Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

LUCENE-9094: Ban ObjectInputStream and ObjectOutputStream in forbidden-apis

This commit is contained in:
Robert Muir 2019-12-16 13:31:11 -05:00
parent b5a2cfba4f
commit dc35e5752b
11 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lucene/analysis/smartcn/src/java/org/apache/lucene/analysis/cn/smart/hhmm/BigramDictionary.java
View File

@ -28,6 +28,7 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import org.apache.lucene.analysis.cn.smart.AnalyzerProfile;
import org.apache.lucene.util.SuppressForbidden;
/**
* SmartChineseAnalyzer Bigram dictionary.
@ -85,6 +86,7 @@ class BigramDictionary extends AbstractDictionary {
}
}
@SuppressForbidden(reason = "TODO: fix code to serialize its own dictionary vs. a binary blob in the codebase")
private void loadFromInputStream(InputStream serialObjectInputStream)
throws IOException, ClassNotFoundException {
try (ObjectInputStream input = new ObjectInputStream(serialObjectInputStream)) {
@ -94,6 +96,7 @@ class BigramDictionary extends AbstractDictionary {
}
}
@SuppressForbidden(reason = "TODO: fix code to serialize its own dictionary vs. a binary blob in the codebase")
private void saveToObj(Path serialObj) throws IOException {
try (ObjectOutputStream output = new ObjectOutputStream(Files.newOutputStream(
serialObj))) {

3
lucene/analysis/smartcn/src/java/org/apache/lucene/analysis/cn/smart/hhmm/WordDictionary.java
View File

@ -29,6 +29,7 @@ import java.nio.file.Paths;
import org.apache.lucene.analysis.cn.smart.AnalyzerProfile;
import org.apache.lucene.analysis.cn.smart.Utility;
import org.apache.lucene.util.SuppressForbidden;
/**
* SmartChineseAnalyzer Word Dictionary
@ -146,6 +147,7 @@ class WordDictionary extends AbstractDictionary {
}
}
@SuppressForbidden(reason = "TODO: fix code to serialize its own dictionary vs. a binary blob in the codebase")
private void loadFromObjectInputStream(InputStream serialObjectInputStream)
throws IOException, ClassNotFoundException {
try (ObjectInputStream input = new ObjectInputStream(serialObjectInputStream)) {
@ -157,6 +159,7 @@ class WordDictionary extends AbstractDictionary {
}
}
@SuppressForbidden(reason = "TODO: fix code to serialize its own dictionary vs. a binary blob in the codebase")
private void saveToObj(Path serialObj) {
try (ObjectOutputStream output = new ObjectOutputStream(Files.newOutputStream(serialObj))) {
output.writeObject(wordIndexTable);

4
lucene/facet/src/java/org/apache/lucene/facet/taxonomy/writercache/CharBlockArray.java
View File

@ -25,6 +25,8 @@ import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import org.apache.lucene.util.SuppressForbidden;
/**
* Similar to {@link StringBuilder}, but with a more efficient growing strategy.
* This class uses char array blocks to grow.
@ -185,6 +187,7 @@ class CharBlockArray implements Appendable, Serializable, CharSequence {
return sb.toString();
}
@SuppressForbidden(reason = "TODO: don't use java serialization here, inefficient and unnecessary")
void flush(OutputStream out) throws IOException {
ObjectOutputStream oos = null;
try {
@ -198,6 +201,7 @@ class CharBlockArray implements Appendable, Serializable, CharSequence {
}
}
@SuppressForbidden(reason = "TODO: don't use java serialization here, inefficient and unnecessary")
public static CharBlockArray open(InputStream in) throws IOException, ClassNotFoundException {
ObjectInputStream ois = null;
try {

2
lucene/replicator/src/java/org/apache/lucene/replicator/http/HttpClientBase.java
View File

@ -37,6 +37,7 @@ import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.apache.lucene.store.AlreadyClosedException;
import org.apache.lucene.util.IOUtils;
import org.apache.lucene.util.SuppressForbidden;
/**
* Base class for Http clients.
@ -115,6 +116,7 @@ public abstract class HttpClientBase implements Closeable {
}
}
@SuppressForbidden(reason = "XXX: security hole")
protected void throwKnownError(HttpResponse response, StatusLine statusLine) throws IOException {
ObjectInputStream in = null;
try {

2
lucene/replicator/src/java/org/apache/lucene/replicator/http/ReplicationService.java
View File

@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpStatus;
import org.apache.lucene.replicator.Replicator;
import org.apache.lucene.replicator.SessionToken;
import org.apache.lucene.util.SuppressForbidden;
/**
* A server-side service for handling replication requests. The service assumes
@ -129,6 +130,7 @@ public class ReplicationService {
}
/** Executes the replication task. */
@SuppressForbidden(reason = "XXX: security hole")
public void perform(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String[] pathElements = getPathElements(req);

