Jean-Baptiste Onofré created AVRO-3985: ------------------------------------------
Summary: Restrict allowed packages in ReflectData and SpecificData Key: AVRO-3985 URL: https://issues.apache.org/jira/browse/AVRO-3985 Project: Apache Avro Issue Type: Improvement Reporter: Jean-Baptiste Onofré Right now, there's no check in allowed packages in {{ReflectData}} and {{{}SpecificData{}}}. That could be problematic for marshalling/unmarshalling, as the as malicious payload can exploit the host system. I propose to introduce a {{org.apache.avro.TRUSTED_PACKAGES}} system property: {code:java} -Dorg.apache.avro.TRUSTED_PACKAGES=java.lang,javax.security,java.util,...{code} In case we want to shortcut the mechanism, we would be able to allow all packages to be trusted using {{*}} wildcard: {code:java} -Dorg.apache.avro.TRUSTED_PACKAGES=*{code} By default, I would recommend to have limited trusted packages: {{{}java.lang,javax.security,java.util,org.apache.avro{}}}. -- This message was sent by Atlassian Jira (v8.20.10#820010)