org.mariuszgromada.math.mxparser.SerializationUtils Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of MathParser.org-mXparser Show documentation
Show all versions of MathParser.org-mXparser Show documentation
mXparser is a super easy, rich, fast and highly flexible math expression parser library (parser and evaluator of mathematical expressions / formulas provided as plain text / string). Software delivers easy to use API for JAVA, Android and C# .NET/MONO (Common Language Specification compliant: F#, Visual Basic, C++/CLI). *** If you find the software useful donation is something you might consider: https://mathparser.org/donate/ *** Scalar Scientific Calculator, Charts and Scripts, Scalar Lite: https://play.google.com/store/apps/details?id=org.mathparser.scalar.lite *** Scalar Pro: https://play.google.com/store/apps/details?id=org.mathparser.scalar.pro *** ScalarMath.org: https://scalarmath.org/ *** MathSpace.pl: https://mathspace.pl/ ***
/*
* @(#)SerializationUtils.java 6.0.0 2024-05-19
*
* MathParser.org-mXparser DUAL LICENSE AGREEMENT as of date 2024-05-19
* The most up-to-date license is available at the below link:
* - https://mathparser.org/mxparser-license
*
* AUTHOR: Copyright 2010 - 2024 Mariusz Gromada - All rights reserved
* PUBLISHER: INFIMA - https://payhip.com/infima
*
* SOFTWARE means source code and/or binary form and/or documentation.
* PRODUCT: MathParser.org-mXparser SOFTWARE
* LICENSE: DUAL LICENSE AGREEMENT
*
* BY INSTALLING, COPYING, OR OTHERWISE USING THE PRODUCT, YOU AGREE TO BE
* BOUND BY ALL OF THE TERMS AND CONDITIONS OF THE DUAL LICENSE AGREEMENT.
*
* The AUTHOR & PUBLISHER provide the PRODUCT under the DUAL LICENSE AGREEMENT
* model designed to meet the needs of both non-commercial use and commercial
* use.
*
* NON-COMMERCIAL USE means any use or activity where a fee is not charged
* and the purpose is not the sale of a good or service, and the use or
* activity is not intended to produce a profit. Examples of NON-COMMERCIAL USE
* include:
*
* 1. Non-commercial open-source software.
* 2. Non-commercial mobile applications.
* 3. Non-commercial desktop software.
* 4. Non-commercial web applications/solutions.
* 5. Non-commercial use in research, scholarly and educational context.
*
* The above list is non-exhaustive and illustrative only.
*
* COMMERCIAL USE means any use or activity where a fee is charged or the
* purpose is the sale of a good or service, or the use or activity is
* intended to produce a profit. COMMERCIAL USE examples:
*
* 1. OEMs (Original Equipment Manufacturers).
* 2. ISVs (Independent Software Vendors).
* 3. VARs (Value Added Resellers).
* 4. Other distributors that combine and distribute commercially licensed
* software.
*
* The above list is non-exhaustive and illustrative only.
*
* IN CASE YOU WANT TO USE THE PRODUCT COMMERCIALLY, YOU MUST PURCHASE THE
* APPROPRIATE LICENSE FROM "INFIMA" ONLINE STORE, STORE ADDRESS:
*
* 1. https://mathparser.org/order-commercial-license
* 2. https://payhip.com/infima
*
* NON-COMMERCIAL LICENSE
*
* Redistribution and use of the PRODUCT in source and/or binary forms,
* with or without modification, are permitted provided that the following
* conditions are met:
*
* 1. Redistributions of source code must retain the unmodified content of
* the entire MathParser.org-mXparser DUAL LICENSE AGREEMENT, including
* the definition of NON-COMMERCIAL USE, the definition of COMMERCIAL USE,
* the NON-COMMERCIAL LICENSE conditions, the COMMERCIAL LICENSE conditions,
* and the following DISCLAIMER.
* 2. Redistributions in binary form must reproduce the entire content of
* MathParser.org-mXparser DUAL LICENSE AGREEMENT in the documentation
* and/or other materials provided with the distribution, including the
* definition of NON-COMMERCIAL USE, the definition of COMMERCIAL USE, the
* NON-COMMERCIAL LICENSE conditions, the COMMERCIAL LICENSE conditions,
* and the following DISCLAIMER.
* 3. Any form of redistribution requires confirmation and signature of
* the NON-COMMERCIAL USE by successfully calling the method:
* License.iConfirmNonCommercialUse(...)
