Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AVRO-3985: Prevent class with empty Java package being trusted by SpecificDatumReader #3311

Merged
merged 1 commit into from
Feb 14, 2025
Merged

AVRO-3985: Prevent class with empty Java package being trusted by SpecificDatumReader #3311

merged 1 commit into from
Feb 14, 2025

Conversation

MichalFoksa
Copy link
Contributor

@MichalFoksa MichalFoksa commented Feb 12, 2025
edited
Loading

What is the purpose of the change

Prevents class with empty Java package being trusted by SpecificDatumReader.

"package is not here"

import java. ...
import org. ....

public class Foot {
  ...
}

For example the above class Foo used as a key or a value would be considered as trusted because in current code
clazz.getPackage() returns null for Foo.class, which bypassed if (!found) then throw exception check.

PR moves if (!found) then throw exception bellow if (thePackage != null) { ... } statement.

It complements AVRO-3985.

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Documentation

  • Does this pull request introduce a new feature? no

@github-actions github-actions bot added the Java Pull Requests for Java binding label Feb 12, 2025
@MichalFoksa MichalFoksa mentioned this pull request Feb 12, 2025
Merged
@martin-g martin-g requested a review from jbonofre February 13, 2025 10:44
@martin-g martin-g merged commit 3455827 into apache:main Feb 14, 2025
8 checks passed
martin-g pushed a commit that referenced this pull request Feb 14, 2025
@MichalFoksa @martin-g
Prevent class with empty Java package being trusted by SpecificDatumR…
631ab74 
…eader (#3311)

(cherry picked from commit 3455827)
martin-g pushed a commit that referenced this pull request Feb 14, 2025
@MichalFoksa @martin-g
Prevent class with empty Java package being trusted by SpecificDatumR…
579a367 
…eader (#3311)

(cherry picked from commit 3455827)
@martin-g
Copy link
Member

Thank you, @MichalFoksa !
Backported it to branch-1.11 and branch-1.12

@MichalFoksa
Copy link
Contributor Author

@martin-g You are welcome!

@MichalFoksa MichalFoksa deleted the fetaure/main/AVRO-3985_empty_package_is_trusty branch February 14, 2025 10:05
@MichalFoksa MichalFoksa restored the fetaure/main/AVRO-3985_empty_package_is_trusty branch February 14, 2025 10:06
@MichalFoksa MichalFoksa deleted the fetaure/main/AVRO-3985_empty_package_is_trusty branch February 14, 2025 10:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbonofre jbonofre jbonofre approved these changes

@martin-g martin-g martin-g approved these changes

Assignees
No one assigned
Labels
Java Pull Requests for Java binding
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MichalFoksa @martin-g @jbonofre