configure XStream security for GauntletIO

Catching the ConversionException prevents Gauntlet saves from being
deleted in the event of improper or incomplete security settings on
XStream.  The null check in CSubmenuGauntletContests avoids an exception
should there be no Gauntlet saves.

Signed-off-by: Jamin W. Collins <jamin.collins@gmail.com>

forge-gui-desktop/src/main/java/forge/screens/home/gauntlet/CSubmenuGauntletContests.java

@@ -67,10 +67,12 @@ public enum CSubmenuGauntletContests implements ICDoc {
     private void updateData() {
         final File[] files = GauntletIO.getGauntletFilesLocked();
         final List<GauntletData> data = new ArrayList<GauntletData>();
-        for (final File f : files) {
-            final GauntletData gd = GauntletIO.loadGauntlet(f);
-            if (gd != null) {
-                data.add(gd);
+        if (files != null) {
+            for (final File f : files) {
+                final GauntletData gd = GauntletIO.loadGauntlet(f);
+                if (gd != null) {
+                    data.add(gd);
+                }
             }
         }
 

forge-gui/src/main/java/forge/gauntlet/GauntletIO.java

@@ -7,10 +7,22 @@ import java.io.FileOutputStream;
 import java.io.FilenameFilter;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.EnumMap;
+import java.util.List;
 import java.util.Map.Entry;
+import java.util.SortedSet;
+import java.util.TreeMap;
 import java.util.zip.GZIPInputStream;
 import java.util.zip.GZIPOutputStream;
 
+import com.thoughtworks.xstream.converters.ConversionException;
+import com.thoughtworks.xstream.security.NoTypePermission;
+import com.thoughtworks.xstream.security.NullPermission;
+import com.thoughtworks.xstream.security.PrimitiveTypePermission;
+import forge.deck.Deck;
+import forge.deck.DeckSection;
+import forge.error.BugReporter;
 import org.apache.commons.lang3.StringUtils;
 
 import com.thoughtworks.xstream.XStream;
@@ -40,6 +52,25 @@ public class GauntletIO {
 
     protected static XStream getSerializer(final boolean isIgnoring) {
         final XStream xStream = isIgnoring ? new IgnoringXStream() : new XStream();
+        // clear out existing permissions and set our own
+        xStream.addPermission(NoTypePermission.NONE);
+        // allow some basics
+        xStream.addPermission(NullPermission.NULL);
+        xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
+        xStream.allowTypeHierarchy(String.class);
+        xStream.allowTypeHierarchy(EnumMap.class);
+        xStream.allowTypeHierarchy(ArrayList.class);
+        xStream.allowTypeHierarchy(CardPool.class);
+        xStream.allowTypeHierarchy(SortedSet.class);
+        xStream.allowTypeHierarchy(Deck.class);
+        xStream.allowTypeHierarchy(TreeMap.class);
+        xStream.allowTypeHierarchy(List.class);
+        xStream.allowTypeHierarchy(DeckSection.class);
+        // allow any type from the same package
+        xStream.allowTypesByWildcard(new String[] {
+                GauntletIO.class.getPackage().getName()+".*",
+                String.class.getPackage().getName()+".*"
+        });
         xStream.registerConverter(new DeckSectionToXml());
         xStream.autodetectAnnotations(true);
         return xStream;
@@ -93,6 +124,9 @@ public class GauntletIO {
         catch (final IOException e) {
             e.printStackTrace();
         }
+        catch (final ConversionException e) {
+            BugReporter.reportException(e);
+        }
         catch (final Exception e) { //if there's a non-IO exception, delete the corrupt file
             e.printStackTrace();
             isCorrupt = true;