github-repos/config
1
0
Fork 0
mirror of https://github.com/lightbend/config.git synced 2025-02-05 17:10:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #758 from raboof/avoid-instantiating-arbitrary-classes

Browse Source 
Avoid instantiating arbitrary classes
This commit is contained in:
Arnout Engelen 2022-02-01 16:09:27 +01:00 committed by GitHub
commit f14af4f116
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/src/main/java/com/typesafe/config/ConfigFactory.java
View File

@ -8,6 +8,7 @@ import com.typesafe.config.impl.Parseable;
import java.io.File;
import java.io.Reader;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Map;
@ -1241,7 +1242,11 @@ public final class ConfigFactory {
if (className != null) {
try {
return ConfigLoadingStrategy.class.cast(Class.forName(className).newInstance());
return Class.forName(className).asSubclass(ConfigLoadingStrategy.class).getDeclaredConstructor().newInstance();
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause == null) throw new ConfigException.BugOrBroken("Failed to load strategy: " + className, e);
else throw new ConfigException.BugOrBroken("Failed to load strategy: " + className, cause);
} catch (Throwable e) {
throw new ConfigException.BugOrBroken("Failed to load strategy: " + className, e);
}

6
config/src/main/java/com/typesafe/config/impl/ConfigBeanImpl.java
View File

@ -106,7 +106,7 @@ public class ConfigBeanImpl {
}
// Fill in the bean instance
T bean = clazz.newInstance();
T bean = clazz.getDeclaredConstructor().newInstance();
for (PropertyDescriptor beanProp : beanProps) {
Method setter = beanProp.getWriteMethod();
Type parameterType = setter.getGenericParameterTypes()[0];
@ -125,8 +125,10 @@ public class ConfigBeanImpl {
setter.invoke(bean, unwrapped);
}
return bean;
} catch (InstantiationException e) {
} catch (NoSuchMethodException e) {
throw new ConfigException.BadBean(clazz.getName() + " needs a public no-args constructor to be used as a bean", e);
} catch (InstantiationException e) {
throw new ConfigException.BadBean(clazz.getName() + " needs to be instantiable to be used as a bean", e);
} catch (IllegalAccessException e) {
throw new ConfigException.BadBean(clazz.getName() + " getters and setters are not accessible, they must be for use as a bean", e);
} catch (InvocationTargetException e) {