root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Defensively copy array returned from TypeDescriptor 

Update the internal proxy used in `TypeDescriptor` so that it returns a
cloned array for calls to `getDeclaredAnnotations` or `getAnnotations`.

Closes gh-22695
This commit is contained in:
Phillip Webb 2019-03-27 13:48:51 -07:00
parent 0589989eb4
commit bf9dea4254
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-core/src/main/java/org/springframework/core/convert/TypeDescriptor.java
View File

@ -765,7 +765,7 @@ public class TypeDescriptor implements Serializable {
@Override
public Annotation[] getAnnotations() {
return (this.annotations != null ? this.annotations : EMPTY_ANNOTATION_ARRAY);
return (this.annotations != null ? this.annotations.clone() : EMPTY_ANNOTATION_ARRAY);
}
@Override

9
spring-core/src/test/java/org/springframework/core/convert/TypeDescriptorTests.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -168,6 +168,13 @@ public class TypeDescriptorTests {
assertEquals(123, t1.getAnnotation(ParameterAnnotation.class).value());
}
@Test
public void getAnnotationsReturnsClonedArray() throws Exception {
TypeDescriptor t = new TypeDescriptor(new MethodParameter(getClass().getMethod("testAnnotatedMethod", String.class), 0));
t.getAnnotations()[0] = null;
assertNotNull(t.getAnnotations()[0]);
}
@Test
public void propertyComplex() throws Exception {
Property property = new Property(getClass(), getClass().getMethod("getComplexProperty"),