4
lucene/tools/forbiddenApis/base.txt
View File

@ -58,3 +58,7 @@ java.lang.Float#<init>(double)
java.lang.Float#<init>(java.lang.String)
java.lang.Double#<init>(double)
java.lang.Double#<init>(java.lang.String)
@defaultMessage Java deserialization is unsafe when the data is untrusted. The java developer is powerless: no checks or casts help, exploitation can happen in places such as clinit or finalize!
java.io.ObjectInputStream
java.io.ObjectOutputStream

2
solr/contrib/analytics/src/java/org/apache/solr/analytics/stream/AnalyticsShardResponseParser.java
View File

@ -16,6 +16,7 @@
*/
package org.apache.solr.analytics.stream;
import org.apache.lucene.util.SuppressForbidden;
import org.apache.solr.analytics.AnalyticsRequestManager;
import org.apache.solr.client.solrj.ResponseParser;
import org.apache.solr.common.SolrException;
@ -54,6 +55,7 @@ public class AnalyticsShardResponseParser extends ResponseParser {
}
@Override
@SuppressForbidden(reason = "XXX: security hole")
public NamedList<Object> processResponse(InputStream body, String encoding) {
DataInputStream input = new DataInputStream(body);
//check to see if the response is an exception

2
solr/contrib/analytics/src/java/org/apache/solr/response/AnalyticsShardResponseWriter.java
View File

@ -22,6 +22,7 @@ import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Writer;
import org.apache.lucene.util.SuppressForbidden;
import org.apache.solr.analytics.AnalyticsRequestManager;
import org.apache.solr.analytics.stream.AnalyticsShardResponseParser;
import org.apache.solr.client.solrj.impl.BinaryResponseParser;
@ -78,6 +79,7 @@ public class AnalyticsShardResponseWriter implements BinaryQueryResponseWriter {
this.requestSuccessful = false;
}
@SuppressForbidden(reason = "XXX: security hole")
public void write(DataOutputStream output) throws IOException {
output.writeBoolean(requestSuccessful);
if (requestSuccessful) {

5
solr/core/src/test/org/apache/solr/rest/TestManagedResource.java
View File

@ -31,6 +31,7 @@ import java.util.List;
import java.util.Map;
import org.apache.lucene.util.BytesRef;
import org.apache.lucene.util.SuppressForbidden;
import org.apache.solr.SolrTestCaseJ4;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.util.NamedList;
@ -120,12 +121,14 @@ public class TestManagedResource extends SolrTestCaseJ4 {
/**
* Implements a Java serialization based storage format.
*/
@SuppressForbidden(reason = "XXX: security hole")
private static class SerializableStorage extends ManagedResourceStorage {
SerializableStorage(StorageIO storageIO, SolrResourceLoader loader) {
super(storageIO, loader);
}
@SuppressForbidden(reason = "XXX: security hole")
@Override
public Object load(String resourceId) throws IOException {
String storedId = getStoredResourceId(resourceId);
@ -151,6 +154,7 @@ public class TestManagedResource extends SolrTestCaseJ4 {
return serialized;
}
@SuppressForbidden(reason = "XXX: security hole")
@Override
public void store(String resourceId, Object toStore) throws IOException {
if (!(toStore instanceof Serializable))
@ -305,6 +309,7 @@ public class TestManagedResource extends SolrTestCaseJ4 {
/**
* Converts the given Serializable object to bytes
*/
@SuppressForbidden(reason = "XXX: security hole")
private BytesRef ser2bytes(Serializable ser) throws Exception {
ByteArrayOutputStream out = new ByteArrayOutputStream();
ObjectOutputStream oos = null;

3
solr/solrj/src/java/org/apache/solr/client/solrj/SolrResponse.java
View File

@ -27,6 +27,7 @@ import org.apache.solr.common.MapWriter;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.common.util.NamedList;
import org.apache.solr.common.util.SuppressForbidden;
/**
@ -60,6 +61,7 @@ public abstract class SolrResponse implements Serializable, MapWriter {
return new SolrException(errorCode, (String)exp.get("msg"));
}
@SuppressForbidden(reason = "XXX: security hole")
public static byte[] serializable(SolrResponse response) {
try {
ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
@ -71,6 +73,7 @@ public abstract class SolrResponse implements Serializable, MapWriter {
}
}
@SuppressForbidden(reason = "XXX: security hole")
public static SolrResponse deserialize(byte[] bytes) {
try {
ByteArrayInputStream byteStream = new ByteArrayInputStream(bytes);

3
solr/solrj/src/test/org/apache/solr/client/solrj/SolrQueryTest.java
View File

@ -26,6 +26,8 @@ import java.util.Locale;
import java.util.TimeZone;
import junit.framework.Assert;
import org.apache.lucene.util.SuppressForbidden;
import org.apache.solr.SolrTestCase;
import org.apache.solr.client.solrj.SolrQuery.SortClause;
import org.apache.solr.common.params.CommonParams;
@ -180,6 +182,7 @@ public class SolrQueryTest extends SolrTestCase {
/*
* Verifies the symbolic sort operations
*/
@SuppressForbidden(reason = "XXX: security hole")
public void testSort() throws IOException {
SolrQuery q = new SolrQuery("dog");