Merge commit from fork

Co-authored-by: liujianjun.ljj <[email protected]>
sofastack · Sep 14, 2024 · 764ef4b · 764ef4b
1 parent e6f59b9
commit 764ef4b
Show file tree

Hide file tree

Showing 2 changed files with 165 additions and 61 deletions.
diff --git a/src/main/resources/security/serialize.blacklist b/src/main/resources/security/serialize.blacklist
@@ -1,44 +1,157 @@
-org.codehaus.groovy.runtime.MethodClosure
-clojure.core$constantly
-clojure.main$eval_opt
-com.alibaba.citrus.springext.support.parser.AbstractNamedProxyBeanDefinitionParser$ProxyTargetFactory
-com.alibaba.citrus.springext.support.parser.AbstractNamedProxyBeanDefinitionParser$ProxyTargetFactoryImpl
-com.alibaba.citrus.springext.util.SpringExtUtil.AbstractProxy
-com.alipay.custrelation.service.model.redress.Pair
+aj.org.objectweb.asm.
+br.com.anteros.
+bsh.
+ch.qos.logback.
+clojure.
+com.alibaba.citrus.springext.support.parser.
+com.alibaba.citrus.springext.util.SpringExtUtil.
+com.alibaba.druid.pool.
+com.alibaba.druid.stat.JdbcDataSourceStat
+com.alibaba.fastjson.annotation.
+com.alibaba.hotcode.internal.org.apache.commons.collections.functors.
+com.alipay.custrelation.service.model.redress.
+com.alipay.oceanbase.obproxy.druid.pool.
 com.caucho.hessian.test.TestCons
-com.mchange.v2.c3p0.JndiRefForwardingDataSource
-com.mchange.v2.c3p0.WrapperConnectionPoolDataSource
-com.rometools.rome.feed.impl.EqualsBean
-com.rometools.rome.feed.impl.ToStringBean
-com.sun.jndi.rmi.registry.BindingEnumeration
-com.sun.jndi.toolkit.dir.LazySearchEnumerationImpl
-com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl
-com.sun.rowset.JdbcRowSetImpl
-com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data
-java.rmi.server.UnicastRemoteObject
-java.security.SignedObject
-java.util.ServiceLoader$LazyIterator
-javax.imageio.ImageIO$ContainsFilter
-javax.imageio.spi.ServiceRegistry
-javax.management.BadAttributeValueExpException
-javax.naming.InitialContext
-javax.naming.spi.ObjectFactory
-javax.script.ScriptEngineManager
-javax.sound.sampled.AudioFormat$Encoding
-org.apache.carbondata.core.scan.expression.ExpressionResult
-org.apache.commons.dbcp.datasources.SharedPoolDataSource
-org.apache.ibatis.executor.loader.AbstractSerialStateHolder
-org.apache.ibatis.executor.loader.CglibSerialStateHolder
-org.apache.ibatis.executor.loader.JavassistSerialStateHolder
-org.apache.ibatis.executor.loader.cglib.CglibProxyFactory
-org.apache.ibatis.executor.loader.javassist.JavassistSerialStateHolder
-org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
-org.apache.wicket.util.upload.DiskFileItem
-org.apache.xalan.xsltc.trax.TemplatesImpl
-org.apache.xbean.naming.context.ContextUtil$ReadOnlyBinding
-org.apache.xpath.XPathContext
-org.eclipse.jetty.util.log.LoggerLog
-org.geotools.filter.ConstantExpression
+com.caucho.naming.Qname
+com.ibatis.
+com.ibm.jtc.jax.xml.bind.v2.runtime.unmarshaller.
+com.ibm.xltxe.rnm1.xtq.bcel.util.
+com.mchange.
+com.mysql.cj.jdbc.admin.
+com.mysql.cj.jdbc.MysqlConnectionPoolDataSource
+com.mysql.cj.jdbc.MysqlDataSource
+com.mysql.cj.jdbc.MysqlXADataSource
+com.mysql.cj.log.
+com.mysql.jdbc.util.
+com.p6spy.engine.
+com.rometools.rome.feed.
+com.sun.
+com.taobao.eagleeye.wrapper.
+com.taobao.vipserver.commons.collections.functors.
+com.zaxxer.hikari.
+flex.messaging.util.concurrent.
+groovy.lang.
+java.awt.
+java.beans.
+java.net.InetAddress
+java.net.Socket
+java.net.URL
+java.rmi.
+java.security.
+java.util.EventListener
+java.util.jar.
+java.util.logging.
+java.util.prefs.
+java.util.ServiceLoader
+java.util.StringTokenizer
+javassist.
+javax.activation.
+javax.imageio.
+javax.management.
+javax.media.jai.remote.
+javax.naming.
+javax.net.
+javax.print.
+javax.script.
+javax.sound.
+javax.swing.
+javax.tools.
+javax.xml
+jdk.internal.
+jodd.db.connection.
+junit.
+net.bytebuddy.dynamic.loading.
+net.sf.cglib.
+net.sf.ehcache.hibernate.
+net.sf.ehcache.transaction.manager.
+ognl.
