On Fri, 1 Dec 2023 22:26:51 GMT, Brian Burkhalter <b...@openjdk.org> wrote:
>> I see the problem that unless we have an explicit whitelist, we do open the
>> risk of accidentially adding another wrapper stream in future to the JDK
>> somewhere and forget to add it to the blacklist. So for safety, I would
>> pleae for not using .startsWith() but explitly mention the actively
>> proven-as-safe classes only. That way, the code might be slower (sad but
>> true) but inherently future-proof.
>
> The case of `Channels.newOutputStream(AsynchronousByteChannel)` could be
> handled by changing the return value of that method. For example,
> `sun.nio.ch.Streams` could have a method `OutputStream
> of(AsynchronousByteChannel)` added to it which returned something like an
> `AsynChannelOutputStream` and we could use that.
>
> That said, it is true that a deny list is not inherently future-proof like an
> allow list, as stated.
I think that a sufficiently future-proof deny list could be had by changing
211 if (out.getClass().getPackageName().startsWith("java.") &&
back to
211 if ("java.io".equals(out.getClass().getPackageName()) &&
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16893#discussion_r1412658236
