com.thoughtworks.xstream.XStream.allowTypesByWildcard()方法的使用及代码示例

x33g5p2x  于2022-02-02 转载在 其他  
字(11.7k)|赞(0)|评价(0)|浏览(430)

本文整理了Java中com.thoughtworks.xstream.XStream.allowTypesByWildcard()方法的一些代码示例,展示了XStream.allowTypesByWildcard()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。XStream.allowTypesByWildcard()方法的具体详情如下:
包路径:com.thoughtworks.xstream.XStream
类名称:XStream
方法名:allowTypesByWildcard

XStream.allowTypesByWildcard介绍

[英]Add security permission for types matching one of the specified wildcard patterns.

Supported are patterns with path expressions using dot as separator:

  • ?: one non-control character except separator, e.g. for 'java.net.Inet?Address'
  • : arbitrary number of non-control characters except separator, e.g. for types in a package like 'java.lang.'
  • : arbitrary number of non-control characters including separator, e.g. for types in a package and subpackages like 'java.lang.'
    [中]为匹配指定通配符模式之一的类型添加安全权限。
    支持使用点作为分隔符的路径表达式模式:
  • ?: 除分隔符外的一个非控制字符,例如“java”。网内特?地址'
    *:除分隔符之外的任意数量的非控制字符,例如用于“java”之类的包中的类型。朗
    **:任意数量的非控制字符,包括分隔符,例如用于包和子包(如“java”)中的类型。朗

代码示例

代码示例来源:origin: javamelody/javamelody

static Object readFromXml(InputStream bufferedInput) throws IOException {
  final XStream xstream = createXStream(false);
  // see http://x-stream.github.io/security.html
  // clear out existing permissions and set own ones
  xstream.addPermission(NoTypePermission.NONE);
  // allow some basics
  xstream.addPermission(NullPermission.NULL);
  xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  xstream.allowTypesByWildcard(
      new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
  // allow any type from the same package
  xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
  final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
  try {
    return xstream.fromXML(reader);
  } finally {
    reader.close();
  }
}

代码示例来源:origin: geoserver/geoserver

xs.allowTypes(new Class[] {DynamicProxyMapper.DynamicProxy.class});
xs.allowTypes(new String[] {"java.util.Collections$SingletonList"});
xs.allowTypesByWildcard(new String[] {"org.geoserver.catalog.**"});
xs.allowTypesByWildcard(new String[] {"org.geoserver.security.**"});

代码示例来源:origin: psi-probe/psi-probe

/**
 * Writes stats data to file on disk.
 *
 * @throws InterruptedException if a lock cannot be obtained
 */
public synchronized void serialize() throws InterruptedException {
 lock.lockForCommit();
 long start = System.currentTimeMillis();
 try {
  shiftFiles(0);
  try (OutputStream os = Files.newOutputStream(makeFile().toPath())) {
   XStream xstream = new XStream();
   xstream.allowTypesByWildcard(new String[] {"psibrobe.model.stats.**"});
   XStream.setupDefaultSecurity(xstream);
   xstream.toXML(statsData, os);
  }
 } catch (Exception e) {
  logger.error("Could not write stats data to '{}'", makeFile().getAbsolutePath(), e);
 } finally {
  lock.releaseCommitLock();
  logger.debug("stats serialized in {}ms", System.currentTimeMillis() - start);
 }
}

代码示例来源:origin: psi-probe/psi-probe

@Override
 protected ModelAndView handleRequestInternal(HttpServletRequest request,
   HttpServletResponse response) throws Exception {

  String path = request.getServletPath();
  String internalPath = path.replaceAll(xmlMarker, "");

  Controller controller = (Controller) getApplicationContext().getBean(internalPath);
  if (controller != null) {
   ModelAndView modelAndView = controller.handleRequest(request, response);
   if (modelAndView.getModel() != null) {
    TransportableModel tm = new TransportableModel();
    tm.putAll(modelAndView.getModel());
    XStream xstream = new XStream();
    xstream.allowTypesByWildcard(new String[] {"psibrobe.controllers.**"});
    XStream.setupDefaultSecurity(xstream);
    xstream.toXML(tm, response.getWriter());
   }
  }
  return null;
 }
}

