getReflectionProvider().visitSerializableFields(o, (String name, Class type, Class definedIn, Object value) -> { if (topLevelFields.contains(name)) { return;
@Override protected MapperWrapper wrapMapper(MapperWrapper next) { Mapper m = new CompatibilityMapper(new MapperWrapper(next) { @Override public String serializedClass(Class type) { if (type != null && ImmutableMap.class.isAssignableFrom(type)) return super.serializedClass(ImmutableMap.class); else if (type != null && ImmutableList.class.isAssignableFrom(type)) return super.serializedClass(ImmutableList.class); else return super.serializedClass(type); } }); AnnotationMapper a = new AnnotationMapper(m, getConverterRegistry(), getConverterLookup(), getClassLoader(), getReflectionProvider(), getJvm()); // TODO JENKINS-19561 this is unsafe: a.autodetectAnnotations(true); mapperInjectionPoint = new MapperInjectionPoint(a); return mapperInjectionPoint; }
private void init() { // list up types that should be marshalled out like a value, without referential integrity tracking. addImmutableType(Result.class); // http://www.openwall.com/lists/oss-security/2017/04/03/4 denyTypes(new Class[] { void.class, Void.class }); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new RobustMapConverter(getMapper()), 10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSortedSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableListConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // SECURITY-637 against URL deserialization registerConverter(new SafeURLConverter(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this), -10); registerConverter(new BlacklistedTypesConverter(), PRIORITY_VERY_HIGH); // SECURITY-247 defense registerConverter(new DynamicProxyConverter(getMapper()) { // SECURITY-105 defense @Override public boolean canConvert(Class type) { return /* this precedes NullConverter */ type != null && super.canConvert(type); } @Override public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("<dynamic-proxy> not supported"); } }, PRIORITY_VERY_HIGH); }
@Override protected MapperWrapper wrapMapper(MapperWrapper next) { Mapper m = new CompatibilityMapper(new MapperWrapper(next) { @Override public String serializedClass(Class type) { if (type != null && ImmutableMap.class.isAssignableFrom(type)) return super.serializedClass(ImmutableMap.class); else return super.serializedClass(type); } }); AnnotationMapper a = new AnnotationMapper(m, getConverterRegistry(), getClassLoader(), getReflectionProvider(), getJvm()); a.autodetectAnnotations(true); return a; }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ConcurrentHashMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this),-10); }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ConcurrentHashMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this),-10); }
@Override protected MapperWrapper wrapMapper(MapperWrapper next) { Mapper m = new CompatibilityMapper(new MapperWrapper(next) { @Override public String serializedClass(Class type) { if (type != null && ImmutableMap.class.isAssignableFrom(type)) return super.serializedClass(ImmutableMap.class); else return super.serializedClass(type); } }); AnnotationMapper a = new AnnotationMapper(m, getConverterRegistry(), getClassLoader(), getReflectionProvider(), getJvm()); a.autodetectAnnotations(true); return a; }
@Override protected MapperWrapper wrapMapper(MapperWrapper next) { Mapper m = new CompatibilityMapper(new MapperWrapper(next) { @Override public String serializedClass(Class type) { if (type != null && ImmutableMap.class.isAssignableFrom(type)) return super.serializedClass(ImmutableMap.class); else return super.serializedClass(type); } }); AnnotationMapper a = new AnnotationMapper(m, getConverterRegistry(), getClassLoader(), getReflectionProvider(), getJvm()); a.autodetectAnnotations(true); return a; }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ConcurrentHashMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this),-10); }
private void init() { // list up types that should be marshalled out like a value, without referential integrity tracking. addImmutableType(Result.class); // http://www.openwall.com/lists/oss-security/2017/04/03/4 denyTypes(new Class[] { void.class, Void.class }); registerConverter(new RobustCollectionConverter(getMapper(),getReflectionProvider()),10); registerConverter(new RobustMapConverter(getMapper()), 10); registerConverter(new ImmutableMapConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSortedSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableSetConverter(getMapper(),getReflectionProvider()),10); registerConverter(new ImmutableListConverter(getMapper(),getReflectionProvider()),10); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()),10); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()),10); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(),10); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this), -10); registerConverter(new BlacklistedTypesConverter(), PRIORITY_VERY_HIGH); // SECURITY-247 defense registerConverter(new DynamicProxyConverter(getMapper()) { // SECURITY-105 defense @Override public boolean canConvert(Class type) { return /* this precedes NullConverter */ type != null && super.canConvert(type); } @Override public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("<dynamic-proxy> not supported"); } }, PRIORITY_VERY_HIGH); }
private void init() { // list up types that should be marshalled out like a value, without referencial integrity tracking. addImmutableType(Result.class); registerConverter(new RobustCollectionConverter(getMapper(), getReflectionProvider()), XStream.PRIORITY_NORMAL); registerConverter(new ImmutableMapConverter(getMapper(), getReflectionProvider()), XStream.PRIORITY_NORMAL); registerConverter(new ConcurrentHashMapConverter(getMapper(), getReflectionProvider()), XStream.PRIORITY_NORMAL); registerConverter(new CopyOnWriteMap.Tree.ConverterImpl(getMapper()), XStream.PRIORITY_NORMAL); // needs to override MapConverter registerConverter(new DescribableList.ConverterImpl(getMapper()), XStream.PRIORITY_NORMAL); // explicitly added to handle subtypes registerConverter(new Label.ConverterImpl(), XStream.PRIORITY_NORMAL); // this should come after all the XStream's default simpler converters, // but before reflection-based one kicks in. registerConverter(new AssociatedConverterImpl(this), XStream.PRIORITY_LOW); reflectionConverter = new RobustReflectionConverter(getMapper(), new JVM().bestReflectionProvider()); registerConverter(reflectionConverter, XStream.PRIORITY_VERY_LOW); }
@Override protected MapperWrapper wrapMapper(MapperWrapper next) { Mapper m = new CompatibilityMapper(new MapperWrapper(next) { @Override public String serializedClass(Class type) { if (type != null && ImmutableMap.class.isAssignableFrom(type)) return super.serializedClass(ImmutableMap.class); else if (type != null && ImmutableList.class.isAssignableFrom(type)) return super.serializedClass(ImmutableList.class); else return super.serializedClass(type); } }); AnnotationMapper a = new AnnotationMapper(m, getConverterRegistry(), getConverterLookup(), getClassLoader(), getReflectionProvider(), getJvm()); // TODO JENKINS-19561 this is unsafe: a.autodetectAnnotations(true); mapperInjectionPoint = new MapperInjectionPoint(a); return mapperInjectionPoint; }