View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   https://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.commons.io.serialization;
21  
22  import static org.junit.jupiter.api.Assertions.assertInstanceOf;
23  import static org.junit.jupiter.api.Assertions.assertThrows;
24  import static org.junit.jupiter.api.Assertions.assertTrue;
25  
26  import java.io.IOException;
27  import java.io.InvalidClassException;
28  import java.io.Serializable;
29  import java.lang.reflect.InvocationHandler;
30  import java.lang.reflect.Method;
31  import java.lang.reflect.Proxy;
32  
33  import org.apache.commons.lang3.SerializationUtils;
34  import org.junit.jupiter.api.Test;
35  
36  /**
37   * Tests {@link ValidatingObjectInputStream}.
38   */
39  class ProxyTest {
40  
41      public interface IFoo extends Serializable {
42  
43          void foo();
44      }
45  
46      public static class InvocationHandlerImpl implements InvocationHandler, Serializable {
47  
48          @Override
49          public Object invoke(final Object proxy, final Method method, final Object[] args) {
50              return "InvocationHandlerImpl.invoke()";
51          }
52      }
53  
54      Object newProxy() {
55          return Proxy.newProxyInstance(ProxyTest.class.getClassLoader(), new Class<?>[] { IFoo.class }, new InvocationHandlerImpl());
56      }
57  
58      @Test
59      void testAcceptProxy() throws IOException, ClassNotFoundException {
60          final Object proxy = newProxy();
61          final byte[] serialized = SerializationUtils.serialize((Serializable) proxy);
62          final Class<IFoo> ifaceClass = IFoo.class;
63          // @formatter:off
64          try (ValidatingObjectInputStream vois = ValidatingObjectInputStream.builder()
65                  .setByteArray(serialized)
66                  .accept("*")
67                  .get()) {
68              // @formatter:on
69              assertTrue(assertInstanceOf(ifaceClass, vois.readObject()).toString().endsWith("InvocationHandlerImpl.invoke()"));
70          }
71      }
72  
73      @Test
74      void testRejectProxy() throws IOException, ClassNotFoundException {
75          final Object proxy = newProxy();
76          final byte[] serialized = SerializationUtils.serialize((Serializable) proxy);
77          final Class<IFoo> ifaceClass = IFoo.class;
78          // @formatter:off
79          try (ValidatingObjectInputStream vois = ValidatingObjectInputStream.builder()
80                  .setByteArray(serialized)
81                  .accept("*")
82                  .reject(ifaceClass)
83                  .get()) {
84              // @formatter:on
85              assertThrows(InvalidClassException.class, vois::readObject);
86          }
87      }
88  }