* The method call is used only internally for logging purposes, and
* there is no connection with other external services, and no data is
* sent or collected. The lack of a method call (or its successful call)
* does not affect the operation of the PRODUCT in any way. Please see
* the API documentation.
*
* COMMERCIAL LICENSE
*
* 1. Before purchasing a commercial license, the AUTHOR & PUBLISHER allow
* you to download, install, and use up to three copies of the PRODUCT to
* perform integration tests, confirm the quality of the PRODUCT, and
* its suitability. The testing period should be limited to fourteen
* days. Tests should be performed under the test environments conditions
* and not for profit generation.
* 2. Provided that you purchased a license from "INFIMA" online store
* (store address: https://mathparser.org/order-commercial-license or
* https://payhip.com/infima), and you comply with all terms and
* conditions below, and you have acknowledged and understood the
* following DISCLAIMER, the AUTHOR & PUBLISHER grant you a nonexclusive
* license with the following rights:
* 3. The license is granted only to you, the person or entity that made
* the purchase, identified and confirmed by the data provided during
* the purchase.
* 4. If you purchased a license in the "ONE-TIME PURCHASE" model, the
* license is granted only for the PRODUCT version specified in the
* purchase. The upgrade policy gives you additional rights, described
* in the dedicated section below.
* 5. If you purchased a license in the "SUBSCRIPTION" model, you may
* install and use any version of the PRODUCT during the subscription
* validity period.
* 6. If you purchased a "SINGLE LICENSE" you may install and use the
* PRODUCT on/from one workstation that is located/accessible at/from
* any of your premises.
* 7. Additional copies of the PRODUCT may be installed and used on/from
* more than one workstation, limited to the number of workstations
* purchased per order.
* 8. If you purchased a "SITE LICENSE", the PRODUCT may be installed
* and used on/from all workstations located/accessible at/from any
* of your premises.
* 9. You may incorporate the unmodified PRODUCT into your own products
* and software.
* 10. If you purchased a license with the "SOURCE CODE" option, you may
* modify the PRODUCT's source code and incorporate the modified source
* code into your own products and/or software.
* 11. Provided that the license validity period has not expired, you may
* distribute your product and/or software with the incorporated
* PRODUCT royalty-free.
* 12. You may make copies of the PRODUCT for backup and archival purposes.
* 13. Any form of redistribution requires confirmation and signature of
* the COMMERCIAL USE by successfully calling the method:
* License.iConfirmCommercialUse(...)
* The method call is used only internally for logging purposes, and
* there is no connection with other external services, and no data is
* sent or collected. The lack of a method call (or its successful call)
* does not affect the operation of the PRODUCT in any way. Please see
* the API documentation.
* 14. The AUTHOR & PUBLISHER reserve all rights not expressly granted to
* you in this agreement.
*
* ADDITIONAL CLARIFICATION ON WORKSTATION
*
* A workstation is a device, a remote device, or a virtual device, used by
* you, your employees, or other entities to whom you have commissioned
* tasks. For example, the number of workstations may refer to the number
* of software developers, engineers, architects, scientists, and other
* professionals who use the PRODUCT on your behalf. The number of
* workstations is not the number of copies of your end-product that you
* distribute to your end-users.
*
* By purchasing the COMMERCIAL LICENSE, you only pay for the number of
* workstations, while the number of copies/users of your final product
* (delivered to your end-users) is not limited.
*
* Below are some examples to help you select the right license size:
*
* Example 1: Single Workstation License
* Only one developer works on the development of your application. You do
* not use separate environments for testing, meaning you design, create,
* test, and compile your final application on one environment. In this
* case, you need a license for a single workstation.
*
* Example 2: Up to 5 Workstations License
* Two developers are working on the development of your application.
* Additionally, one tester conducts tests in a separate environment.
* You use three workstations in total, so you need a license for up to
* five workstations.
*
* Example 3: Up to 20 Workstations License
* Ten developers are working on the development of your application.
* Additionally, five testers conduct tests in separate environments.
* You use fifteen workstations in total, so you need a license for
* up to twenty workstations.
*
* Example 4: Site License
* Several dozen developers and testers work on the development of your
* application using multiple environments. You have a large,
* multi-disciplinary team involved in creating your solution. As your team
* is growing and you want to avoid licensing limitations, the best choice
* would be a site license.
