Commit 9b6f76eb authored by Jamin Collins's avatar Jamin Collins

configure XStream security for TournamentIO

Signed-off-by: Jamin Collins's avatarJamin W. Collins <jamin.collins@gmail.com>
parent cc044978
......@@ -6,6 +6,9 @@ import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import com.thoughtworks.xstream.security.NoTypePermission;
import com.thoughtworks.xstream.security.NullPermission;
import com.thoughtworks.xstream.security.PrimitiveTypePermission;
import forge.deck.CardPool;
import forge.item.PaperCard;
import forge.model.FModel;
......@@ -32,6 +35,16 @@ public class TournamentIO {
protected static XStream getSerializer(final boolean isIgnoring) {
final XStream xStream = isIgnoring ? new IgnoringXStream() : new XStream();
// clear out existing permissions and set our own
xStream.addPermission(NoTypePermission.NONE);
// allow some basics
xStream.addPermission(NullPermission.NULL);
xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xStream.allowTypeHierarchy(String.class);
// allow any type from the same package
xStream.allowTypesByWildcard(new String[] {
TournamentIO.class.getPackage().getName()+".*"
});
xStream.registerConverter(new DeckSectionToXml());
xStream.autodetectAnnotations(true);
return xStream;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment