From 097506a45837f55e4d010e4094d60a36f6672ebd Mon Sep 17 00:00:00 2001 From: jbonofre Date: Fri, 7 Feb 2020 10:50:52 +0100 Subject: [PATCH] [AMQ-7399] org.apache.activemq.SERIALIZABLE_PACKAGES doesn't include java* by default --- .../apache/activemq/transport/amqp/AmqpTestSupport.java | 1 + .../java/org/apache/activemq/JmsQueueTransactionTest.java | 2 +- .../org/apache/activemq/JmsTransactionTestSupport.java | 2 ++ .../activemq/util/ClassLoadingAwareObjectInputStream.java | 3 +-- .../util/ClassLoadingAwareObjectInputStreamTest.java | 5 +++++ .../transport/http/HttpJMSMessagesWithCompressionTest.java | 2 ++ .../org/apache/activemq/ra/JmsXAQueueTransactionTest.java | 6 ++++++ .../activemq/ra/JmsXARollback2CxTransactionTest.java | 1 + .../test/java/org/apache/activemq/bugs/AMQ3537Test.java | 4 ++++ .../java/org/apache/activemq/joramtests/JoramJmsTest.java | 4 ++++ .../apache/activemq/usecases/ChangeSentMessageTest.java | 5 +++++ .../usecases/ObjectMessageNotSerializableTest.java | 7 ++++--- assembly/src/release/bin/activemq | 3 --- assembly/src/release/bin/env | 7 +++++++ 14 files changed, 43 insertions(+), 9 deletions(-) diff --git a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java index 69d1998629..73a22cc255 100644 --- a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java +++ b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java @@ -100,6 +100,7 @@ public class AmqpTestSupport { @Before public void setUp() throws Exception { LOG.info("========== start " + getTestName() + " =========="); + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util"); exceptions.clear(); startBroker(); diff --git a/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java b/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java index c2e951069e..2b0f4f38c3 100644 --- a/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java +++ b/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java @@ -108,7 +108,7 @@ public class JmsQueueTransactionTest extends JmsTransactionTestSupport { * * @throws Exception */ - public void testSendReceiveInSeperateSessionTest() throws Exception { + public void testSendReceiveInSeparatedSessionTest() throws Exception { session.close(); int batchCount = 10; diff --git a/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java b/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java index 423f1eec03..539a1e0c11 100644 --- a/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java +++ b/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java @@ -114,6 +114,7 @@ public abstract class JmsTransactionTestSupport extends TestSupport implements M /** */ protected BrokerService createBroker() throws Exception, URISyntaxException { + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util"); return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false")); } @@ -569,6 +570,7 @@ public abstract class JmsTransactionTestSupport extends TestSupport implements M } public void testChangeMutableObjectInObjectMessageThenRollback() throws Exception { + ArrayList list = new ArrayList(); list.add("First"); Message outbound = session.createObjectMessage(list); diff --git a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java index 04539394fb..95ad9eeb3f 100644 --- a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java +++ b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java @@ -40,8 +40,7 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream { private final ClassLoader inLoader; static { - serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", - "java.lang,javax.security,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(","); + serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES","org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(","); } public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException { diff --git a/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java b/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java index e2e9c610ec..a30d81330b 100644 --- a/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java +++ b/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java @@ -35,6 +35,10 @@ import org.junit.rules.TestName; public class ClassLoadingAwareObjectInputStreamTest { + static { + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util"); + } + private final String ACCEPTS_ALL_FILTER = "*"; private final String ACCEPTS_NONE_FILTER = ""; @@ -364,6 +368,7 @@ public class ClassLoadingAwareObjectInputStreamTest { @Test public void testReadObjectFailsWithUntrustedType() throws Exception { + byte[] serialized = serializeObject(new SimplePojo(name.getMethodName())); try (ByteArrayInputStream input = new ByteArrayInputStream(serialized); diff --git a/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java b/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java index 559dfd1da3..a86c6c2b84 100644 --- a/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java +++ b/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java @@ -18,6 +18,7 @@ package org.apache.activemq.transport.http; import java.net.URISyntaxException; +import java.util.Arrays; import java.util.concurrent.atomic.AtomicInteger; import javax.jms.BytesMessage; import javax.jms.Connection; @@ -71,6 +72,7 @@ public class HttpJMSMessagesWithCompressionTest { protected ConnectionFactory createConnectionFactory() throws URISyntaxException { ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(getBrokerURL()); + factory.setTrustedPackages(Arrays.asList("java.lang".split(","))); return factory; } diff --git a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java index 2800de57eb..f55325ea4c 100644 --- a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java +++ b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java @@ -42,6 +42,12 @@ public class JmsXAQueueTransactionTest extends JmsQueueTransactionTest { private static long txGenerator; private Xid xid; + @Override + protected void setUp() throws Exception { + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util"); + super.setUp(); + } + @Override protected BrokerService createBroker() throws Exception { return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false&useJmx=false")); diff --git a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java index 81a995ef9e..ba0201cbfd 100644 --- a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java +++ b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java @@ -59,6 +59,7 @@ public class JmsXARollback2CxTransactionTest extends JmsQueueTransactionTest { @Override protected void setUp() throws Exception { LOG.info("Starting ----------------------------> {}", this.getName()); + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util"); super.setUp(); } diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java index fe8e3fd405..d3d6ebee73 100644 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java @@ -50,6 +50,10 @@ import org.junit.Test; @SuppressWarnings({ "rawtypes", "unchecked" }) public class AMQ3537Test implements InvocationHandler, Serializable { + static { + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,org.apache.activemq.bugs"); + } + private static final long serialVersionUID = 1L; /** diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java index 00c5423a72..467e9e39d8 100644 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java @@ -44,6 +44,10 @@ import org.objectweb.jtests.jms.conform.topic.TemporaryTopicTest; */ public class JoramJmsTest extends TestCase { + static { + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,java.lang"); + } + public static Test suite() { TestSuite suite = new TestSuite(); suite.addTestSuite(SelectorTest.class); diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java index 90dfa2d4f1..0f7cd2bd2d 100644 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java @@ -32,6 +32,11 @@ import org.apache.activemq.test.TestSupport; * */ public class ChangeSentMessageTest extends TestSupport { + + static { + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,java.lang"); + } + private static final int COUNT = 200; private static final String VALUE_NAME = "value"; diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java index c9f0f5306a..5f02b0eaa9 100644 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java @@ -56,13 +56,14 @@ public class ObjectMessageNotSerializableTest extends CombinationTestSupport { } protected void setUp() throws Exception { + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "org.apache.activemq.usecases,java.util,java.lang"); exceptions.clear(); broker = createBroker(); } - public void testSendNotSerializeableObjectMessage() throws Exception { + public void testSendNotSerializableObjectMessage() throws Exception { - final ActiveMQDestination destination = new ActiveMQQueue("testQ"); + final ActiveMQDestination destination = new ActiveMQQueue("testQ"); final MyObject obj = new MyObject("A message"); final CountDownLatch consumerStarted = new CountDownLatch(1); @@ -129,7 +130,7 @@ public class ObjectMessageNotSerializableTest extends CombinationTestSupport { assertTrue("no unexpected exceptions: " + exceptions, exceptions.isEmpty()); } - public void testSendNotSerializeableObjectMessageOverTcp() throws Exception { + public void testSendNotSerializableObjectMessageOverTcp() throws Exception { final ActiveMQDestination destination = new ActiveMQTopic("testTopic"); final MyObject obj = new MyObject("A message"); diff --git a/assembly/src/release/bin/activemq b/assembly/src/release/bin/activemq index c8d7f031d2..4e86c99ad4 100755 --- a/assembly/src/release/bin/activemq +++ b/assembly/src/release/bin/activemq @@ -40,9 +40,6 @@ # # For more information on configuring the script, see http://activemq.apache.org/unix-shell-script.html # -# -# Authors: -# Marc Schoechlin # ------------------------------------------------------------------------ # IMPROVED DEBUGGING (execute with bash -x) diff --git a/assembly/src/release/bin/env b/assembly/src/release/bin/env index 400e9b8625..947807b984 100644 --- a/assembly/src/release/bin/env +++ b/assembly/src/release/bin/env @@ -113,3 +113,10 @@ ACTIVEMQ_USER="" # (set JAVACMD to "auto" for automatic detection) #JAVA_HOME="" JAVACMD="auto" + +# Packages allowed for serialization (when used with ObjectMessage). +# Packages set is limited to org.apache.activemmq, org.fusesource.hawtbuf and com.thoughtworks.xstream.mapper by default. +# java* packages are excluded by default for security reason. +#ACTIVEMQ_OPTS="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper" +# You have explicitely add java.lang, javax.security, and java.util packages and your own packages: +#ACTIVEMQ_OPTS="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=java.lang,javax.security,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"