private Log4jLogEvent deserialize(final byte[] binary) throws IOException, ClassNotFoundException { final ByteArrayInputStream inArr = new ByteArrayInputStream(binary); final ObjectInputStream in = new FilteredObjectInputStream(inArr); final Log4jLogEvent result = (Log4jLogEvent) in.readObject(); return result; }
private static Object unmarshall(final byte[] data, ObjectInputStream inputStream) throws IOException, ClassNotFoundException { final ByteArrayInputStream bin = new ByteArrayInputStream(data); Collection<String> allowedClasses = null; ObjectInputStream ois; if (inputStream instanceof FilteredObjectInputStream) { allowedClasses = ((FilteredObjectInputStream) inputStream).getAllowedClasses(); ois = new FilteredObjectInputStream(bin, allowedClasses); } else { try { Object obj = getObjectInputFilter.invoke(inputStream); Object filter = newObjectInputFilter.invoke(null, obj); ois = new ObjectInputStream(bin); setObjectInputFilter.invoke(ois, filter); } catch (IllegalAccessException | InvocationTargetException ex) { throw new StreamCorruptedException("Unable to set ObjectInputFilter on stream"); } } try { return ois.readObject(); } finally { ois.close(); } }
@Override protected Class<?> resolveClass(final ObjectStreamClass desc) throws IOException, ClassNotFoundException { String name = desc.getName(); if (!(isAllowedByDefault(name) || allowedClasses.contains(name))) { throw new InvalidObjectException("Class is not allowed for deserialization: " + name); } return super.resolveClass(desc); }
private static boolean isAllowedByDefault(final String name) { return isRequiredPackage(name) || REQUIRED_JAVA_CLASSES.contains(name); }
private LogEvent deserializeLogEvent(final byte[] data) throws IOException, ClassNotFoundException { final ByteArrayInputStream bis = new ByteArrayInputStream(data); try (ObjectInput ois = new FilteredObjectInputStream(bis)) { return (LogEvent) ois.readObject(); } }
private SortedArrayStringMap deserialize(final byte[] binary) throws IOException, ClassNotFoundException { final ByteArrayInputStream inArr = new ByteArrayInputStream(binary); try (final ObjectInputStream in = new FilteredObjectInputStream(inArr)) { final SortedArrayStringMap result = (SortedArrayStringMap) in.readObject(); return result; } }
private Log4jLogEvent deserialize(final byte[] binary) throws IOException, ClassNotFoundException { final ByteArrayInputStream inArr = new ByteArrayInputStream(binary); final ObjectInputStream in = useObjectInputStream ? new ObjectInputStream(inArr) : new FilteredObjectInputStream(inArr); final Log4jLogEvent result = (Log4jLogEvent) in.readObject(); return result; }
public static void main(final String... args) throws Exception { final File file = new File(args[0]); ObjectInputStream in = null; try { in = new FilteredObjectInputStream(new FileInputStream(file)); final Object result = in.readObject(); System.out.println(result); } catch (final Throwable t) { System.err.println("Could not deserialize."); throw t; // cause non-zero exit code } finally { try { in.close(); } catch (final Throwable t) { System.err.println("Error while closing: " + t); } } } }
@Test public void testDeserialization() throws Exception { testSerialization(); final File file = new File(DAT_PATH); final FileInputStream fis = new FileInputStream(file); final ObjectInputStream ois = useObjectInputStream ? new ObjectInputStream(fis) : new FilteredObjectInputStream(fis); try { final LogEvent event = (LogEvent) ois.readObject(); assertNotNull(event); } finally { ois.close(); } } }
final ObjectInputStream ois = new FilteredObjectInputStream(bais); try { ois.readObject();
@Test public void testNanoTimeIsNotSerialized2() throws Exception { final LogEvent event1 = Log4jLogEvent.newBuilder() // .setLoggerName(this.getClass().getName()) // .setLoggerFqcn("org.apache.logging.log4j.core.Logger") // .setLevel(Level.INFO) // .setMessage(new SimpleMessage("Hello, world!")) // .setThreadId(1) // this must be initialized or the test fails .setThreadName("this must be initialized or the test fails") // .setThreadPriority(2) // this must be initialized or the test fails .setNanoTime(0) // .build(); final LogEvent event2 = new Log4jLogEvent.Builder(event1).build(); final ByteArrayOutputStream baos = new ByteArrayOutputStream(); final ObjectOutputStream oos = new ObjectOutputStream(baos); oos.writeObject(event1); final ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray()); final ObjectInputStream ois = new FilteredObjectInputStream(bais); final LogEvent actual = (LogEvent) ois.readObject(); assertEquals("both zero nanoTime", event2, actual); }
@Test public void testNanoTimeIsNotSerialized1() throws Exception { final LogEvent event1 = Log4jLogEvent.newBuilder() // .setLoggerName(this.getClass().getName()) // .setLoggerFqcn("org.apache.logging.log4j.core.Logger") // .setLevel(Level.INFO) // .setMessage(new SimpleMessage("Hello, world!")) // .setThreadName("this must be initialized or the test fails") // .setNanoTime(12345678L) // .build(); final LogEvent copy = new Log4jLogEvent.Builder(event1).build(); final ByteArrayOutputStream baos = new ByteArrayOutputStream(); final ObjectOutputStream oos = new ObjectOutputStream(baos); oos.writeObject(event1); final ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray()); final ObjectInputStream ois = new FilteredObjectInputStream(bais); final LogEvent actual = (LogEvent) ois.readObject(); assertNotEquals("Different event: nanoTime", copy, actual); assertNotEquals("Different nanoTime", copy.getNanoTime(), actual.getNanoTime()); assertEquals("deserialized nanoTime is zero", 0, actual.getNanoTime()); }
final ByteArrayInputStream bais = new ByteArrayInputStream(item); final ObjectInputStream ois = useObjectInputStream ? new ObjectInputStream(bais) : new FilteredObjectInputStream(bais); LogEvent event; try {
out.writeObject(evt); final ObjectInputStream in = new FilteredObjectInputStream(new ByteArrayInputStream(baos.toByteArray())); final RingBufferLogEvent other = (RingBufferLogEvent) in.readObject(); assertEquals(loggerName, other.getLoggerName());