+oracle.jdbc.
+oracle.jms.aq.
+oracle.net.
+org.aoju.bus.proxy.provider.
+org.apache.activemq.ActiveMQConnectionFactory
+org.apache.activemq.ActiveMQXAConnectionFactory
+org.apache.activemq.jms.pool.
+org.apache.activemq.pool.
+org.apache.activemq.spring.
+org.apache.aries.transaction.
+org.apache.axis2.jaxws.spi.handler.
+org.apache.axis2.transport.jms.
+org.apache.bcel.
+org.apache.carbondata.core.scan.expression.
+org.apache.catalina.
+org.apache.cocoon.
+org.apache.commons.beanutils.
+org.apache.commons.codec.
+org.apache.commons.collections.comparators.
+org.apache.commons.collections.functors.
+org.apache.commons.collections.Transformer
+org.apache.commons.collections4.comparators.
+org.apache.commons.collections4.functors.
+org.apache.commons.collections4.Transformer
+org.apache.commons.configuration.
+org.apache.commons.configuration2.
+org.apache.commons.dbcp.
+org.apache.commons.fileupload.
+org.apache.commons.jelly.
+org.apache.commons.logging.
+org.apache.commons.proxy.
+org.apache.cxf.jaxrs.provider.
+org.apache.hadoop.shaded.com.zaxxer.hikari.
+org.apache.http.auth.
+org.apache.http.conn.
+org.apache.http.cookie.
+org.apache.http.impl.
+org.apache.ibatis.datasource.
+org.apache.ibatis.executor.
+org.apache.ibatis.javassist.
+org.apache.ibatis.ognl.
+org.apache.ibatis.parsing.
+org.apache.ibatis.reflection.
+org.apache.ibatis.scripting.
+org.apache.ignite.cache.
+org.apache.ignite.cache.jta.
+org.apache.log.output.db.
+org.apache.log4j.
+org.apache.logging.
+org.apache.myfaces.context.servlet.
+org.apache.myfaces.view.facelets.el.
+org.apache.openjpa.ee.
+org.apache.shiro.
+org.apache.tomcat.
+org.apache.velocity.
+org.apache.wicket.util.
+org.apache.xalan.
+org.apache.xbean.
+org.apache.xpath.
+org.apache.zookeeper.
+org.aspectj.
+org.codehaus.groovy.runtime.
+org.codehaus.jackson.
+org.datanucleus.store.rdbms.datasource.dbcp.datasources.
+org.dom4j.
+org.eclipse.jetty.
+org.geotools.filter.
+org.h2.jdbcx.
+org.h2.server.
+org.h2.value.
+org.hibernate.
+org.javasimon.
+org.jaxen.
+org.jboss.
+org.jdom.
+org.jdom2.transform.
+org.junit.
+org.logicalcobwebs.
+org.mockito.
+org.mortbay.jetty.
+org.mortbay.log.
+org.mozilla.javascript.
+org.objectweb.asm.
+org.osjava.sj.
+org.python.core.
+org.quartz.
+org.slf4j.
 org.springframework.aop.aspectj.autoproxy.AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder
 org.springframework.aop.support.DefaultBeanFactoryPointcutAdvisor
 org.springframework.beans.factory.BeanFactory
@@ -47,22 +160,13 @@ org.springframework.beans.factory.support.DefaultListableBeanFactory
 org.springframework.jndi.support.SimpleJndiBeanFactory
 org.springframework.orm.jpa.AbstractEntityManagerFactoryBean
 org.springframework.transaction.jta.JtaTransactionManager
-org.yaml.snakeyaml.tokens.DirectiveToken
-sun.rmi.server.UnicastRef
-javax.management.ImmutableDescriptor
 org.springframework.jndi.JndiObjectTargetSource
-ch.qos.logback.core.db.JNDIConnectionSource
-java.beans.Expression
-javassist.bytecode
-org.apache.ibatis.javassist.bytecode
 org.springframework.beans.factory.config.MethodInvokingFactoryBean
-com.alibaba.druid.pool.DruidDataSource
-com.sun.org.apache.bcel.internal.util.ClassLoader
-com.alibaba.druid.stat.JdbcDataSourceStat
-org.apache.tomcat.dbcp.dbcp.BasicDataSource
-com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput
-javassist.tools.web.Viewer
-net.bytebuddy.dynamic.loading.ByteArrayClassLoader
-org.apache.commons.beanutils.BeanMap
-com.caucho.naming.Qname
-com.sun.org.apache.xpath.internal.objects.Xstring
+org.thymeleaf.
+org.yaml.snakeyaml.tokens.
+pstore.shaded.org.apache.commons.collections.
+sun.print.
+sun.rmi.server.
+sun.rmi.transport.
+weblogic.ejb20.internal.
+weblogic.jms.common.
diff --git a/src/test/java/com/caucho/hessian/test/SerializerFactoryTest.java b/src/test/java/com/caucho/hessian/test/SerializerFactoryTest.java
@@ -21,8 +21,8 @@
 import org.junit.Assert;
 import org.junit.Test;
 
