X-Git-Url: http://gitweb.fperrin.net/?p=Dictionary.git;a=blobdiff_plain;f=src%2Fcom%2Fhughes%2Fandroid%2Futil%2FPersistentObjectCache.java;h=7ac07458f2cd30ceb23b1e840d7d21859f2a9c45;hp=348b8a3bc679f3a91d6db23722dc3d2f2711138f;hb=e79165503392ed6a7cb7a8eadc15eaae0cda9443;hpb=3041d24cc6835a251958e8f2c822e47e807a9ba7 diff --git a/src/com/hughes/android/util/PersistentObjectCache.java b/src/com/hughes/android/util/PersistentObjectCache.java index 348b8a3..7ac0745 100644 --- a/src/com/hughes/android/util/PersistentObjectCache.java +++ b/src/com/hughes/android/util/PersistentObjectCache.java @@ -21,6 +21,8 @@ import android.util.Log; import com.hughes.android.dictionary.DictionaryApplication; import com.hughes.android.dictionary.DictionaryInfo; +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -39,10 +41,10 @@ import java.util.Map; public class PersistentObjectCache { private final File dir; - private final Map objects = new HashMap(); + private final Map objects = new HashMap<>(); - class ConstrainedOIS extends ObjectInputStream { - public ConstrainedOIS(InputStream in) throws IOException { + static class ConstrainedOIS extends ObjectInputStream { + ConstrainedOIS(InputStream in) throws IOException { super(in); } @@ -50,22 +52,22 @@ public class PersistentObjectCache { String name = desc.getName(); // Note: try to avoid adding more classes. // LinkedHashMap is already more than enough for a DoS - if (!name.equals(ArrayList.class.getName()) && - !name.equals(HashMap.class.getName()) && - !name.equals(LinkedHashMap.class.getName()) && - !name.equals(String.class.getName()) && - !name.equals(DictionaryApplication.DictionaryConfig.class.getName()) && - !name.equals(DictionaryInfo.class.getName()) && - !name.equals(DictionaryInfo.IndexInfo.class.getName())) { - throw new InvalidClassException("Not allowed to deserialize class", name); + if (name.equals(String.class.getName()) || + name.equals(DictionaryInfo.IndexInfo.class.getName()) || + name.equals(ArrayList.class.getName()) || + name.equals(HashMap.class.getName()) || + name.equals(DictionaryInfo.class.getName()) || + name.equals(DictionaryApplication.DictionaryConfig.class.getName()) || + name.equals(LinkedHashMap.class.getName())) { + return super.resolveClass(desc); } - return super.resolveClass(desc); + throw new InvalidClassException("Not allowed to deserialize class", name); } } public synchronized T read(final String filename, final Class resultClass) { try { - Object object = (objects.get(filename)); + Object object = objects.get(filename); if (object != null) { return resultClass.cast(object); } @@ -77,14 +79,14 @@ public class PersistentObjectCache { } ObjectInputStream in = null; try { - in = new ConstrainedOIS(new FileInputStream(src)); + in = new ConstrainedOIS(new BufferedInputStream(new FileInputStream(src))); object = in.readObject(); in.close(); } catch (Exception e) { Log.e(getClass().getSimpleName(), "Deserialization failed: " + src, e); try { if (in != null) in.close(); - } catch (IOException e2) {} + } catch (IOException ignored) {} return null; } objects.put(filename, object); @@ -99,14 +101,14 @@ public class PersistentObjectCache { final File dest = new File(dir, filename); ObjectOutputStream out = null; try { - out = new ObjectOutputStream(new FileOutputStream(dest)); + out = new ObjectOutputStream(new BufferedOutputStream(new FileOutputStream(dest))); out.writeObject(object); } catch (Exception e) { Log.e(getClass().getSimpleName(), "Serialization failed: " + dest, e); } try { if (out != null) out.close(); - } catch (IOException e) {} + } catch (IOException ignored) {} } private PersistentObjectCache(final Context context) {