*
* UPGRADE POLICY
*
* The PRODUCT is versioned according to the following convention:
*
* [MAJOR].[MINOR].[PATCH]
*
* 1. COMMERCIAL LICENSE holders can install and use the updated version
* for bug fixes free of charge, i.e. if you have purchased a license
* for the [MAJOR].[MINOR] version (e.g., 5.0), you can freely install
* all releases specified in the [PATCH] version (e.g., 5.0.2).
* The license terms remain unchanged after the update.
* 2. COMMERCIAL LICENSE holders for the [MAJOR].[MINOR] version (e.g., 5.0)
* can install and use the updated version [MAJOR].[MINOR + 1] free of
* charge, i.e., plus one release in the [MINOR] range (e.g., 5.1). The
* license terms remain unchanged after the update.
* 3. COMMERCIAL LICENSE holders who wish to upgrade their version, but are
* not eligible for the free upgrade, can claim a discount when
* purchasing the upgrade. For this purpose, please contact us via e-mail.
*
* DISCLAIMER
*
* THIS PRODUCT IS PROVIDED BY THE AUTHOR & PUBLISHER "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL AUTHOR OR PUBLISHER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS PRODUCT, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*
* THE VIEWS AND CONCLUSIONS CONTAINED IN THE PRODUCT AND DOCUMENTATION ARE
* THOSE OF THE AUTHORS AND SHOULD NOT BE INTERPRETED AS REPRESENTING
* OFFICIAL POLICIES, EITHER EXPRESSED OR IMPLIED, OF THE AUTHOR OR PUBLISHER.
*
* CONTACT
*
* - e-mail: [email protected]
* - website: https://mathparser.org
* - source code: https://github.com/mariuszgromada/MathParser.org-mXparser
* - online store: https://mathparser.org/order-commercial-license
* - online store: https://payhip.com/infima
*/
package org.mariuszgromada.math.mxparser;
import java.io.*;
import java.util.Base64;
/**
* A utility class for simplified serialization and deserialization of parser objects (and not only).
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @author Mariusz Gromada
* MathParser.org - mXparser project page
* mXparser on GitHub
* INFIMA place to purchase a commercial MathParser.org-mXparser software license
* [email protected]
* ScalarMath.org - a powerful math engine and math scripting language
* Scalar Lite
* Scalar Pro
* MathSpace.pl
*
* @version 5.2.0
*
* @see Expression
* @see Argument
* @see RecursiveArgument
* @see Constant
* @see Function
*/
public final class SerializationUtils {
private static boolean binarySerializationEnabled = false;
/**
* Enables binary serialization done by the SerializationUtils.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*/
public static void enableBinarySerializationIamAwareOfSecurityRisks() {
binarySerializationEnabled = true;
lastOperationWasSuccessful = true;
logLastOperationMessage(StringModel.STRING_RESOURCES.BINARY_SERIALIZATION_ENABLED);
}
/**
* Disables binary serialization done by the SerializationUtils.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*/
public static void disableBinarySerialization() {
binarySerializationEnabled = false;
lastOperationWasSuccessful = true;
logLastOperationMessage(StringModel.STRING_RESOURCES.BINARY_SERIALIZATION_DISABLED);
}
/**
* Returns whether binary serialization done by SerializationUtils is enabled by.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @return True if enabled, false if disabled.
*/
public static boolean isBinarySerializationEnabled() {
return binarySerializationEnabled;
}
private static boolean lastOperationWasSuccessful = false;
private static String lastOperationMessage = StringInvariant.EMPTY;
/**
* Information whether the last ordered operation under
* any serialization or deserialization method was correctly
* performed.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @return true if the operation was performed correctly, otherwise false.
*/
public static boolean checkLastOperationWasSuccessful() {
return lastOperationWasSuccessful;
}
/**
* Text information about the last operation performed
* by any serialization or deserialization method.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @return The content of the error in case of failure, information
* about the operation performed in case of success.
*/
public static String getLastOperationMessage() {
return lastOperationMessage;
}
private static void logLastOperationMessage(String message) {
lastOperationMessage = message + StringInvariant.NEW_LINE + StringModel.STRING_RESOURCES.WARNING_BINARY_SERIALIZATION_SECURITY_RISKS;
}
/**
* Serialization of an object to byte data.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @param objectToSerialize The object for which serialization is possible.
*
* @return The data object if the operation was successful, otherwise it returns null.
* @see #getLastOperationMessage()
* @see #checkLastOperationWasSuccessful()
*/
public static byte[] serializeToBytes(Serializable objectToSerialize) {
lastOperationWasSuccessful = false;
if (!binarySerializationEnabled) {
logLastOperationMessage(StringModel.STRING_RESOURCES.BINARY_SERIALIZATION_DISABLED);
return null;
}
if (objectToSerialize == null) {
logLastOperationMessage(StringModel.STRING_RESOURCES.NULL_OBJECT_PROVIDED);
return null;
}
try {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = null;
oos = new ObjectOutputStream(baos);
synchronized (objectToSerialize) {
oos.writeObject(objectToSerialize);
oos.close();
}
logLastOperationMessage(StringModel.STRING_RESOURCES.SERIALIZATION_PERFORMED + StringInvariant.SPACE + getSimpleName(objectToSerialize));
lastOperationWasSuccessful = true;
return baos.toByteArray();
} catch (Exception e) {
logLastOperationMessage(StringModel.STRING_RESOURCES.EXCEPTION + StringInvariant.COLON_SPACE + getSimpleName(e) + StringInvariant.COLON_SPACE + e.getMessage());
return null;
}
}
/**
* Serialization of an object to String data.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @param objectToSerialize The object for which serialization is possible.
*
* @return The data string if the operation was successful, otherwise it returns null.
* @see #getLastOperationMessage()
* @see #checkLastOperationWasSuccessful()
*/
public static String serializeToString(Serializable objectToSerialize) {
lastOperationWasSuccessful = false;
byte[] data = serializeToBytes(objectToSerialize);
if (data == null) return null;
return Base64.getEncoder().encodeToString(data);
}
/**
* Serialization of an object to a file.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @param objectToSerialize The object for which serialization is possible.
* @param filePath File path
*
* @return true if the operation was successful, otherwise it returns false.
* @see #getLastOperationMessage()
* @see #checkLastOperationWasSuccessful()
*/
public static boolean serializeToFile(Serializable objectToSerialize, String filePath) {
lastOperationWasSuccessful = false;
if (!binarySerializationEnabled) {
logLastOperationMessage(StringModel.STRING_RESOURCES.BINARY_SERIALIZATION_DISABLED);
return false;
}
if (filePath == null) {
logLastOperationMessage(StringModel.STRING_RESOURCES.NULL_FILE_PATH_PROVIDED);
return false;
}
if (filePath.length() == 0) {
logLastOperationMessage(StringModel.STRING_RESOURCES.FILE_PATH_ZERO_LENGTH_PROVIDED);
return false;
}
if (objectToSerialize == null) {
logLastOperationMessage(StringModel.STRING_RESOURCES.NULL_OBJECT_PROVIDED);
return false;
}
File file = new File(filePath);
try {
FileOutputStream fos = new FileOutputStream(file);
ObjectOutputStream oos = new ObjectOutputStream(fos);
synchronized (objectToSerialize) {
oos.writeObject(objectToSerialize);
oos.close();
}
logLastOperationMessage(StringModel.STRING_RESOURCES.SERIALIZATION_PERFORMED + StringInvariant.SPACE + getSimpleName(objectToSerialize) + StringInvariant.COLON_SPACE + filePath);
lastOperationWasSuccessful = true;
return true;
} catch (Exception e) {
logLastOperationMessage(StringModel.STRING_RESOURCES.EXCEPTION + StringInvariant.COLON_SPACE + getSimpleName(e) + StringInvariant.COLON_SPACE + e.getMessage());
return false;
}
}
/**
* Deserializes an object from byte data.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @param data Data object.
* @param Resulting class type.
*
* @return The deserialized object if operation was successful, otherwise it returns null.
*/
public static T deserializeFromBytes(byte[] data) {
lastOperationWasSuccessful = false;
if (!binarySerializationEnabled) {
logLastOperationMessage(StringModel.STRING_RESOURCES.BINARY_SERIALIZATION_DISABLED);
return null;
}
if (data == null) {
logLastOperationMessage(StringModel.STRING_RESOURCES.NULL_DATA_PROVIDED);
return null;
}
try {
ByteArrayInputStream bais = new ByteArrayInputStream(data);
ObjectInputStream ois = new ObjectInputStream(bais);
@SuppressWarnings("unchecked")
T deserializedObject = (T) ois.readObject();
ois.close();
lastOperationWasSuccessful = true;
logLastOperationMessage(StringModel.STRING_RESOURCES.DESERIALIZATION_PERFORMED + StringInvariant.SPACE + getSimpleName(deserializedObject));
return deserializedObject;
} catch (Exception e) {
logLastOperationMessage(StringModel.STRING_RESOURCES.EXCEPTION + StringInvariant.COLON_SPACE + getSimpleName(e) + StringInvariant.COLON_SPACE + e.getMessage());
return null;
}
}
/**
* Deserializes an object from string data.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @param data Data object.
