Description
Intro
Please add char array to ALLOWED_CLASS_PATTERNS in DefaultHttpCacheEntrySerializer.
Further Explanation
The current ALLOWED_CLASS_PATTERNS looks like this:
private static final List<Pattern> ALLOWED_CLASS_PATTERNS = Collections.unmodifiableList(Arrays.asList( Pattern.compile("^(\\[L)?org\\.apache\\.http\\.(.*)"), Pattern.compile("^(\\[L)?java\\.util\\.(.*)"), Pattern.compile("^(\\[L)?java\\.lang\\.(.*)$"), Pattern.compile("^\\[B$")));
As we can se byte arrays are allowed (at the end) but not char arrays. This currently blocks me from upgrading from 4.5.8 to 4.5.10 because the HttpCacheEntry may contain char arrays.
The field "HttpCacheEntry.responseHeaders.headers" can be of the implementing type "BufferedHeader" which contains a "private final CharArrayBuffer buffer;" field, which contains "private char[] buffer;".
Proposed Solution
Maybe it would make sense to whitelist all arrays of primitives (as opposed to just arrays of bytes)? That way future code changes does not risk breaking the DefaultHttpCacheEntrySerializer?
The code might look something like this?
private static final List<Pattern> ALLOWED_CLASS_PATTERNS = Collections.unmodifiableList(Arrays.asList( Pattern.compile("^(?:\\[+L)?org\\.apache\\.http\\..*$"), Pattern.compile("^(?:\\[+L)?java\\.util\\..*$"), Pattern.compile("^(?:\\[+L)?java\\.lang\\..*$"), Pattern.compile("^\\[+Z$"), // boolean Pattern.compile("^\\[+B$"), // byte Pattern.compile("^\\[+C$"), // char Pattern.compile("^\\[+D$"), // double Pattern.compile("^\\[+F$"), // float Pattern.compile("^\\[+I$"), // int Pattern.compile("^\\[+J$"), // long Pattern.compile("^\\[+S$") // short ));
Note that I removed groups where unnecessary (to avoid capturing) and made the required group non capturing "?:" as well as added support for arrays of arrays of arrays.
Attachments
Issue Links
- relates to
-
HTTPCLIENT-2022 HttpCacheEntrySerializationException Message Unused
- Resolved
- links to