You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by al...@apache.org on 2021/09/08 03:29:46 UTC
[dubbo] branch master updated: 2.7.13 fix add serialize check
switch (#8648)
This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/master by this push:
new 2667985 2.7.13 fix add serialize check switch (#8648)
2667985 is described below
commit 2667985e527f46d3df27d0b74d0cb12cc3c2cbd2
Author: Owen.Cai <89...@qq.com>
AuthorDate: Wed Sep 8 11:29:30 2021 +0800
2.7.13 fix add serialize check switch (#8648)
* add code
* use config to read config for SerializeClassChecker
---
.../org/apache/dubbo/common/utils/SerializeClassChecker.java | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java
index 2693095..477eeec 100644
--- a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java
+++ b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeClassChecker.java
@@ -17,6 +17,7 @@
package org.apache.dubbo.common.utils;
import org.apache.dubbo.common.beanutil.JavaBeanSerializeUtil;
+import org.apache.dubbo.common.config.ConfigurationUtils;
import org.apache.dubbo.common.constants.CommonConstants;
import org.apache.dubbo.common.logger.Logger;
import org.apache.dubbo.common.logger.LoggerFactory;
@@ -44,10 +45,11 @@ public class SerializeClassChecker {
private final AtomicLong counter = new AtomicLong(0);
private SerializeClassChecker() {
- String openCheckClass = System.getProperty(CommonConstants.CLASS_DESERIALIZE_OPEN_CHECK, "true");
+ String openCheckClass = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_OPEN_CHECK, "true");
OPEN_CHECK_CLASS = Boolean.parseBoolean(openCheckClass);
- String blockAllClassExceptAllow = System.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCK_ALL, "false");
+ String blockAllClassExceptAllow = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCK_ALL, "false");
+
BLOCK_ALL_CLASS_EXCEPT_ALLOW = Boolean.parseBoolean(blockAllClassExceptAllow);
String[] lines;
@@ -70,8 +72,8 @@ public class SerializeClassChecker {
logger.error("Failed to load blocked class list! Will ignore default blocked list.", e);
}
- String allowedClassList = System.getProperty(CommonConstants.CLASS_DESERIALIZE_ALLOWED_LIST, "").trim().toLowerCase(Locale.ROOT);
- String blockedClassList = System.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCKED_LIST, "").trim().toLowerCase(Locale.ROOT);
+ String allowedClassList = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_ALLOWED_LIST, "").trim().toLowerCase(Locale.ROOT);
+ String blockedClassList = ConfigurationUtils.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCKED_LIST, "").trim().toLowerCase(Locale.ROOT);
if (StringUtils.isNotEmpty(allowedClassList)) {
String[] classStrings = allowedClassList.trim().split(",");