ObjectStreamClassPredicate.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.commons.io.serialization;

import java.io.ObjectStreamClass;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Stream;

/**
 * A predicate (boolean-valued function) of one argument to accept and reject classes.
 * <p>
 * The reject list takes precedence over the accept list.
 * </p>
 *
 * @since 2.18.0
 */
public class ObjectStreamClassPredicate implements Predicate<ObjectStreamClass> {

    // This is not a Set for now to avoid ClassNameMatchers requiring proper implementations of hashCode() and equals().
    private final List<ClassNameMatcher> acceptMatchers = new ArrayList<>();

    // This is not a Set for now to avoid ClassNameMatchers requiring proper implementations of hashCode() and equals().
    private final List<ClassNameMatcher> rejectMatchers = new ArrayList<>();

    /**
     * Constructs a new instance.
     */
    public ObjectStreamClassPredicate() {
        // empty
    }

    /**
     * Accepts the specified classes for deserialization, unless they are otherwise rejected.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param classes Classes to accept
     * @return this object
     */
    public ObjectStreamClassPredicate accept(final Class<?>... classes) {
        Stream.of(classes).map(c -> new FullClassNameMatcher(c.getName())).forEach(acceptMatchers::add);
        return this;
    }

    /**
     * Accepts class names where the supplied ClassNameMatcher matches for deserialization, unless they are otherwise rejected.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param matcher a class name matcher to <em>accept</em> objects.
     * @return this instance.
     */
    public ObjectStreamClassPredicate accept(final ClassNameMatcher matcher) {
        acceptMatchers.add(matcher);
        return this;
    }

    /**
     * Accepts class names that match the supplied pattern for deserialization, unless they are otherwise rejected.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param pattern a Pattern for compiled regular expression.
     * @return this instance.
     */
    public ObjectStreamClassPredicate accept(final Pattern pattern) {
        acceptMatchers.add(new RegexpClassNameMatcher(pattern));
        return this;
    }

    /**
     * Accepts the wildcard specified classes for deserialization, unless they are otherwise rejected.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param patterns Wildcard file name patterns as defined by {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String)
     *                 FilenameUtils.wildcardMatch}
     * @return this instance.
     */
    public ObjectStreamClassPredicate accept(final String... patterns) {
        Stream.of(patterns).map(WildcardClassNameMatcher::new).forEach(acceptMatchers::add);
        return this;
    }

    /**
     * Rejects the specified classes for deserialization, even if they are otherwise accepted.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param classes Classes to reject
     * @return this instance.
     */
    public ObjectStreamClassPredicate reject(final Class<?>... classes) {
        Stream.of(classes).map(c -> new FullClassNameMatcher(c.getName())).forEach(rejectMatchers::add);
        return this;
    }

    /**
     * Rejects class names where the supplied ClassNameMatcher matches for deserialization, even if they are otherwise accepted.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param m the matcher to use
     * @return this instance.
     */
    public ObjectStreamClassPredicate reject(final ClassNameMatcher m) {
        rejectMatchers.add(m);
        return this;
    }

    /**
     * Rejects class names that match the supplied pattern for deserialization, even if they are otherwise accepted.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param pattern standard Java regexp
     * @return this instance.
     */
    public ObjectStreamClassPredicate reject(final Pattern pattern) {
        rejectMatchers.add(new RegexpClassNameMatcher(pattern));
        return this;
    }

    /**
     * Rejects the wildcard specified classes for deserialization, even if they are otherwise accepted.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param patterns Wildcard file name patterns as defined by {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String)
     *                 FilenameUtils.wildcardMatch}
     * @return this instance.
     */
    public ObjectStreamClassPredicate reject(final String... patterns) {
        Stream.of(patterns).map(WildcardClassNameMatcher::new).forEach(rejectMatchers::add);
        return this;
    }

    /**
     * Tests that the ObjectStreamClass conforms to requirements.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param objectStreamClass The ObjectStreamClass to test.
     * @return true if the input is accepted, false if rejected, false if neither.
     */
    @Override
    public boolean test(final ObjectStreamClass objectStreamClass) {
        return test(objectStreamClass.getName());
    }

    /**
     * Tests that the class name conforms to requirements.
     * <p>
     * The reject list takes precedence over the accept list.
     * </p>
     *
     * @param name The class name to test.
     * @return true if the input is accepted, false if rejected, false if neither.
     */
    public boolean test(final String name) {
        // The reject list takes precedence over the accept list.
        for (final ClassNameMatcher m : rejectMatchers) {
            if (m.matches(name)) {
                return false;
            }
        }
        for (final ClassNameMatcher m : acceptMatchers) {
            if (m.matches(name)) {
                return true;
            }
        }
        return false;
    }

}