public class org.apache.log4j.net.HardenedObjectInputStream extends java.io.ObjectInputStream
{
static final java.lang.String ARRAY_CLASS_PREFIX;
final java.util.List whitelistedClassNames;
static final java.lang.String[] JAVA_PACKAGES;
public void <init>(java.io.InputStream, java.lang.String[]) throws java.io.IOException
{
java.lang.String[] v;
java.util.ArrayList v;
java.util.List v;
org.apache.log4j.net.HardenedObjectInputStream v;
int v, v;
java.lang.String v;
java.io.InputStream v;
v := @this: org.apache.log4j.net.HardenedObjectInputStream;
v := @parameter: java.io.InputStream;
v := @parameter: java.lang.String[];
specialinvoke v.<java.io.ObjectInputStream: void <init>(java.io.InputStream)>(v);
v = new java.util.ArrayList;
specialinvoke v.<java.util.ArrayList: void <init>()>();
v.<org.apache.log4j.net.HardenedObjectInputStream: java.util.List whitelistedClassNames> = v;
if v == null goto label;
v = 0;
label:
v = lengthof v;
if v >= v goto label;
v = v.<org.apache.log4j.net.HardenedObjectInputStream: java.util.List whitelistedClassNames>;
v = v[v];
interfaceinvoke v.<java.util.List: boolean add(java.lang.Object)>(v);
v = v + 1;
goto label;
label:
return;
}
public void <init>(java.io.InputStream, java.util.List) throws java.io.IOException
{
java.util.List v, v;
org.apache.log4j.net.HardenedObjectInputStream v;
java.io.InputStream v;
java.util.ArrayList v;
v := @this: org.apache.log4j.net.HardenedObjectInputStream;
v := @parameter: java.io.InputStream;
v := @parameter: java.util.List;
specialinvoke v.<java.io.ObjectInputStream: void <init>(java.io.InputStream)>(v);
v = new java.util.ArrayList;
specialinvoke v.<java.util.ArrayList: void <init>()>();
v.<org.apache.log4j.net.HardenedObjectInputStream: java.util.List whitelistedClassNames> = v;
v = v.<org.apache.log4j.net.HardenedObjectInputStream: java.util.List whitelistedClassNames>;
interfaceinvoke v.<java.util.List: boolean addAll(java.util.Collection)>(v);
return;
}
protected java.lang.Class resolveClass(java.io.ObjectStreamClass) throws java.io.IOException, java.lang.ClassNotFoundException
{
java.io.InvalidClassException v;
org.apache.log4j.net.HardenedObjectInputStream v;
java.io.ObjectStreamClass v;
java.lang.Class v;
java.lang.String v;
boolean v;
v := @this: org.apache.log4j.net.HardenedObjectInputStream;
v := @parameter: java.io.ObjectStreamClass;
v = virtualinvoke v.<java.io.ObjectStreamClass: java.lang.String getName()>();
v = specialinvoke v.<org.apache.log4j.net.HardenedObjectInputStream: boolean isWhitelisted(java.lang.String)>(v);
if v != 0 goto label;
v = new java.io.InvalidClassException;
specialinvoke v.<java.io.InvalidClassException: void <init>(java.lang.String,java.lang.String)>("Unauthorized deserialization attempt", v);
throw v;
label:
v = specialinvoke v.<java.io.ObjectInputStream: java.lang.Class resolveClass(java.io.ObjectStreamClass)>(v);
return v;
}
private boolean isWhitelisted(java.lang.String)
{
java.util.Iterator v;
java.lang.String[] v, v;
java.util.List v;
org.apache.log4j.net.HardenedObjectInputStream v;
int v, v;
java.lang.Object v;
java.lang.String v, v;
boolean v, v, v;
v := @this: org.apache.log4j.net.HardenedObjectInputStream;
v := @parameter: java.lang.String;
v = 0;
label:
v = <org.apache.log4j.net.HardenedObjectInputStream: java.lang.String[] JAVA_PACKAGES>;
v = lengthof v;
if v >= v goto label;
v = <org.apache.log4j.net.HardenedObjectInputStream: java.lang.String[] JAVA_PACKAGES>;
v = v[v];
v = virtualinvoke v.<java.lang.String: boolean startsWith(java.lang.String)>(v);
if v == 0 goto label;
return 1;
label:
v = v + 1;
goto label;
label:
v = v.<org.apache.log4j.net.HardenedObjectInputStream: java.util.List whitelistedClassNames>;
v = interfaceinvoke v.<java.util.List: java.util.Iterator iterator()>();
label:
v = interfaceinvoke v.<java.util.Iterator: boolean hasNext()>();
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Iterator: java.lang.Object next()>();
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
return 1;
label:
return 0;
}
protected void addToWhitelist(java.util.List)
{
java.util.List v, v;
org.apache.log4j.net.HardenedObjectInputStream v;
v := @this: org.apache.log4j.net.HardenedObjectInputStream;
v := @parameter: java.util.List;
v = v.<org.apache.log4j.net.HardenedObjectInputStream: java.util.List whitelistedClassNames>;
interfaceinvoke v.<java.util.List: boolean addAll(java.util.Collection)>(v);
return;
}
static void <clinit>()
{
java.lang.String[] v;
v = newarray (java.lang.String)[3];
v[0] = "java.lang";
v[1] = "java.util";
v[2] = "[Ljava.lang";
<org.apache.log4j.net.HardenedObjectInputStream: java.lang.String[] JAVA_PACKAGES> = v;
return;
}
}