Class AgentStateDeserializationFilter
java.lang.Object
org.snmp4j.agent.io.AgentStateDeserializationFilter
- All Implemented Interfaces:
ObjectInputFilter
The
AgentStateDeserializationFilter is a strict ObjectInputFilter that protects the
deserialization of persistent agent state (as read by DefaultMOInput) against Java
deserialization attacks. It allows only the exact set of classes that DefaultMOOutput
serializes (and the transitive field types of those classes) to be deserialized and rejects every
other class. In addition, it bounds the depth of the object graph as well as array length, the number
of object references and the number of stream bytes per object graph as a denial-of-service backstop.
The allowed classes are matched by exact identity, i.e., registering a non-final class does not
implicitly allow its subclasses. Custom Variable or Context subclasses that are not part
of the default allowlist have to be registered explicitly through
AgentStateDeserializationFilter(Collection).
This filter only uses Java 9 serialization filter API.
- Since:
- 3.12.0
- Version:
- 3.12.0
- Author:
- Frank Fock
-
Nested Class Summary
Nested classes/interfaces inherited from interface ObjectInputFilter
ObjectInputFilter.Config, ObjectInputFilter.FilterInfo, ObjectInputFilter.Status -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final longMaximum allowed array length.static final longMaximum allowed number of stream bytes consumed for a single object graph (i.e. perreadObjectcall), as a denial-of-service backstop.static final longMaximum allowed depth of the deserialized object graph.static final longMaximum allowed number of object references in a single object graph (handle table size). -
Constructor Summary
ConstructorsConstructorDescriptionCreates a strict filter that allows only the default set of agent state classes.AgentStateDeserializationFilter(Collection<Class<?>> additionalAllowed) Creates a strict filter that allows the default set of agent state classes plus the supplied additional classes. -
Method Summary
-
Field Details
-
MAX_DEPTH
public static final long MAX_DEPTHMaximum allowed depth of the deserialized object graph. The deepest legitimate graph written byDefaultMOOutputis about five levels deep (IndexedVariables -> Variable[] -> IpAddress -> InetAddress -> byte[]); the limit adds headroom while still rejecting deeply nested gadget chains.- See Also:
-
MAX_ARRAY
public static final long MAX_ARRAYMaximum allowed array length. Set generously: legitimate arrays (table column values, OID sub-identifiers, IP address bytes) are tiny, but a stored binaryOctetStringblob may be sizable. The limit only guards against multi-gigabyte allocation attacks.- See Also:
-
MAX_REFS
public static final long MAX_REFSMaximum allowed number of object references in a single object graph (handle table size).- See Also:
-
MAX_BYTES
public static final long MAX_BYTESMaximum allowed number of stream bytes consumed for a single object graph (i.e. perreadObjectcall), as a denial-of-service backstop.- See Also:
-
-
Constructor Details
-
AgentStateDeserializationFilter
public AgentStateDeserializationFilter()Creates a strict filter that allows only the default set of agent state classes. -
AgentStateDeserializationFilter
Creates a strict filter that allows the default set of agent state classes plus the supplied additional classes. The additional classes are matched by exact identity (subclasses are not implicitly allowed).- Parameters:
additionalAllowed- additional classes to allow for deserialization, ornull/empty for the default set only.
-
-
Method Details
-
checkInput
- Specified by:
checkInputin interfaceObjectInputFilter
-