* @param Resulting class type.
*
* @return The deserialized object if operation was successful, otherwise it returns null.
*/
public static T deserializeFromString(String data) {
lastOperationWasSuccessful = false;
if (!binarySerializationEnabled) {
logLastOperationMessage(StringModel.STRING_RESOURCES.BINARY_SERIALIZATION_DISABLED);
return null;
}
if (data == null) {
logLastOperationMessage(StringModel.STRING_RESOURCES.NULL_DATA_PROVIDED);
return null;
}
return deserializeFromBytes(Base64.getDecoder().decode(data));
}
/**
* Deserializes an object from byte data.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @param filePath File path.
* @param Resulting class type.
*
* @return The deserialized object if operation was successful, otherwise it returns null.
*/
public static T deserializeFromFile(String filePath) {
lastOperationWasSuccessful = false;
if (!binarySerializationEnabled) {
logLastOperationMessage(StringModel.STRING_RESOURCES.BINARY_SERIALIZATION_DISABLED);
return null;
}
if (filePath == null) {
logLastOperationMessage(StringModel.STRING_RESOURCES.NULL_FILE_PATH_PROVIDED);
return null;
}
if (filePath.length() == 0) {
logLastOperationMessage(StringModel.STRING_RESOURCES.FILE_PATH_ZERO_LENGTH_PROVIDED);
return null;
}
File file = new File(filePath);
if (!file.exists()) {
logLastOperationMessage(StringModel.STRING_RESOURCES.FILE_PATH_NOT_EXISTS + StringInvariant.SPACE + filePath);
return null;
}
if (!file.isFile()) {
logLastOperationMessage(StringModel.STRING_RESOURCES.FILE_PATH_IS_NOT_A_FILE + StringInvariant.SPACE + filePath);
return null;
}
try {
FileInputStream fis = new FileInputStream(file);
ObjectInputStream ois = new ObjectInputStream(fis);
@SuppressWarnings("unchecked")
T deserializedObject = (T) ois.readObject();
ois.close();
lastOperationWasSuccessful = true;
logLastOperationMessage(StringModel.STRING_RESOURCES.DESERIALIZATION_PERFORMED + StringInvariant.SPACE + getSimpleName(deserializedObject) + StringInvariant.COLON_SPACE + filePath);
return deserializedObject;
} catch (Exception e) {
logLastOperationMessage(StringModel.STRING_RESOURCES.EXCEPTION + StringInvariant.COLON_SPACE + getSimpleName(e) + StringInvariant.COLON_SPACE + e.getMessage());
return null;
}
}
private static String getSimpleName(Object obj) {
if (obj == null)
return "";
else
return obj.getClass().getSimpleName();
}
/**
* Unique serialization UID based on library version and class id.
*
* Important - using binary serialization you confirm that
* you understand the security risks.
*
* WARNING: Deserializing data from an untrusted source can introduce
* security vulnerabilities to your application. Depending on the settings
* used during deserialization, untrusted data may be able to execute
* arbitrary code or cause a denial of service attack. Untrusted data
* can come from over the network from an untrusted source
* (e.g. any network client), or it can be manipulated/tampered by
* an intermediary while in transit over an unauthenticated connection,
* or from local storage where it may have been compromised/tampered,
* or from many other sources. MathParser.org-mXparser does not provide
* any means to authenticate data or secure it from tampering.
* Use an appropriate data authentication method before deserializing.
* Be very mindful of these attack scenarios; many projects and companies
* and users of serialization libraries in general have been bitten by
* untrusted deserialization of user data in the past.
*
* @param classId Class id
*
* @return The digits from the right 0 the first two digits are the class id,
* the digits 3 and 4 are the parser version in the PATCH range,
* the digits 5 and 6 are the parser version in the MINOR range,
* the digits 7 and 8 are the parser version in the MAJOR range.
*/
public static long getSerialVersionUID(int classId) {
return 1000000L * (long) mXparser.VERSION_MAJOR
+ 10000L * (long) mXparser.VERSION_MINOR
+ 100L * (long) mXparser.VERSION_PATCH
+ 1L * (long) classId
;
}
} © 2015 - 2025 Weber Informatics LLC | Privacy Policy