-import java.awt.Color;
 import java.lang.reflect.Field;
+import java.util.Date;
 import java.util.Map;
 
 /**
@@ -41,7 +41,7 @@ public void getDeserializerByType() throws Exception {
             .get(serializerFactory));
         ClassLoader cl = Thread.currentThread().getContextClassLoader();
 
-        final String testClassName = Color.class.getName();
+        final String testClassName = Date.class.getName();
         Deserializer d1 = serializerFactory.getDeserializer(testClassName);
         Assert.assertNotNull("TestClass Deserializer!", d1);
 
@@ -67,7 +67,7 @@ public void getDeserializerByType2() throws Exception {
             .get(serializerFactory));
         ClassLoader cl = Thread.currentThread().getContextClassLoader();
 
-        final String testClassName = Color.class.getName();
+        final String testClassName = Date.class.getName();
         Deserializer d1 = serializerFactory.getDeserializer(testClassName);
         Assert.assertNotNull("TestClass Deserializer!", d1);
 
@@ -93,7 +93,7 @@ public void testDynamicLoadEnableDefaultFalse() throws Exception {
             .get(serializerFactory));
         ClassLoader cl = Thread.currentThread().getContextClassLoader();
 
-        final String testClassName = Color.class.getName();
+        final String testClassName = Date.class.getName();
         Deserializer d1 = serializerFactory.getDeserializer(testClassName);
         Assert.assertNotNull("TestClass Deserializer!", d1);