You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by al...@apache.org on 2021/09/08 03:29:46 UTC

[dubbo] branch master updated: 2.7.13 fix add serialize check switch (#8648)

This is an automated email from the ASF dual-hosted git repository.

albumenj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo.git


The following commit(s) were added to refs/heads/master by this push:
     new 2667985  2.7.13 fix add serialize check switch (#8648)
2667985 is described below

commit 2667985e527f46d3df27d0b74d0cb12cc3c2cbd2
Author: Owen.Cai <89...@qq.com>
AuthorDate: Wed Sep 8 11:29:30 2021 +0800

    2.7.13 fix add serialize check switch (#8648)
    
    * add code
    
    * use config to read config for SerializeClassChecker
---
 .../org/apache/dubbo/common/utils/SerializeClassChecker.java   | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java
index 2693095..477eeec 100644
--- a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java
+++ b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java
@@ -17,6 +17,7 @@
 package org.apache.dubbo.common.utils;
 
 import org.apache.dubbo.common.beanutil.JavaBeanSerializeUtil;
+import org.apache.dubbo.common.config.ConfigurationUtils;
 import org.apache.dubbo.common.constants.CommonConstants;
 import org.apache.dubbo.common.logger.Logger;
 import org.apache.dubbo.common.logger.LoggerFactory;
@@ -44,10 +45,11 @@ public class SerializeClassChecker {
     private final AtomicLong counter = new AtomicLong(0);
 
     private SerializeClassChecker() {
-        String openCheckClass = System.getProperty(CommonConstants.CLASS_DESERIALIZE_OPEN_CHECK, "true");
+        String openCheckClass = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_OPEN_CHECK, "true");
         OPEN_CHECK_CLASS = Boolean.parseBoolean(openCheckClass);
 
-        String blockAllClassExceptAllow = System.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCK_ALL, "false");
+        String blockAllClassExceptAllow = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCK_ALL, "false");
+
         BLOCK_ALL_CLASS_EXCEPT_ALLOW = Boolean.parseBoolean(blockAllClassExceptAllow);
 
         String[] lines;
@@ -70,8 +72,8 @@ public class SerializeClassChecker {
             logger.error("Failed to load blocked class list! Will ignore default blocked list.", e);
         }
 
-        String allowedClassList = System.getProperty(CommonConstants.CLASS_DESERIALIZE_ALLOWED_LIST, "").trim().toLowerCase(Locale.ROOT);
-        String blockedClassList = System.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCKED_LIST, "").trim().toLowerCase(Locale.ROOT);
+        String allowedClassList = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_ALLOWED_LIST, "").trim().toLowerCase(Locale.ROOT);
+        String blockedClassList = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCKED_LIST, "").trim().toLowerCase(Locale.ROOT);
 
         if (StringUtils.isNotEmpty(allowedClassList)) {
             String[] classStrings = allowedClassList.trim().split(",");