chore(java): rename blacklist/whitelist to allowed/disallowed list (#…

…1449) Closes #1447
apache · Apr 1, 2024 · a4356eb · a4356eb
1 parent b9e0b70
commit a4356eb
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 27 deletions.
diff --git a/docs/guide/java_object_graph_guide.md b/docs/guide/java_object_graph_guide.md
@@ -262,7 +262,7 @@ ThreadSafeFury fury = new ThreadLocalFury(classLoader -> {
 checker.allowClass("org.example.*");
 ```
 
-Fury also provided a `org.apache.fury.resolver.AllowListChecker` which is white/blacklist based checker to simplify
+Fury also provided a `org.apache.fury.resolver.AllowListChecker` which is allowed/disallowed list based checker to simplify
 the customization of class check mechanism. You can use this checker or implement more sophisticated checker by yourself.
 
 ### Serializer Registration

diff --git a/...ain/resources/META-INF/native-image/org.apache.fury/graalvm_tests/native-image.properties b/...ain/resources/META-INF/native-image/org.apache.fury/graalvm_tests/native-image.properties
@@ -24,4 +24,4 @@ Args = -H:+ReportExceptionStackTraces \
   org.apache.fury.graalvm.ThreadSafeExample,\
   org.apache.fury.graalvm.ProxyExample,\
   org.apache.fury.graalvm.Benchmark,\
-  org.apache.fury.resolver.BlackList
+  org.apache.fury.resolver.DisallowedList
diff --git a/java/fury-core/src/main/java/org/apache/fury/resolver/ClassResolver.java b/java/fury-core/src/main/java/org/apache/fury/resolver/ClassResolver.java
@@ -1137,7 +1137,7 @@ public <T> Serializer<T> createSerializerSafe(Class<T> cls, Supplier<Serializer<
   }
 
   private Serializer createSerializer(Class<?> cls) {
-    BlackList.checkNotInBlackList(cls.getName());
+    DisallowedList.checkNotInDisallowedList(cls.getName());
     String msg =
         String.format(
             "%s is not registered, please check whether it's the type you want to serialize or "

diff --git a/...a/org/apache/fury/resolver/BlackList.java → .../apache/fury/resolver/DisallowedList.java b/...a/org/apache/fury/resolver/BlackList.java → .../apache/fury/resolver/DisallowedList.java
@@ -29,39 +29,39 @@
 import org.apache.fury.exception.InsecureException;
 
 /** A class to record which classes are not allowed for serialization. */
-class BlackList {
-  private static final String BLACKLIST_TXT_PATH = "fury/blacklist.txt";
-  private static final Set<String> DEFAULT_BLACKLIST_SET;
+class DisallowedList {
+  private static final String DISALLOWED_LIST_TXT_PATH = "fury/disallowed.txt";
+  private static final Set<String> DEFAULT_DISALLOWED_LIST_SET;
 
   static {
     try (InputStream is =
-        BlackList.class.getClassLoader().getResourceAsStream(BLACKLIST_TXT_PATH)) {
+        DisallowedList.class.getClassLoader().getResourceAsStream(DISALLOWED_LIST_TXT_PATH)) {
       if (is != null) {
-        DEFAULT_BLACKLIST_SET =
+        DEFAULT_DISALLOWED_LIST_SET =
             new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))
                 .lines()
                 .collect(Collectors.toSet());
       } else {
         throw new IllegalStateException(
-            String.format("Read blacklist %s failed", BLACKLIST_TXT_PATH));
+            String.format("Read disallowed list %s failed", DISALLOWED_LIST_TXT_PATH));
       }
     } catch (IOException e) {
       throw new IllegalStateException(
-          String.format("Read blacklist %s failed", BLACKLIST_TXT_PATH), e);
+          String.format("Read disallowed list %s failed", DISALLOWED_LIST_TXT_PATH), e);
     }
   }
 
   /**
-   * Determine whether the current Class is in the default blacklist.
+   * Determine whether the current Class is in the default disallowed list.
    *
-   * <p>Note that if Class exists in the blacklist, {@link InsecureException} will be thrown.
+   * <p>Note that if Class exists in the disallowed list, {@link InsecureException} will be thrown.
    *
    * @param clsName Class Name that needs to be judged.
-   * @throws InsecureException If the class is in the blacklist.
+   * @throws InsecureException If the class is in the disallowed list.
    */
-  static void checkNotInBlackList(String clsName) {
-    if (DEFAULT_BLACKLIST_SET.contains(clsName)) {
-      throw new InsecureException(String.format("%s hit blacklist", clsName));
+  static void checkNotInDisallowedList(String clsName) {
+    if (DEFAULT_DISALLOWED_LIST_SET.contains(clsName)) {
+      throw new InsecureException(String.format("%s hit disallowed list", clsName));
     }
   }
 }
diff --git a/...ore/src/main/resources/fury/blacklist.txt → ...re/src/main/resources/fury/disallowed.txt b/...ore/src/main/resources/fury/blacklist.txt → ...re/src/main/resources/fury/disallowed.txt
diff --git a/...g/apache/fury/resolver/BlackListTest.java → ...che/fury/resolver/DisallowedListTest.java b/...g/apache/fury/resolver/BlackListTest.java → ...che/fury/resolver/DisallowedListTest.java
@@ -28,30 +28,32 @@
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
-public class BlackListTest extends FuryTestBase {
+public class DisallowedListTest extends FuryTestBase {
 
   @Test
-  public void testCheckHitBlackList() {
-    // Hit the blacklist.
+  public void testCheckHitDisallowedList() {
+    // Hit the disallowed list.
     Assert.assertThrows(
         InsecureException.class,
-        () -> BlackList.checkNotInBlackList("java.rmi.server.UnicastRemoteObject"));
+        () -> DisallowedList.checkNotInDisallowedList("java.rmi.server.UnicastRemoteObject"));
     Assert.assertThrows(
         InsecureException.class,
-        () -> BlackList.checkNotInBlackList("com.sun.jndi.rmi.registry.BindingEnumeration"));
+        () ->
+            DisallowedList.checkNotInDisallowedList(
+                "com.sun.jndi.rmi.registry.BindingEnumeration"));
     Assert.assertThrows(
         InsecureException.class,
-        () -> BlackList.checkNotInBlackList(java.beans.Expression.class.getName()));
+        () -> DisallowedList.checkNotInDisallowedList(java.beans.Expression.class.getName()));
     Assert.assertThrows(
         InsecureException.class,
-        () -> BlackList.checkNotInBlackList(UnicastRemoteObject.class.getName()));
+        () -> DisallowedList.checkNotInDisallowedList(UnicastRemoteObject.class.getName()));
 
-    // Not in the blacklist.
-    BlackList.checkNotInBlackList("java.util.HashMap");
+    // Not in the disallowed list.
+    DisallowedList.checkNotInDisallowedList("java.util.HashMap");
   }
 
   @Test
-  public void testSerializeBlackListClass() {
+  public void testSerializeDisallowedClass() {
     Fury[] allFury = new Fury[3];
     for (int i = 0; i < 3; i++) {
       boolean requireClassRegistration = i % 2 == 0;
@@ -61,7 +63,7 @@ public void testSerializeBlackListClass() {
               .requireClassRegistration(requireClassRegistration)
               .build();
       if (requireClassRegistration) {
-        // Registered or unregistered Classes should be subject to blacklist restrictions.
+        // Registered or unregistered Classes should be subject to disallowed list restrictions.
         fury.register(UnicastRemoteObject.class);
       }
       allFury[i] = fury;