You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by GitBox <gi...@apache.org> on 2019/11/07 06:52:18 UTC

[GitHub] [httpcomponents-client] oloflarsson opened a new pull request #171: feature/improve-tests-for-restrictedobjectinputstream

oloflarsson opened a new pull request #171: feature/improve-tests-for-restrictedobjectinputstream
URL: https://github.com/apache/httpcomponents-client/pull/171
 
 
   @ok2c Thank you for the quick merge of my previous pull requests. It in fact happened much faster than I expected. Was expecting some feedback and iterations 😄. In this pull request I have improved the testability of the whitelist and added a bunch of unit tests.
   
   I took some inspiration from this blacklist: https://github.com/ikkisoft/SerialKiller/blob/master/config/serialkiller.conf
   
   Notably these unit tests would catch a future addition of vulnerabilities in "org.apache.commons.collections..." which might be good to avoid hypothetical future mistakes.
   
   Also we can now feel more certain the regexes do what I intended them to. Looks like they did (this pull request does not change them), but better write some tests to be on the safe side.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org