Skip to content

Commit c0592a3

Browse files
committed
Fixed: Enable indirect import checks and remove Object from receivers whitelist in ProgramExport for enhanced security
1 parent 6516157 commit c0592a3

1 file changed

Lines changed: 1 addition & 2 deletions

File tree

framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/ProgramExport.groovy

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ if (security.hasPermission('ENTITY_MAINT', session)) {
156156
setStarImportsWhitelist([])
157157
setStaticImportsWhitelist([])
158158
setStaticStarImportsWhitelist([])
159-
setIndirectImportCheckEnabled(false)
159+
setIndirectImportCheckEnabled(true)
160160
// Constant types whitelist
161161
setConstantTypesClassesWhiteList([
162162
Object, String, Integer, Long, Float, Double, Boolean,
@@ -178,7 +178,6 @@ if (security.hasPermission('ENTITY_MAINT', session)) {
178178
setExpressionsBlacklist([MethodPointerExpression])
179179
// Receiver whitelist - only safe OFBiz entity operations
180180
setReceiversWhiteList([
181-
'java.lang.Object',
182181
'org.apache.ofbiz.entity.Delegator',
183182
'org.apache.ofbiz.entity.util.EntityQuery',
184183
'org.apache.ofbiz.entity.util.EntityFindOptions',

0 commit comments

Comments
 (0)