-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for glob pattern combined with methods/fields #88
Comments
Hi, But this is hard to implement in the current infrastructure for several reasons:
Would it not be possible to exclude via super class (like the AccessibleObject instead of Method/Field)? I know this won't work for static methods. I can take a look at source code! |
My suggestion about POI would be: In Lucene we also auto-generate source code using jflex, javacc, or antlr. This process also creates broken methods using input streams (or public classes we don't want to have public). We have a post source code creation task that uses regular expressions to clean up the source code. Why not do the same for the generated xmlbeans code? Something like a replaceregex with a glob pattern on all files? By that the methods would not even be created and this may also reduce JAR file size. Example from Lucene's expressions module where we "fix" the ANTLR generated files: https://github.com/apache/lucene-solr/blob/9bf85cde1bcd539db03ea2fd5a96524ba8f2f0f0/lucene/expressions/build.xml#L77-L130 (In fact I was thinking about that already when I was fixing the security problems with external entities last year). |
I've also thought about manipulating the schemas, but on a second thought forbidden-apis seemed to be less effort to reach my goal :) |
How about "fixing" the methods to take "safe" default args (no entity expansion,...)? |
Hello Uwe,
(as you know ... :) in Apache POI we are still using XmlBeans with a lots of factory (inner) classes in the generated interfaces. I'd like to add something like the following expression to fail on calls which don't use our (more-or-less) safe XmlOptions:
Would that make sense or is there a different approach possible?
i.e. by checking parent calls in the factory method, but those are all with the same signature and
null
default values.Andi.
The text was updated successfully, but these errors were encountered: