@Override public boolean canConvert(Class type) { if (type == null) { return false; } String name = type.getName(); if (JRUBY_PROXY.matcher(name).matches()) { return false; } // claim we can convert all the scary stuff so we can throw exceptions when attempting to do so return ClassFilter.DEFAULT.isBlacklisted(name) || ClassFilter.DEFAULT.isBlacklisted(type); } }
/** * Undo {@link #register}. */ public static void unregister() { ClassFilter.setDefault(ClassFilter.STANDARD); }
@Override public boolean canConvert(Class type) { if (type == null) { return false; } try { ClassFilter.DEFAULT.check(type); ClassFilter.DEFAULT.check(type.getName()); } catch (SecurityException se) { // claim we can convert all the scary stuff so we can throw exceptions when attempting to do so return true; } return false; } }
public boolean matches(Object item) { try { ClassFilter.createDefaultInstance().check(item.toString()); return Boolean.FALSE; } catch (ClassFilter.ClassFilterException ex) { throw new IllegalStateException("Failed to initialize the default class filter", ex); } catch (SecurityException sex) { return Boolean.TRUE; } }
/** * Checks that if given an invalid pattern in the overrides then the defaults are used. */ @Test(expected=Error.class) public void testDefaultsAreUsedIfOverridesAreGarbage() throws Exception { List<String> badClasses = Arrays.asList("Z{100,0}" /* min > max for repetition */); File f = folder.newFile("overrides.txt"); FileOutputStream fos = new FileOutputStream(f); try { for (String s : badClasses) { IOUtils.write(s, fos); IOUtils.write("\n", fos); } } finally { fos.close(); } setOverrideProperty(f.getAbsolutePath()); ClassFilter.createDefaultInstance(); }
/** * The default filtering rules to apply, unless the context guarantees the trust between two channels. The defaults * values provide for user specified overrides - see {@link #FILE_OVERRIDE_LOCATION_PROPERTY}. */ /*package*/ static ClassFilter createDefaultInstance() throws ClassFilterException { try { List<String> patternOverride = loadPatternOverride(); if (patternOverride != null) { LOGGER.log(Level.FINE, "Using user specified overrides for class blacklisting"); return new RegExpClassFilter(patternOverride.toArray(new String[patternOverride.size()])); } else { LOGGER.log(Level.FINE, "Using default in built class blacklisting"); return new RegExpClassFilter(DEFAULT_PATTERNS); } } catch (Error e) { // when being used by something like XStream the actual cause gets swallowed LOGGER.log(Level.SEVERE, "Failed to initialize the default class filter", e); throw e; } }
ClassFilter.appendDefaultFilter(Pattern.compile("java[.]security[.]SignedObject")); // TODO move to standard blacklist } catch (ClassFilter.ClassFilterException ex) { throw new IOException("Remoting library rejected the java[.]security[.]SignedObject blacklist pattern", ex);
/** * Checks that the defaults are loaded when the override property is provided and the file does not exist. */ @Test(expected=Error.class) public void testDefaultsRemainWhenOverrideDoesExists() throws Exception { setOverrideProperty(folder.getRoot().toString() + "/DO_NOT_CREATE_THIS_FILE_OR_ELSE_BAD_THINGS_WILL_HAPPEN_TO_YOU"); ClassFilter.createDefaultInstance(); }
@Override protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException { String name = desc.getName(); channel.classFilter.check(name); try { ClassLoader cl = readClassLoader(); // TODO: handle null classloader as a System one? Class<?> c = Class.forName(name, false, cl); channel.classFilter.check(c); return c; } catch (ClassNotFoundException ex) { return super.resolveClass(desc); } }
return false; if (ClassFilter.STANDARD.isBlacklisted(c)) { // currently never true, but may issue diagnostics notifyRejected(_c, _c.getName(), String.format("%s is not permitted ", _c.getName())); return true;
private static void mockOff() { LOGGER.warning("Disabling class filtering since we appear to be in a special test environment, perhaps Mockito/PowerMock"); ClassFilter.setDefault(ClassFilter.NONE); // even Method on the standard blacklist is going to explode }
/** * Some exceptions don't serialize properly. If so, we need to replace that with * an equivalent that captures the same details but serializes nicely. */ private boolean isUnserializableException(@CheckForNull Throwable error) { if (error == null) { return false; } try { // Some exceptions are refused to be serialized for security reasons. // (E.g. PowerAssertionError thrown by "assert false") // See also hudson.util.XStream2 ClassFilter.DEFAULT.check(error.getClass()); ClassFilter.DEFAULT.check(error.getClass().getName()); } catch (SecurityException x) { return true; } if (error instanceof MultipleCompilationErrorsException || error instanceof MissingMethodException) { return true; } if (isUnserializableException(error.getCause())) { return true; } for (Throwable t : error.getSuppressed()) { if (isUnserializableException(t)) { return true; } } return false; }
if (ClassFilter.STANDARD.isBlacklisted(name)) { if (SUPPRESS_ALL) { notifyRejected(null, name,
/** * Register this implementation as the default in the system. */ public static void register() { if (Main.isUnitTest && JENKINS_LOC == null) { mockOff(); return; } ClassFilter.setDefault(new ClassFilterImpl()); if (SUPPRESS_ALL) { LOGGER.warning("All class filtering suppressed. Your Jenkins installation is at risk from known attacks. See https://jenkins.io/redirect/class-filter/"); } else if (SUPPRESS_WHITELIST) { LOGGER.warning("JEP-200 class filtering by whitelist suppressed. Your Jenkins installation may be at risk. See https://jenkins.io/redirect/class-filter/"); } }
@Override public boolean isBlacklisted(String name) { return CURRENT_DEFAULT.isBlacklisted(name); } };
@Override public boolean isBlacklisted(Class c) { return CURRENT_DEFAULT.isBlacklisted(c); } @Override
/** * API version of {@link #isBlacklisted(String)} SPI. * @return the same {@code name} * @throws SecurityException if it is blacklisted */ public final String check(String name) { if (isBlacklisted(name)) { throw new SecurityException("Rejected: " + name + "; see https://jenkins.io/redirect/class-filter/"); } return name; }
/** * API version of {@link #isBlacklisted(Class)} SPI. * @return the same {@code c} * @throws SecurityException if it is blacklisted */ public final Class check(Class c) { if (isBlacklisted(c)) { throw new SecurityException("Rejected: " + c.getName() + "; see https://jenkins.io/redirect/class-filter/"); } return c; }