Jean-Baptiste Onofré created AVRO-3985:
------------------------------------------

             Summary: Restrict allowed packages in ReflectData and SpecificData
                 Key: AVRO-3985
                 URL: https://issues.apache.org/jira/browse/AVRO-3985
             Project: Apache Avro
          Issue Type: Improvement
            Reporter: Jean-Baptiste Onofré


Right now, there's no check in allowed packages in {{ReflectData}} and 
{{{}SpecificData{}}}.

That could be problematic for marshalling/unmarshalling, as the as malicious 
payload can exploit the host system.

I propose to introduce a {{org.apache.avro.TRUSTED_PACKAGES}} system property:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=java.lang,javax.security,java.util,...{code}
In case we want to shortcut the mechanism, we would be able to allow all 
packages to be trusted using {{*}} wildcard:
{code:java}
-Dorg.apache.avro.TRUSTED_PACKAGES=*{code}
By default, I would recommend to have limited trusted packages: 
{{{}java.lang,javax.security,java.util,org.apache.avro{}}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to