代码示例来源:origin: EvoSuite/evosuite

public static void writeInheritanceTree(InheritanceTree tree, File file) throws IOException {
  XStream xstream = new XStream();
  XStream.setupDefaultSecurity(xstream);
  xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
  GZIPOutputStream output = new GZIPOutputStream(new FileOutputStream(file));
  xstream.toXML(tree, output);
  output.close();
}

代码示例来源:origin: EvoSuite/evosuite

public static InheritanceTree readInheritanceTree(String fileName) throws IOException {
  XStream xstream = new XStream();
  XStream.setupDefaultSecurity(xstream);
  xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
  GZIPInputStream inheritance = new GZIPInputStream(new FileInputStream(new File(fileName)));
  return (InheritanceTree) xstream.fromXML(inheritance);
}

代码示例来源:origin: EvoSuite/evosuite

public static InheritanceTree readUncompressedInheritanceTree(String fileName)
    throws IOException {
  XStream xstream = new XStream();
  XStream.setupDefaultSecurity(xstream);
  xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
  InputStream inheritance = new FileInputStream(new File(fileName));
  return (InheritanceTree) xstream.fromXML(inheritance);
}

代码示例来源:origin: GeoWebCache/geowebcache

public static XStream getConfiguredXStream(XStream xs) {
  // Allow anything that's part of GWC Diskquota
  // TODO: replace this with a more narrow whitelist
  xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});
  xs.setMode(XStream.NO_REFERENCES);
  xs.alias("gwcQuotaConfiguration", DiskQuotaConfig.class);
  xs.alias("layerQuotas", List.class);
  xs.alias("LayerQuota", LayerQuota.class);
  xs.alias("Quota", Quota.class);
  xs.registerConverter(new QuotaXSTreamConverter());
  return xs;
}

代码示例来源:origin: GeoWebCache/geowebcache

private static XStream getXStream() {
  XStream xs = new GeoWebCacheXStream();
  // Allow anything that's part of GWC
  // TODO: replace this with a more narrow whitelist
  xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});
  xs.setMode(XStream.NO_REFERENCES);
  xs.alias("gwcJdbcConfiguration", JDBCConfiguration.class);
  xs.alias("connectionPool", ConnectionPoolConfiguration.class);
  return xs;
}

代码示例来源:origin: EvoSuite/evosuite

public static InheritanceTree readJDKData() {
  XStream xstream = new XStream();
  XStream.setupDefaultSecurity(xstream);
  xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
  String fileName;
  if(! PackageInfo.isCurrentlyShaded()) {
    fileName = "/" + jdkFile;
  } else {
    fileName = "/" + shadedJdkFile;
  }
  InputStream inheritance = InheritanceTreeGenerator.class.getResourceAsStream(fileName);
  if (inheritance != null) {
    return (InheritanceTree) xstream.fromXML(inheritance);
  } else {
    logger.warn("Found no JDK inheritance tree in the resource path: "+fileName);
    return null;
  }
}

代码示例来源:origin: x-stream/xstream

protected void setupSecurity(final XStream xstream) {
  xstream.allowTypesByWildcard(AbstractAcceptanceTest.class.getPackage().getName() + ".*objects.**");
  xstream.allowTypesByWildcard(this.getClass().getName() + "$*");
}

代码示例来源:origin: net.bull.javamelody/javamelody-core

static Object readFromXml(InputStream bufferedInput) throws IOException {
  final XStream xstream = createXStream(false);
  // see http://x-stream.github.io/security.html
  // clear out existing permissions and set own ones
  xstream.addPermission(NoTypePermission.NONE);
  // allow some basics
  xstream.addPermission(NullPermission.NULL);
  xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  xstream.allowTypesByWildcard(
      new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
  // allow any type from the same package
  xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
  final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
  try {
    return xstream.fromXML(reader);
  } finally {
    reader.close();
  }
}

代码示例来源:origin: de.sciss/submin

public static void install(boolean isDark) {
    // cf. https://stackoverflow.com/questions/44698296/security-framework-of-xstream-not-initialized-xstream-is-probably-vulnerable
    final XStream xs = XmlUtils.getXStream();
//        XStream.setupDefaultSecurity(xs);
    xs.allowTypesByWildcard(new String[] { "com.alee.**" });

    if (isDark) SubminDarkSkin .install();
    else        SubminLightSkin.install();
  }
}

