public class Valid extends Object
Collections de-serialized by AtomicMarshalInputStream are always safe, that is, they do not call hashCode or equals on elements. These collections are not intended to be used as Collections in object form and must be replaced during construction. Although Comparator's contained in SortedMap's and SortedSet's are serialized, they are not used by any of the following methods. It is generally recommended, although not compulsory, to prefer constructing a Comparator when constructing defensive copies, instead of using the de-serialized Comparator.
Before using a de-serialized Comparator, it should be type checked, to ensure it is suitable for comparison of types of elements contained in a SortedSet or SortedMap.
Since Java 8, HashMap key's and HashSet elements that implement Comparable are provided with improved protection against hash collision DOS.
It is recommended that when using Set's or Map's, that Comparable keys or elements, or a Comparator, be used to avoid hash collisions. Remember to type check all keys, values and elements first, convenience methods have been provided here to ease type checks in Collections.
Note that an attacker may deliberately generate a hash collision to ensure equals is called and try to install the collection in another object that later invokes it. This is why type checking of all elements is so important.
When considering the security of a collection, remember that an attacker may try to obtain a reference to the collection, as such, defensive copies of collections should not be allowed to leak through your API during de-serialization, as your object is accessible via shared references.
Users are cautioned against using Maps and Sets that use hashing functions when keys or elements contained therein are not type specific.
| Constructor and Description |
|---|
Valid() |
| Modifier and Type | Method and Description |
|---|---|
static boolean[] |
copy(boolean[] arry)
Convenience method to create a copy of a boolean array
if non null.
|
static byte[] |
copy(byte[] arry)
Convenience method to create a copy of a byte array
if non null.
|
static char[] |
copy(char[] arry)
Convenience method to create a copy of a char array
if non null.
|
static double[] |
copy(double[] arry)
Convenience method to create a copy of a double array
if non null.
|
static float[] |
copy(float[] arry)
Convenience method to create a copy of a float array
if non null.
|
static int[] |
copy(int[] arry)
Convenience method to create a copy of a int array
if non null.
|
static long[] |
copy(long[] arry)
Convenience method to create a copy of a long array
if non null.
|
static short[] |
copy(short[] arry)
Convenience method to create a copy of a short array
if non null.
|
static <T> T |
copy(T obj)
Convenience method to copy Cloneable objects.
|
static <T> T[] |
copy(T[] arry)
Convenience method to create a shallow copy of an array
if non null.
|
static <T extends Collection<E>,E> |
copyCol(T source,
T destination,
Class<E> type)
Convenience method to copy and type check all elements from the
source collection, into the destination collection.
|
static <T extends Map<K,V>,K,V> |
copyMap(T source,
T destination,
Class<K> key,
Class<V> val)
Convenience method to copy and type check all keys and values from
the source map, into the destination map.
|
static <T extends Map<K,V>,K,V> |
copyMap(T source,
T destination,
Class<K> key,
Class<V> val,
int allowableHashCollisions)
Convenience method to copy and type check all keys and values from
the source map, into the destination map.
|
static <T extends Set<E>,E> |
copySet(T source,
T destination,
Class<E> type,
int allowableHashCollisions)
Convenience method to copy and type check all elements from the
source collection, into the destination collection.
|
static <T> T[] |
deepCopy(T[] arry)
Convenience method to perform a deep copy of an array containing
Cloneable objects
|
static <T> T |
hasClass(Class<T> type,
Object o)
Checks class of an Object is equal to the Class type and returns it as
that type, if true and throws an InvalidObjectException if false.
|
static <T> T |
isInstance(Class<T> type,
Object o)
Type checks an object is an instance of type and returns it cast as
the type if true, otherwise throws an InvalidObjectException.
|
static <T> T |
notNull(T obj,
String message)
Convenience method to check that an object is non null.
|
static <T> T[] |
nullElement(T[] arry,
String message)
Checks all elements in an array for null values, if the arry parameter
is not null.
