Hibernate
/
hibernate-orm
mirror of https://github.com/hibernate/hibernate-orm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HHH-15808 ByteBuddyProxyFactory#getHibernateProxy is triggering type pollution via generic PrivilegedAction

This commit is contained in:
Sanne Grinovero 2022-12-03 18:07:28 +00:00 committed by Sanne Grinovero
parent bdc67f81b1
commit ded4c433ac
1 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
View File

@ -89,7 +89,6 @@ public class ByteBuddyProxyFactory implements ProxyFactory, Serializable {
overridesEquals overridesEquals
); );
final HibernateProxy proxy = getHibernateProxy(); final HibernateProxy proxy = getHibernateProxy();
( (ProxyConfiguration) proxy ).$$_hibernate_set_interceptor( interceptor ); ( (ProxyConfiguration) proxy ).$$_hibernate_set_interceptor( interceptor );
@ -97,22 +96,32 @@ public class ByteBuddyProxyFactory implements ProxyFactory, Serializable {
} }
private HibernateProxy getHibernateProxy() private HibernateProxy getHibernateProxy() {
throws HibernateException { final PrimeAmongSecondarySupertypes internal = getHibernateProxyInternal();
final HibernateProxy hibernateProxy = internal.asHibernateProxy();
final PrivilegedAction<HibernateProxy> action = new PrivilegedAction<HibernateProxy>() {
@Override
public HibernateProxy run() {
try {
PrimeAmongSecondarySupertypes instance = (PrimeAmongSecondarySupertypes) proxyClass.getConstructor().newInstance();
final HibernateProxy hibernateProxy = instance.asHibernateProxy();
if ( hibernateProxy == null ) { if ( hibernateProxy == null ) {
throw new HibernateException( "Produced proxy does not correctly implement HibernateProxy" ); throw new HibernateException( "Produced proxy does not correctly implement HibernateProxy" );
} }
return hibernateProxy; return hibernateProxy;
} }
/**
* This technically returns a HibernateProxy, but declaring that type as the return
* type for the privileged action triggers an implicit case of type pollution.
* We therefore declare it as PrimeAmongSecondarySupertypes, and require the
* invoker to perform the narrowing
*/
private PrimeAmongSecondarySupertypes getHibernateProxyInternal()
throws HibernateException {
final PrivilegedAction<PrimeAmongSecondarySupertypes> action = new PrivilegedAction<PrimeAmongSecondarySupertypes>() {
@Override
public PrimeAmongSecondarySupertypes run() {
try {
return (PrimeAmongSecondarySupertypes) proxyClass.getConstructor().newInstance();
}
catch (NoSuchMethodException e) { catch (NoSuchMethodException e) {
String logMessage = LOG.bytecodeEnhancementFailedBecauseOfDefaultConstructor( entityName ); String logMessage = LOG.bytecodeEnhancementFailedBecauseOfDefaultConstructor( entityName );
LOG.error( logMessage, e ); LOG.error( logMessage, e );
@ -127,6 +136,6 @@ public class ByteBuddyProxyFactory implements ProxyFactory, Serializable {
} }
}; };
return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( action ) : action.run(); return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( action ) : action.run();
} }
} }