View Javadoc
1   package ch.qos.logback.classic.net.server;
2   
3   import java.io.IOException;
4   import java.io.InputStream;
5   import java.util.ArrayList;
6   import java.util.List;
7   
8   import org.slf4j.helpers.BasicMarker;
9   
10  import ch.qos.logback.classic.Level;
11  import ch.qos.logback.classic.Logger;
12  import ch.qos.logback.classic.spi.ClassPackagingData;
13  import ch.qos.logback.classic.spi.IThrowableProxy;
14  import ch.qos.logback.classic.spi.LoggerContextVO;
15  import ch.qos.logback.classic.spi.LoggerRemoteView;
16  import ch.qos.logback.classic.spi.LoggingEventVO;
17  import ch.qos.logback.classic.spi.StackTraceElementProxy;
18  import ch.qos.logback.classic.spi.ThrowableProxy;
19  import ch.qos.logback.classic.spi.ThrowableProxyVO;
20  import ch.qos.logback.core.net.HardenedObjectInputStream;
21  
22  public class HardenedLoggingEventInputStream extends HardenedObjectInputStream {
23  
24      static final String ARRAY_PREFIX = "[L";
25      
26      static public List<String> getWhilelist() {
27          List<String> whitelist = new ArrayList<String>();
28          whitelist.add(LoggingEventVO.class.getName());
29          whitelist.add(LoggerContextVO.class.getName());
30          whitelist.add(LoggerRemoteView.class.getName());
31          whitelist.add(ThrowableProxyVO.class.getName());
32          whitelist.add(BasicMarker.class.getName());
33          whitelist.add(Level.class.getName());
34          whitelist.add(Logger.class.getName());
35          whitelist.add(StackTraceElement.class.getName());
36          whitelist.add(StackTraceElement[].class.getName());
37          whitelist.add(ThrowableProxy.class.getName());
38          whitelist.add(ThrowableProxy[].class.getName());
39          whitelist.add(IThrowableProxy.class.getName());
40          whitelist.add(IThrowableProxy[].class.getName());
41          whitelist.add(StackTraceElementProxy.class.getName());
42          whitelist.add(StackTraceElementProxy[].class.getName());
43          whitelist.add(ClassPackagingData.class.getName());
44  
45          return whitelist;
46      }
47     
48      public HardenedLoggingEventInputStream(InputStream is) throws IOException {
49          super(is, getWhilelist());
50      }
51      
52      public HardenedLoggingEventInputStream(InputStream is, List<String> additionalAuthorizedClasses) throws IOException {
53          this(is);
54          super.addToWhitelist(additionalAuthorizedClasses);
55      }
56  }