.EventListener;
>
> @@ -131,5 +133,19 @@ public class ProtocolCommandSupport implements
> Serializable
> listeners.removeListener(listener);
> }
>
> -}
> + /*
> + Serialization is unnecessary for this class.
> + Reject attempts to do so until such time as the Serializable
> attribute can be dropped.
> + */
>
> + private void writeObject(java.io.ObjectOutputStream out) throws
> IOException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> + private void readObject(java.io.ObjectInputStream in) throws
> IOException, ClassNotFoundException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> +}
> diff --git a/src/main/java/org/apache/commons/net/ftp/FTPFile.java
> b/src/main/java/org/apache/commons/net/ftp/FTPFile.java
> index b7ea2fe..fa45ccb 100644
> --- a/src/main/java/org/apache/commons/net/ftp/FTPFile.java
> +++ b/src/main/java/org/apache/commons/net/ftp/FTPFile.java
> @@ -17,6 +17,7 @@
>
> package org.apache.commons.net.ftp;
>
> +import java.io.IOException;
> import java.io.Serializable;
> import java.time.Instant;
> import java.util.Calendar;
> @@ -82,7 +83,7 @@ public class FTPFile implements Serializable {
> private Calendar calendar;
>
> /** If this is null, then list entry parsing failed. */
> - private final boolean[] permissions[]; // e.g.
> _permissions[USER_ACCESS][READ_PERMISSION]
> + private final boolean[][] permissions; // e.g.
> _permissions[USER_ACCESS][READ_PERMISSION]
>
> /** Creates an empty FTPFile. */
> public FTPFile() {
> @@ -475,4 +476,21 @@ public class FTPFile implements Serializable {
> public String toString() {
> return getRawListing();
> }
> +
> + /*
> + Serialization is unnecessary for this class.
> + Reject attempts to do so until such time as the Serializable
> attribute can be dropped.
> + */
> +
> + private void writeObject(java.io.ObjectOutputStream out) throws
> IOException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> + private void readObject(java.io.ObjectInputStream in) throws
> IOException, ClassNotFoundException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> +
> }
> diff --git a/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
> b/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
> index d31dafb..ec66ab7 100644
> --- a/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
> +++ b/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
> @@ -18,6 +18,7 @@ package org.apache.commons.net.ntp;
>
>
>
> +import java.io.IOException;
> import java.text.DateFormat;
> import java.text.SimpleDateFormat;
> import java.util.Date;
> @@ -449,4 +450,19 @@ public class TimeStamp implements
> java.io.Serializable, Comparable<TimeStamp>
> return utcFormatter.format(ntpDate);
> }
>
> + /*
> + Serialization is unnecessary for this class.
> + Reject attempts to do so until such time as the Serializable
> attribute can be dropped.
> + */
> +
> + private void writeObject(java.io.ObjectOutputStream out) throws
> IOException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> + private void readObject(java.io.ObjectInputStream in) throws
> IOException, ClassNotFoundException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> }
> diff --git a/src/main/java/org/apache/commons/net/util/ListenerList.java
> b/src/main/java/org/apache/commons/net/util/ListenerList.java
> index 2db5a3a..de1bb09 100644
> --- a/src/main/java/org/apache/commons/net/util/ListenerList.java
> +++ b/src/main/java/org/apache/commons/net/util/ListenerList.java
> @@ -63,4 +63,19 @@ public class ListenerList implements Serializable,
> Iterable<EventListener>
> listeners.remove(listener);
> }
>
> + /*
> + Serialization is unnecessary for this class.
> + Reject attempts to do so until such time as the Serializable
> attribute can be dropped.
> + */
> +
> + private void writeObject(java.io.ObjectOutputStream out) throws
> IOException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> + private void readObject(java.io.ObjectInputStream in) throws
> IOException, ClassNotFoundException
> + {
> + throw new UnsupportedOperationException("Serialization is not
> supported");
> + }
> +
> }
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Fwd: [commons-net] branch master updated: Prevent serialization
Posted by Gary Gregory <ga...@gmail.com>.
Why not import java.io.ObjectOutputStream instead of always using the fully
qualified class name?
Gary
---------- Forwarded message ---------
From: <se...@apache.org>
Date: Tue, Dec 14, 2021 at 7:19 PM
Subject: [commons-net] branch master updated: Prevent serialization
To: commits@commons.apache.org <co...@commons.apache.org>
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-net.git
The following commit(s) were added to refs/heads/master by this push:
new 991b775 Prevent serialization
991b775 is described below
commit 991b775f2052e150c4c16d1c1cd2073021d40c2e
Author: Sebb <se...@apache.org>
AuthorDate: Wed Dec 15 00:18:48 2021 +0000
Prevent serialization
It is not useful and is unlikely to work properly.