代码示例来源:origin: com.github.binarywang/weixin-java-common

public static XStream getInstance() {
 XStream xstream = new XStream(new PureJavaReflectionProvider(), XPP_DRIVER);
 xstream.ignoreUnknownElements();
 xstream.setMode(XStream.NO_REFERENCES);
 XStream.setupDefaultSecurity(xstream);
 xstream.allowTypesByWildcard(new String[]{
  "me.chanjar.weixin.**", "cn.binarywang.wx.**", "com.github.binarywang.**"
 });
 xstream.setClassLoader(Thread.currentThread().getContextClassLoader());
 return xstream;
}

代码示例来源:origin: binarywang/WxJava

public static XStream getInstance() {
 XStream xstream = new XStream(new PureJavaReflectionProvider(), XPP_DRIVER);
 xstream.ignoreUnknownElements();
 xstream.setMode(XStream.NO_REFERENCES);
 XStream.setupDefaultSecurity(xstream);
 xstream.allowTypesByWildcard(new String[]{
  "me.chanjar.weixin.**", "cn.binarywang.wx.**", "com.github.binarywang.**"
 });
 xstream.setClassLoader(Thread.currentThread().getContextClassLoader());
 return xstream;
}

代码示例来源:origin: org.apache.activemq/activemq-all

public static XStream createXStream() {
  XStream stream = new XStream();
  stream.addPermission(NoTypePermission.NONE);
  stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  stream.allowTypeHierarchy(Collection.class);
  stream.allowTypeHierarchy(Map.class);
  stream.allowTypes(new Class[]{String.class});
  if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
    stream.addPermission(AnyTypePermission.ANY);
  } else {
    for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
      stream.allowTypesByWildcard(new String[]{packageName + ".**"});
    }
  }
  return stream;
}

代码示例来源:origin: org.apache.activemq/activemq-osgi

public static XStream createXStream() {
  XStream stream = new XStream();
  stream.addPermission(NoTypePermission.NONE);
  stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  stream.allowTypeHierarchy(Collection.class);
  stream.allowTypeHierarchy(Map.class);
  stream.allowTypes(new Class[]{String.class});
  if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
    stream.addPermission(AnyTypePermission.ANY);
  } else {
    for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
      stream.allowTypesByWildcard(new String[]{packageName + ".**"});
    }
  }
  return stream;
}

代码示例来源:origin: org.apache.activemq/activemq-stomp

public static XStream createXStream() {
  XStream stream = new XStream();
  stream.addPermission(NoTypePermission.NONE);
  stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  stream.allowTypeHierarchy(Collection.class);
  stream.allowTypeHierarchy(Map.class);
  stream.allowTypes(new Class[]{String.class});
  if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
    stream.addPermission(AnyTypePermission.ANY);
  } else {
    for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
      stream.allowTypesByWildcard(new String[]{packageName + ".**"});
    }
  }
  return stream;
}

代码示例来源:origin: GeoWebCache/geowebcache

private static XStream getConfiguredXStream(XStream xs) {
  // Restrict classes that can be serialized/deserialized
  // Allowing arbitrary classes to be deserialized is a security issue.
  {
    // Allow any implementation of these extension points
    xs.allowTypeHierarchy(org.geowebcache.layer.TileLayer.class);
    xs.allowTypeHierarchy(org.geowebcache.filter.parameters.ParameterFilter.class);
    xs.allowTypeHierarchy(org.geowebcache.filter.request.RequestFilter.class);
    xs.allowTypeHierarchy(org.geowebcache.config.BlobStoreInfo.class);
    xs.allowTypeHierarchy(TileLayerConfiguration.class);
    // Allow anything that's part of GWC
    // TODO: replace this with a more narrow whitelist
    xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});
  }
  xs.setMode(XStream.NO_REFERENCES);
  xs.alias("gwcConfiguration", GeoWebCacheConfiguration.class);
  xs.useAttributeFor(GeoWebCacheConfiguration.class, "xmlns_xsi");
  xs.aliasField("xmlns:xsi", GeoWebCacheConfiguration.class, "xmlns_xsi");
  xs.useAttributeFor(GeoWebCacheConfiguration.class, "xmlns");
  xs.alias("wmsRasterFilterUpdate", WMSRasterFilterUpdate.class);
  return xs;
}

代码示例来源:origin: GeoWebCache/geowebcache

xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});

相关文章