Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #1190 by marking RequestOptions transient #1197

Merged
merged 1 commit into from
Apr 22, 2021
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Fix #1190 by marking RequestOptions transient
Also try to prevent similar problems in the future by checking that
we only use the reflection-based type adapter for classes in `com.stripe.`.
ramon-stripe committed Apr 19, 2021
commit 148a5acb9d51e5aff74f2242ecac659e89be21f2
2 changes: 1 addition & 1 deletion src/main/java/com/stripe/model/StripeCollection.java
Original file line number Diff line number Diff line change
@@ -50,7 +50,7 @@ public abstract class StripeCollection<T extends HasId> extends StripeObject

@Getter(onMethod_ = {@Override})
@Setter(onMethod = @__({@Override}))
private RequestOptions requestOptions;
private transient RequestOptions requestOptions;

@Getter(onMethod_ = {@Override})
@Setter(onMethod = @__({@Override}))
Original file line number Diff line number Diff line change
@@ -18,6 +18,7 @@ final class ApiResourceTypeAdapterFactoryProvider {
factories.add(new BalanceTransactionSourceTypeAdapterFactory());
factories.add(new ExternalAccountTypeAdapterFactory());
factories.add(new PaymentSourceTypeAdapterFactory());
factories.add(new ReflectionCheckingTypeAdapterFactory());
}

public static List<TypeAdapterFactory> getAll() {
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package com.stripe.net;

import com.google.gson.Gson;
import com.google.gson.TypeAdapter;
import com.google.gson.TypeAdapterFactory;
import com.google.gson.internal.bind.ReflectiveTypeAdapterFactory;
import com.google.gson.reflect.TypeToken;

/**
* {@link TypeAdapterFactory} that checks that we don't use {@link ReflectiveTypeAdapterFactory}
* accidentally for classes outside {@code com.stripe} packages. This usually happens when we forget
* to mark a field {@code transient}.
*/
class ReflectionCheckingTypeAdapterFactory implements TypeAdapterFactory {
@Override
public <T> TypeAdapter<T> create(Gson gson, TypeToken<T> type) {
if (!type.getType().getTypeName().startsWith("com.stripe.")) {
TypeAdapter<T> adapter = gson.getDelegateAdapter(this, type);
if (adapter instanceof ReflectiveTypeAdapterFactory.Adapter) {
throw new IllegalArgumentException(
"Refusing to create type reflection-based type adapter for external class: " + type);
}
}
return null;
}
}