Blame SOURCES/groovy-CVE-2015-3253-and-CVE-2016-6814.patch
|
 |
053625 |
--- groovy-1.8.9/src/main/org/codehaus/groovy/runtime/MethodClosure.java~ 2017-08-23 11:14:43.972873435 +0200
|
|
|
053625 |
+++ groovy-1.8.9/src/main/org/codehaus/groovy/runtime/MethodClosure.java 2017-08-23 11:21:34.318169659 +0200
|
|
|
053625 |
@@ -18,6 +18,7 @@
|
|
|
053625 |
import groovy.lang.Closure;
|
|
|
053625 |
import groovy.lang.MetaMethod;
|
|
|
053625 |
|
|
|
053625 |
+import java.io.IOException;
|
|
|
053625 |
import java.util.List;
|
|
|
053625 |
|
|
|
053625 |
|
|
|
053625 |
@@ -30,8 +31,10 @@
|
|
|
053625 |
*/
|
|
|
053625 |
public class MethodClosure extends Closure {
|
|
|
053625 |
|
|
|
053625 |
+ public static boolean ALLOW_RESOLVE = false;
|
|
|
053625 |
+
|
|
|
053625 |
private String method;
|
|
|
053625 |
-
|
|
|
053625 |
+
|
|
|
053625 |
public MethodClosure(Object owner, String method) {
|
|
|
053625 |
super(owner);
|
|
|
053625 |
this.method = method;
|
|
|
053625 |
@@ -59,6 +62,20 @@
|
|
|
053625 |
protected Object doCall(Object arguments) {
|
|
|
053625 |
return InvokerHelper.invokeMethod(getOwner(), method, arguments);
|
|
|
053625 |
}
|
|
|
053625 |
+
|
|
|
053625 |
+ private Object readResolve() {
|
|
|
053625 |
+ if (ALLOW_RESOLVE) {
|
|
|
053625 |
+ return this;
|
|
|
053625 |
+ }
|
|
|
053625 |
+ throw new UnsupportedOperationException();
|
|
|
053625 |
+ }
|
|
|
053625 |
+
|
|
|
053625 |
+ private void readObject(java.io.ObjectInputStream stream) throws IOException, ClassNotFoundException {
|
|
|
053625 |
+ if (ALLOW_RESOLVE) {
|
|
|
053625 |
+ stream.defaultReadObject();
|
|
|
053625 |
+ }
|
|
|
053625 |
+ throw new UnsupportedOperationException();
|
|
|
053625 |
+ }
|
|
|
053625 |
|
|
|
053625 |
public Object getProperty(String property) {
|
|
|
053625 |
if ("method".equals(property)) {
|