external-repos/forge
1
0
Fork 0
mirror of https://github.com/Card-Forge/forge.git synced 2025-11-17 19:28:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

configure XStream security for TournamentIO

Browse Source 
Signed-off-by: Jamin W. Collins <jamin.collins@gmail.com>
This commit is contained in:
Jamin W. Collins
2018-08-18 10:12:24 -06:00
parent cc044978fb
commit 9b6f76eb16
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
forge-gui/src/main/java/forge/tournament/TournamentIO.java
View File

@@ -6,6 +6,9 @@ import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import com.thoughtworks.xstream.security.NoTypePermission;
import com.thoughtworks.xstream.security.NullPermission;
import com.thoughtworks.xstream.security.PrimitiveTypePermission;
import forge.deck.CardPool;
import forge.item.PaperCard;
import forge.model.FModel;
@@ -32,6 +35,16 @@ public class TournamentIO {
protected static XStream getSerializer(final boolean isIgnoring) {
final XStream xStream = isIgnoring ? new IgnoringXStream() : new XStream();
// clear out existing permissions and set our own
xStream.addPermission(NoTypePermission.NONE);
// allow some basics
xStream.addPermission(NullPermission.NULL);
xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xStream.allowTypeHierarchy(String.class);
// allow any type from the same package
xStream.allowTypesByWildcard(new String[] {
TournamentIO.class.getPackage().getName()+".*"
});
xStream.registerConverter(new DeckSectionToXml());
xStream.autodetectAnnotations(true);
return xStream;