InvalidClassException thrown does not include the class name of the blocked class

ikkisoft / SerialKiller

Look-Ahead Java Deserialization Library

Other

405 stars 68 forks source link

InvalidClassException thrown does not include the class name of the blocked class #11

Closed haraldk closed 6 years ago

haraldk commented 7 years ago

It is useful for client code to be able to log extra information when a class is blocked from deserialization, and thus needs to know the class name that was blocked.

The InvalidClassException class has a (public...) field classname that can be used for this purpose, but it is currently not initialized (though it is part of the message string).

ikkisoft commented 7 years ago

To use

throw new InvalidClassException(serialInput.getName(), "Class blocked by SK: '" + serialInput.getName() + "'");

instead of

throw new InvalidClassException("Class blocked by SK: '" + serialInput.getName() + "'");

haraldk commented 7 years ago

I think simply

throw new InvalidClassException(serialInput.getName(), "Class blocked by SK");

Would do. The getMessage() method will actually append the class name in this case.