|
static void |
throwIOE(Exception cause) |
public static <T> T isInstance(Class<T> type, Object o) throws InvalidObjectException
T - instance type to return.type - to check instance.o - Object instance to type check.InvalidObjectExceptionpublic static <T> T hasClass(Class<T> type, Object o) throws InvalidObjectException
T - type cast object as.type - o - the Object.InvalidObjectExceptionpublic static <T extends Collection<E>,E> T copyCol(T source, T destination, Class<E> type) throws InvalidObjectException
T - Collection or subtype.E - Element type.source - Collection containing unchecked elements.destination - Empty Collection to populate with checked elements.type - InvalidObjectException - if invariant checks fail.NullPointerException - if any parameter, other than source, is null.public static <T extends Set<E>,E> T copySet(T source, T destination, Class<E> type, int allowableHashCollisions) throws InvalidObjectException
Instances of java.util.Set have been replaced in the stream by a safe limited functionality immutable Set instance that must be replaced during deserialization.
This method checks for hash collisions before populating the destination set.
T - Set or subtype.E - Element type.source - Collection containing unchecked elements.destination - Empty Collection to populate with checked elements.type - Element type.allowableHashCollisions - number of hash collisions allowed per bucket.InvalidObjectException - if invariant checks fail.NullPointerException - if any parameter (other than comp or source) is null.IllegalArgumentException - if allowableHashCollisions is negative.public static <T> T notNull(T obj,
String message)
throws InvalidObjectException
T - obj - message - reason for exception.InvalidObjectException - with a NullPointerException as its cause.public static <T> T[] nullElement(T[] arry,
String message)
throws InvalidObjectException
T - arry - the arraymessage - the message for the InvalidObjectExceptionInvalidObjectException - if array contains null elements.public static <T> T[] deepCopy(T[] arry)
throws CloneNotSupportedException
T - arry - - may be null or contain null elements.CloneNotSupportedExceptionpublic static <T> T[] copy(T[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
T - typearry - that will be cloned.public static byte[] copy(byte[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static boolean[] copy(boolean[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static char[] copy(char[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static short[] copy(short[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static int[] copy(int[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static long[] copy(long[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static double[] copy(double[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static float[] copy(float[] arry)
Since arrays are mutable, an attacker can retain a reference to a de-serialized array, that allows an attacker to mutate that array.
arry - that will be cloned.public static <T> T copy(T obj)
throws CloneNotSupportedException
T - obj - CloneNotSupportedExceptionpublic static <T extends Map<K,V>,K,V> T copyMap(T source, T destination, Class<K> key, Class<V> val) throws InvalidObjectException
Note, this shouldn't be used to populate maps that don't have protection against hash collisions. Note that HashMap and ConcurrentHashMap, since Java 8 defend against hash collisions, but only if keys are Comparable.
T - Map or subtype.K - key type.V - value type.source - any map containing unchecked keys and values.destination - a map into which checked values and keys are to be copied.key - Class of key to type check.val - Class of value to type check.InvalidObjectException - if invariant checks fail.ClassCastExceptionNullPointerException - if any parameter other than source is null.public static <T extends Map<K,V>,K,V> T copyMap(T source, T destination, Class<K> key, Class<V> val, int allowableHashCollisions) throws InvalidObjectException
T - Map or subtype.K - key type.V - value type.source - any map containing unchecked keys and values.destination - a map into which checked values and keys are to be copied.key - Class of key to type check.val - Class of value to type check.allowableHashCollisions - the number of hash collisions allowed per bucket.InvalidObjectException - if invariant checks fail.NullPointerException - if any parameter (other than comp and source) is null.IllegalArgumentException - if allowableHashCollisions is negative.public static void throwIOE(Exception cause) throws InvalidObjectException
InvalidObjectExceptionCopyright © 2016–2018 The Apache Software Foundation. All rights reserved.