...
| Code Block | ||||
|---|---|---|---|---|
| ||||
import java.io.*;
import java.lang.reflect.*;
class OpenedFile implements Serializable {
String filename;
BufferedReader reader;
public OpenedFile(String _filename) throws FileNotFoundException {
filename = _filename;
init();
}
private void init() throws FileNotFoundException {
reader = new BufferedReader(new FileReader(filename));
}
private void writeObject(ObjectOutputStream out) throws IOException {
out.writeUTF(filename);
}
private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
boolean hasWhitelist = false;
try {
Object whitelist = in.getClass().getDeclaredField("whitelist").get(in);
hasWhitelist = true;
} catch (ReflectiveOperationException e) {}
if (!hasWhitelist) {
throw new SecurityException("Deserialization without a whitelist is disallowed for class " +
this.getClass().getName() + ".");
}
filename = in.readUTF();
init();
}
} |
...