Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #446 from jbonofre/AMQ-7399 

[AMQ-7399] org.apache.activemq.SERIALIZABLE_PACKAGES doesn't contain java* by default
This commit is contained in:
Jean-Baptiste Onofré 2020-02-12 13:44:48 +01:00 committed by GitHub
parent 098fd9c5a9 097506a458
commit ee16d9df5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 43 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
View File

@ -100,6 +100,7 @@ public class AmqpTestSupport {
@Before @Before
public void setUp() throws Exception { public void setUp() throws Exception {
LOG.info("========== start " + getTestName() + " =========="); LOG.info("========== start " + getTestName() + " ==========");
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
exceptions.clear(); exceptions.clear();
startBroker(); startBroker();

2
activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java
View File

@ -108,7 +108,7 @@ public class JmsQueueTransactionTest extends JmsTransactionTestSupport {
* *
* @throws Exception * @throws Exception
*/ */
public void testSendReceiveInSeperateSessionTest() throws Exception { public void testSendReceiveInSeparatedSessionTest() throws Exception {
session.close(); session.close();
int batchCount = 10; int batchCount = 10;

2
activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java
View File

@ -114,6 +114,7 @@ public abstract class JmsTransactionTestSupport extends TestSupport implements M
/** /**
*/ */
protected BrokerService createBroker() throws Exception, URISyntaxException { protected BrokerService createBroker() throws Exception, URISyntaxException {
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false")); return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false"));
} }
@ -569,6 +570,7 @@ public abstract class JmsTransactionTestSupport extends TestSupport implements M
} }
public void testChangeMutableObjectInObjectMessageThenRollback() throws Exception { public void testChangeMutableObjectInObjectMessageThenRollback() throws Exception {
ArrayList<String> list = new ArrayList<String>(); ArrayList<String> list = new ArrayList<String>();
list.add("First"); list.add("First");
Message outbound = session.createObjectMessage(list); Message outbound = session.createObjectMessage(list);

3
activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
View File

@ -40,8 +40,7 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
private final ClassLoader inLoader; private final ClassLoader inLoader;
static { static {
serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES","org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
"java.lang,javax.security,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
} }
public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException { public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException {

5
activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java
View File

@ -35,6 +35,10 @@ import org.junit.rules.TestName;
public class ClassLoadingAwareObjectInputStreamTest { public class ClassLoadingAwareObjectInputStreamTest {
static {
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
}
private final String ACCEPTS_ALL_FILTER = "*"; private final String ACCEPTS_ALL_FILTER = "*";
private final String ACCEPTS_NONE_FILTER = ""; private final String ACCEPTS_NONE_FILTER = "";
@ -364,6 +368,7 @@ public class ClassLoadingAwareObjectInputStreamTest {
@Test @Test
public void testReadObjectFailsWithUntrustedType() throws Exception { public void testReadObjectFailsWithUntrustedType() throws Exception {
byte[] serialized = serializeObject(new SimplePojo(name.getMethodName())); byte[] serialized = serializeObject(new SimplePojo(name.getMethodName()));
try (ByteArrayInputStream input = new ByteArrayInputStream(serialized); try (ByteArrayInputStream input = new ByteArrayInputStream(serialized);

2
activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java
View File

@ -18,6 +18,7 @@
package org.apache.activemq.transport.http; package org.apache.activemq.transport.http;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicInteger;
import javax.jms.BytesMessage; import javax.jms.BytesMessage;
import javax.jms.Connection; import javax.jms.Connection;
@ -71,6 +72,7 @@ public class HttpJMSMessagesWithCompressionTest {
protected ConnectionFactory createConnectionFactory() throws URISyntaxException { protected ConnectionFactory createConnectionFactory() throws URISyntaxException {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(getBrokerURL()); ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(getBrokerURL());
factory.setTrustedPackages(Arrays.asList("java.lang".split(",")));
return factory; return factory;
} }

6
activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java
View File

@ -42,6 +42,12 @@ public class JmsXAQueueTransactionTest extends JmsQueueTransactionTest {
private static long txGenerator; private static long txGenerator;
private Xid xid; private Xid xid;
@Override
protected void setUp() throws Exception {
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
super.setUp();
}
@Override @Override
protected BrokerService createBroker() throws Exception { protected BrokerService createBroker() throws Exception {
return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false&useJmx=false")); return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false&useJmx=false"));

1
activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java
View File

@ -59,6 +59,7 @@ public class JmsXARollback2CxTransactionTest extends JmsQueueTransactionTest {
@Override @Override
protected void setUp() throws Exception { protected void setUp() throws Exception {
LOG.info("Starting ----------------------------> {}", this.getName()); LOG.info("Starting ----------------------------> {}", this.getName());
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
super.setUp(); super.setUp();
} }

4
activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java
View File

@ -50,6 +50,10 @@ import org.junit.Test;
@SuppressWarnings({ "rawtypes", "unchecked" }) @SuppressWarnings({ "rawtypes", "unchecked" })
public class AMQ3537Test implements InvocationHandler, Serializable { public class AMQ3537Test implements InvocationHandler, Serializable {
static {
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,org.apache.activemq.bugs");
}
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
/** /**

4
activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java
View File

@ -44,6 +44,10 @@ import org.objectweb.jtests.jms.conform.topic.TemporaryTopicTest;
*/ */
public class JoramJmsTest extends TestCase { public class JoramJmsTest extends TestCase {
static {
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,java.lang");
}
public static Test suite() { public static Test suite() {
TestSuite suite = new TestSuite(); TestSuite suite = new TestSuite();
suite.addTestSuite(SelectorTest.class); suite.addTestSuite(SelectorTest.class);

5
activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java
View File

@ -32,6 +32,11 @@ import org.apache.activemq.test.TestSupport;
* *
*/ */
public class ChangeSentMessageTest extends TestSupport { public class ChangeSentMessageTest extends TestSupport {
static {
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,java.lang");
}
private static final int COUNT = 200; private static final int COUNT = 200;
private static final String VALUE_NAME = "value"; private static final String VALUE_NAME = "value";

5
activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java
View File

@ -56,11 +56,12 @@ public class ObjectMessageNotSerializableTest extends CombinationTestSupport {
} }
protected void setUp() throws Exception { protected void setUp() throws Exception {
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "org.apache.activemq.usecases,java.util,java.lang");
exceptions.clear(); exceptions.clear();
broker = createBroker(); broker = createBroker();
} }
public void testSendNotSerializeableObjectMessage() throws Exception { public void testSendNotSerializableObjectMessage() throws Exception {
final ActiveMQDestination destination = new ActiveMQQueue("testQ"); final ActiveMQDestination destination = new ActiveMQQueue("testQ");
final MyObject obj = new MyObject("A message"); final MyObject obj = new MyObject("A message");
@ -129,7 +130,7 @@ public class ObjectMessageNotSerializableTest extends CombinationTestSupport {
assertTrue("no unexpected exceptions: " + exceptions, exceptions.isEmpty()); assertTrue("no unexpected exceptions: " + exceptions, exceptions.isEmpty());
} }
public void testSendNotSerializeableObjectMessageOverTcp() throws Exception { public void testSendNotSerializableObjectMessageOverTcp() throws Exception {
final ActiveMQDestination destination = new ActiveMQTopic("testTopic"); final ActiveMQDestination destination = new ActiveMQTopic("testTopic");
final MyObject obj = new MyObject("A message"); final MyObject obj = new MyObject("A message");

3
assembly/src/release/bin/activemq
View File

@ -40,9 +40,6 @@
# #
# For more information on configuring the script, see http://activemq.apache.org/unix-shell-script.html # For more information on configuring the script, see http://activemq.apache.org/unix-shell-script.html
# #
#
# Authors:
# Marc Schoechlin <ms@256bit.org>
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------
# IMPROVED DEBUGGING (execute with bash -x) # IMPROVED DEBUGGING (execute with bash -x)

7
assembly/src/release/bin/env
View File

@ -113,3 +113,10 @@ ACTIVEMQ_USER=""
# (set JAVACMD to "auto" for automatic detection) # (set JAVACMD to "auto" for automatic detection)
#JAVA_HOME="" #JAVA_HOME=""
JAVACMD="auto" JAVACMD="auto"
# Packages allowed for serialization (when used with ObjectMessage).
# Packages set is limited to org.apache.activemmq, org.fusesource.hawtbuf and com.thoughtworks.xstream.mapper by default.
# java* packages are excluded by default for security reason.
#ACTIVEMQ_OPTS="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"
# You have explicitely add java.lang, javax.security, and java.util packages and your own packages:
#ACTIVEMQ_OPTS="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=java.lang,javax.security,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"