1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package org.xwiki.job.internal.xstream

File SafeXStream.java

 

Coverage histogram

../../../../../img/srcFileCovDistChart7.png
66% of files have more coverage

Code metrics

4
15
3
1
96
40
6
0.4
5
3
2

Classes

Class Line # Actions
SafeXStream 35 15 0% 6 8
0.636363663.6%
 

Contributing tests

This file is covered by 209 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.job.internal.xstream;
21   
22    import com.thoughtworks.xstream.MarshallingStrategy;
23    import com.thoughtworks.xstream.XStream;
24    import com.thoughtworks.xstream.converters.ConversionException;
25    import com.thoughtworks.xstream.converters.DataHolder;
26    import com.thoughtworks.xstream.core.JVM;
27    import com.thoughtworks.xstream.io.HierarchicalStreamReader;
28   
29    /**
30    * A {@link XStream} that never fail whatever value is provided.
31    *
32    * @version $Id: 4e12740bbaa0368b47a8737f3a04dbd60f9ca73b $
33    * @since 5.4M1
34    */
 
35    public class SafeXStream extends XStream
36    {
37    // FIXME: Workaround for XStream security rules warning
38    private MarshallingStrategy marshallingStrategy;
39   
40    /**
41    * Default constructor.
42    */
 
43  553 toggle public SafeXStream()
44    {
45  553 super(new SafeReflectionProvider(JVM.newReflectionProvider()));
46   
47    // Cleaner array serialization
48  553 registerConverter(new SafeArrayConverter(this));
49   
50    // Cleaner messages
51  553 registerConverter(new SafeMessageConverter(this));
52   
53    // Cleaner log
54  553 registerConverter(new SafeLogEventConverter(this));
55   
56    // cleaner exceptions
57  553 registerConverter(
58    new SafeThrowableConverter(getMapper(), getConverterLookup().lookupConverterForType(Object.class)));
59   
60    // We don't care if some field from the XML does not exist anymore
61  553 ignoreUnknownElements();
62   
63    // Protect reflection based marshalling/unmarshalling
64  553 setMarshallingStrategy(new SafeTreeMarshallingStrategy());
65   
66    // TODO: see what to do about new XStream security rules, the default setup is to use a white list which is
67    // totally unusable for job serialization use case where we don't know the types in advance (we don't even know
68    // the ClassLoader in advance...).
69    // setupDefaultSecurity(this);
70    }
71   
72    ////////////////////////////////////////////////////////////////////
73    // FIXME: Workaround for XStream security rules warning
74   
 
75  1106 toggle @Override
76    public void setMarshallingStrategy(MarshallingStrategy marshallingStrategy)
77    {
78  1106 super.setMarshallingStrategy(marshallingStrategy);
79   
80  1106 this.marshallingStrategy = marshallingStrategy;
81    }
82   
 
83  81 toggle @Override
84    public Object unmarshal(HierarchicalStreamReader reader, Object root, DataHolder dataHolder)
85    {
86  81 try {
87  81 return marshallingStrategy.unmarshal(root, reader, dataHolder, getConverterLookup(), getMapper());
88   
89    } catch (ConversionException e) {
90  0 Package pkg = getClass().getPackage();
91  0 String version = pkg != null ? pkg.getImplementationVersion() : null;
92  0 e.add("version", version != null ? version : "not available");
93  0 throw e;
94    }
95    }
96    }