001/**
002 * Logback: the reliable, generic, fast and flexible logging framework.
003 * Copyright (C) 1999-2022, QOS.ch. All rights reserved.
004 *
005 * This program and the accompanying materials are dual-licensed under
006 * either the terms of the Eclipse Public License v1.0 as published by
007 * the Eclipse Foundation
008 *
009 *   or (per the licensee's choosing)
010 *
011 * under the terms of the GNU Lesser General Public License version 2.1
012 * as published by the Free Software Foundation.
013 */
014package ch.qos.logback.classic.net.server;
015
016import java.io.IOException;
017import java.io.InputStream;
018import java.util.ArrayList;
019import java.util.List;
020
021import org.slf4j.helpers.BasicMarker;
022
023import ch.qos.logback.classic.Level;
024import ch.qos.logback.classic.Logger;
025import ch.qos.logback.classic.spi.ClassPackagingData;
026import ch.qos.logback.classic.spi.IThrowableProxy;
027import ch.qos.logback.classic.spi.LoggerContextVO;
028import ch.qos.logback.classic.spi.LoggerRemoteView;
029import ch.qos.logback.classic.spi.LoggingEventVO;
030import ch.qos.logback.classic.spi.StackTraceElementProxy;
031import ch.qos.logback.classic.spi.ThrowableProxy;
032import ch.qos.logback.classic.spi.ThrowableProxyVO;
033import ch.qos.logback.core.net.HardenedObjectInputStream;
034
035public class HardenedLoggingEventInputStream extends HardenedObjectInputStream {
036
037    static final String ARRAY_PREFIX = "[L";
038
039    static public List<String> getWhilelist() {
040        List<String> whitelist = new ArrayList<String>();
041        whitelist.add(LoggingEventVO.class.getName());
042        whitelist.add(LoggerContextVO.class.getName());
043        whitelist.add(LoggerRemoteView.class.getName());
044        whitelist.add(ThrowableProxyVO.class.getName());
045        whitelist.add(BasicMarker.class.getName());
046        whitelist.add(Level.class.getName());
047        whitelist.add(Logger.class.getName());
048        whitelist.add(StackTraceElement.class.getName());
049        whitelist.add(StackTraceElement[].class.getName());
050        whitelist.add(ThrowableProxy.class.getName());
051        whitelist.add(ThrowableProxy[].class.getName());
052        whitelist.add(IThrowableProxy.class.getName());
053        whitelist.add(IThrowableProxy[].class.getName());
054        whitelist.add(StackTraceElementProxy.class.getName());
055        whitelist.add(StackTraceElementProxy[].class.getName());
056        whitelist.add(ClassPackagingData.class.getName());
057
058        return whitelist;
059    }
060
061    public HardenedLoggingEventInputStream(InputStream is) throws IOException {
062        super(is, getWhilelist());
063    }
064
065    public HardenedLoggingEventInputStream(InputStream is, List<String> additionalAuthorizedClasses)
066            throws IOException {
067        this(is);
068        super.addToWhitelist(additionalAuthorizedClasses);
069    }
070}