On Fri, 1 Dec 2023 13:46:59 GMT, Markus KARG <d...@openjdk.org> wrote:
>> @bplb You did it right. The reason it works is because the >> ChannelOutputStream is in the "sun." package and not the "java." package. >> That is not the case for Channels.newOutputStream(AsynchronousByteChannel >> ch) as that wrapper should be able to access the byte array. > > I see the problem that unless we have an explicit whitelist, we do open the > risk of accidentially adding another wrapper stream in future to the JDK > somewhere and forget to add it to the blacklist. So for safety, I would pleae > for not using .startsWith() but explitly mention the actively proven-as-safe > classes only. That way, the code might be slower (sad but true) but > inherently future-proof. The case of `Channels.newOutputStream(AsynchronousByteChannel)` could be handled by changing the return value of that method. For example, `sun.nio.ch.Streams` could have a method `OutputStream of(AsynchronousByteChannel)` added to it which returned something like an `AsynChannelOutputStream` and we could use that. That said, it is true that a deny list is not inherently future-proof like an allow list, as stated. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16893#discussion_r1412626371
