Source code

001/*
002 * Logback: the reliable, generic, fast and flexible logging framework.
003 * Copyright (C) 1999-2026, QOS.ch. All rights reserved.
004 *
005 * This program and the accompanying materials are dual-licensed under
006 * either the terms of the Eclipse Public License v2.0 as published by
007 * the Eclipse Foundation
008 *
009 *   or (per the licensee's choosing)
010 *
011 * under the terms of the GNU Lesser General Public License version 2.1
012 * as published by the Free Software Foundation.
013 */
014package ch.qos.logback.classic.net.server;
015
016import java.io.IOException;
017import java.io.InputStream;
018import java.util.ArrayList;
019import java.util.List;
020
021import ch.qos.logback.classic.LoggerContext;
022import org.slf4j.helpers.BasicMarker;
023
024import ch.qos.logback.classic.Level;
025import ch.qos.logback.classic.Logger;
026import ch.qos.logback.classic.spi.ClassPackagingData;
027import ch.qos.logback.classic.spi.IThrowableProxy;
028import ch.qos.logback.classic.spi.LoggerContextVO;
029import ch.qos.logback.classic.spi.LoggerRemoteView;
030import ch.qos.logback.classic.spi.LoggingEventVO;
031import ch.qos.logback.classic.spi.StackTraceElementProxy;
032import ch.qos.logback.classic.spi.ThrowableProxy;
033import ch.qos.logback.classic.spi.ThrowableProxyVO;
034import ch.qos.logback.core.net.HardenedObjectInputStream;
035
036public class HardenedLoggingEventInputStream extends HardenedObjectInputStream {
037
038    static final String ARRAY_PREFIX = "[L";
039
040    static public List<String> getWhilelist() {
041        List<String> whitelist = new ArrayList<String>();
042        whitelist.add(LoggingEventVO.class.getName());
043        whitelist.add(LoggerContextVO.class.getName());
044        whitelist.add(LoggerRemoteView.class.getName());
045        whitelist.add(ThrowableProxyVO.class.getName());
046        whitelist.add(BasicMarker.class.getName());
047        whitelist.add(Level.class.getName());
048        whitelist.add(Logger.class.getName());
049        whitelist.add(StackTraceElement.class.getName());
050        whitelist.add(StackTraceElement[].class.getName());
051        whitelist.add(ThrowableProxy.class.getName());
052        whitelist.add(ThrowableProxy[].class.getName());
053        whitelist.add(IThrowableProxy.class.getName());
054        whitelist.add(IThrowableProxy[].class.getName());
055        whitelist.add(StackTraceElementProxy.class.getName());
056        whitelist.add(StackTraceElementProxy[].class.getName());
057        whitelist.add(ClassPackagingData.class.getName());
058
059        return whitelist;
060    }
061
062    public HardenedLoggingEventInputStream(LoggerContext loggerContext, InputStream is) throws IOException {
063        super(loggerContext, is, getWhilelist());
064    }
065
066    public HardenedLoggingEventInputStream(LoggerContext loggerContext, InputStream is, List<String> additionalAuthorizedClasses)
067            throws IOException {
068        this(loggerContext, is);
069        super.addToWhitelist(additionalAuthorizedClasses);
070    }
071}