You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (Jira)" <ji...@apache.org> on 2019/11/06 15:44:00 UTC

[jira] [Commented] (HTTPCLIENT-2023) Whitelist Char Array in DefaultHttpCacheEntrySerializer

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-2023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16968450#comment-16968450 ] 

Oleg Kalnichevski commented on HTTPCLIENT-2023:
-----------------------------------------------

[~Olof Larsson] The best and fastest way to see this happen is by submitting a PR at Github.

Oleg 

> Whitelist Char Array in DefaultHttpCacheEntrySerializer
> -------------------------------------------------------
>
>                 Key: HTTPCLIENT-2023
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2023
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpCache
>    Affects Versions: 4.5.10
>            Reporter: Olof Larsson
>            Priority: Major
>
> *Intro*
>  Please add char array to ALLOWED_CLASS_PATTERNS in DefaultHttpCacheEntrySerializer.
> *Further Explanation*
>  The current ALLOWED_CLASS_PATTERNS looks like this:
> {code:java}
> private static final List<Pattern> ALLOWED_CLASS_PATTERNS = Collections.unmodifiableList(Arrays.asList(
>         Pattern.compile("^(\\[L)?org\\.apache\\.http\\.(.*)"),
>         Pattern.compile("^(\\[L)?java\\.util\\.(.*)"),
>         Pattern.compile("^(\\[L)?java\\.lang\\.(.*)$"),
>         Pattern.compile("^\\[B$")));
> {code}
> As we can se byte arrays are allowed (at the end) but not char arrays. This currently blocks me from upgrading from 4.5.8 to 4.5.10 because the HttpCacheEntry may contain char arrays.
> The field "HttpCacheEntry.responseHeaders.headers" can be of the implementing type "BufferedHeader" which contains a "private final CharArrayBuffer buffer;" field, which contains "private char[] buffer;".
> *Proposed Solution*
>  Maybe it would make sense to *whitelist all arrays of primitives* (as opposed to just arrays of bytes)? That way future code changes does not risk breaking the DefaultHttpCacheEntrySerializer?
> The code might look something like this?
> {code:java}
> private static final List<Pattern> ALLOWED_CLASS_PATTERNS = Collections.unmodifiableList(Arrays.asList(
>         Pattern.compile("^(?:\\[+L)?org\\.apache\\.http\\..*$"),
>         Pattern.compile("^(?:\\[+L)?java\\.util\\..*$"),
>         Pattern.compile("^(?:\\[+L)?java\\.lang\\..*$"),
>         Pattern.compile("^\\[+Z$"), // boolean
>         Pattern.compile("^\\[+B$"), // byte
>         Pattern.compile("^\\[+C$"), // char
>         Pattern.compile("^\\[+D$"), // double
>         Pattern.compile("^\\[+F$"), // float
>         Pattern.compile("^\\[+I$"), // int
>         Pattern.compile("^\\[+J$"), // long
>         Pattern.compile("^\\[+S$") // short
> ));
> {code}
> Note that I removed groups where unnecessary (to avoid capturing) and made the required group non capturing "?:" as well as added support for arrays of arrays of arrays.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org