---
src/changes/changes.xml | 4 ++++
.../apache/commons/net/ProtocolCommandSupport.java | 18
+++++++++++++++++-
.../java/org/apache/commons/net/ftp/FTPFile.java | 20
+++++++++++++++++++-
.../java/org/apache/commons/net/ntp/TimeStamp.java | 16 ++++++++++++++++
.../org/apache/commons/net/util/ListenerList.java | 15 +++++++++++++++
5 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 95fbce2..d388412 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -92,6 +92,10 @@ The <action> type attribute can be add,update,fix,remove.
[FTP] Add FTPFile.getTimestampInstant().
</action>
<!-- UPDATE -->
+ <action type="update" dev="sebb">
+ Prevent serialization of the 4 classes that implement Serializable.
+ It is not useful and is unlikely to work properly.
+ </action>
<action type="update" dev="ggregory" due-to="Dependabot">
Bump junit from 4.13.1 to 4.13.2 #74.
</action>
diff --git
a/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
b/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
index c2e409d..9057d55 100644
--- a/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
+++ b/src/main/java/org/apache/commons/net/ProtocolCommandSupport.java
@@ -17,6 +17,8 @@
package org.apache.commons.net;
+import java.io.IOException;
+import java.io.ObjectStreamException;
import java.io.Serializable;
import java.util.EventListener;
@@ -131,5 +133,19 @@ public class ProtocolCommandSupport implements
Serializable
listeners.removeListener(listener);
}
-}
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable
attribute can be dropped.
+ */
+ private void writeObject(java.io.ObjectOutputStream out) throws
IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws
IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
+}
diff --git a/src/main/java/org/apache/commons/net/ftp/FTPFile.java
b/src/main/java/org/apache/commons/net/ftp/FTPFile.java
index b7ea2fe..fa45ccb 100644
--- a/src/main/java/org/apache/commons/net/ftp/FTPFile.java
+++ b/src/main/java/org/apache/commons/net/ftp/FTPFile.java
@@ -17,6 +17,7 @@
package org.apache.commons.net.ftp;
+import java.io.IOException;
import java.io.Serializable;
import java.time.Instant;
import java.util.Calendar;
@@ -82,7 +83,7 @@ public class FTPFile implements Serializable {
private Calendar calendar;
/** If this is null, then list entry parsing failed. */
- private final boolean[] permissions[]; // e.g.
_permissions[USER_ACCESS][READ_PERMISSION]
+ private final boolean[][] permissions; // e.g.
_permissions[USER_ACCESS][READ_PERMISSION]
/** Creates an empty FTPFile. */
public FTPFile() {
@@ -475,4 +476,21 @@ public class FTPFile implements Serializable {
public String toString() {
return getRawListing();
}
+
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable
attribute can be dropped.
+ */
+
+ private void writeObject(java.io.ObjectOutputStream out) throws
IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws
IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
+
}
diff --git a/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
b/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
index d31dafb..ec66ab7 100644
--- a/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
+++ b/src/main/java/org/apache/commons/net/ntp/TimeStamp.java
@@ -18,6 +18,7 @@ package org.apache.commons.net.ntp;
+import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
@@ -449,4 +450,19 @@ public class TimeStamp implements
java.io.Serializable, Comparable<TimeStamp>
return utcFormatter.format(ntpDate);
}
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable
attribute can be dropped.
+ */
+
+ private void writeObject(java.io.ObjectOutputStream out) throws
IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws
IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
}
diff --git a/src/main/java/org/apache/commons/net/util/ListenerList.java
b/src/main/java/org/apache/commons/net/util/ListenerList.java
index 2db5a3a..de1bb09 100644
--- a/src/main/java/org/apache/commons/net/util/ListenerList.java
+++ b/src/main/java/org/apache/commons/net/util/ListenerList.java
@@ -63,4 +63,19 @@ public class ListenerList implements Serializable,
Iterable<EventListener>
listeners.remove(listener);
}
+ /*
+ Serialization is unnecessary for this class.
+ Reject attempts to do so until such time as the Serializable
attribute can be dropped.
+ */
+
+ private void writeObject(java.io.ObjectOutputStream out) throws
IOException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws
IOException, ClassNotFoundException
+ {
+ throw new UnsupportedOperationException("Serialization is not
supported");
+ }
+
}