Details
-
Bug
-
Resolution: Fixed
-
P2
-
9
-
b149
Description
1) The behaviour of createFilter for Long.MAX_VALUE and bigger limits is unpredictable.
If a limit has max long value, the method returns null. Config.createFilter("maxarray=9223372036854775807")
If a limit value is bigger than long max value, the method throws NumberFormatException. Config.createFilter("maxdepth=9223372036854775808")
2) Additionally the following assertion from the return clause is better to be removed:
"may be null;"
For details see attached e-mail thread "Re_ ObjectInputFilter.Config__createFilter.eml"
3) The following assertion could be supplemented with more details to bring clarity:
"The first pattern that matches, working from left to right, determines the Status.ALLOWED or Status.REJECTED result. If nothing matches, the result is Status.UNDECIDED.”
The problem is that "matching" is only specified when comparing the class name to the module, package, or pattern string but this is not obvious and one could think that "matching" is also specified when comparing limits. This is not P2 but could be improved during the work on this issue as well.
4) ObjectInputFilter.Config.createFilter("module1/");
throws IllegalArgumentException: class or package missing in: "module1/"
This case is unspecified in throws clause of the method.
If a limit has max long value, the method returns null. Config.createFilter("maxarray=9223372036854775807")
If a limit value is bigger than long max value, the method throws NumberFormatException. Config.createFilter("maxdepth=9223372036854775808")
2) Additionally the following assertion from the return clause is better to be removed:
"may be null;"
For details see attached e-mail thread "Re_ ObjectInputFilter.Config__createFilter.eml"
3) The following assertion could be supplemented with more details to bring clarity:
"The first pattern that matches, working from left to right, determines the Status.ALLOWED or Status.REJECTED result. If nothing matches, the result is Status.UNDECIDED.”
The problem is that "matching" is only specified when comparing the class name to the module, package, or pattern string but this is not obvious and one could think that "matching" is also specified when comparing limits. This is not P2 but could be improved during the work on this issue as well.
4) ObjectInputFilter.Config.createFilter("module1/");
throws IllegalArgumentException: class or package missing in: "module1/"
This case is unspecified in throws clause of the method.
Attachments
Issue Links
- duplicates
-
-
- Closed
-