Package org.mariuszgromada.math.mxparser
Class SerializationUtils
- java.lang.Object
-
- org.mariuszgromada.math.mxparser.SerializationUtils
-
public final class SerializationUtils extends Object
A utility class for simplified serialization and deserialization of parser objects (and not only). Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Version:
- 5.2.0
- Author:
- Mariusz Gromada
MathParser.org - mXparser project page
mXparser on GitHub
INFIMA place to purchase a commercial MathParser.org-mXparser software license
info@mathparser.org
ScalarMath.org - a powerful math engine and math scripting language
Scalar Lite
Scalar Pro
MathSpace.pl - See Also:
Expression
,Argument
,RecursiveArgument
,Constant
,Function
Buy me a cup of coffee via donation
or support me purchasing the license via ORDER Page , or INFIMA online store
-
-
Constructor Summary
Constructors Constructor Description SerializationUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
checkLastOperationWasSuccessful()
Information whether the last ordered operation under any serialization or deserialization method was correctly performed.static <T> T
deserializeFromBytes(byte[] data)
Deserializes an object from byte data.static <T> T
deserializeFromFile(String filePath)
Deserializes an object from byte data.static <T> T
deserializeFromString(String data)
Deserializes an object from string data.static void
disableBinarySerialization()
Disables binary serialization done by the SerializationUtils.static void
enableBinarySerializationIamAwareOfSecurityRisks()
Enables binary serialization done by the SerializationUtils.static String
getLastOperationMessage()
Text information about the last operation performed by any serialization or deserialization method.static long
getSerialVersionUID(int classId)
Unique serialization UID based on library version and class id.static boolean
isBinarySerializationEnabled()
Returns whether binary serialization done by SerializationUtils is enabled by.static byte[]
serializeToBytes(Serializable objectToSerialize)
Serialization of an object to byte data.static boolean
serializeToFile(Serializable objectToSerialize, String filePath)
Serialization of an object to a file.static String
serializeToString(Serializable objectToSerialize)
Serialization of an object to String data.
-
-
-
Method Detail
-
enableBinarySerializationIamAwareOfSecurityRisks
public static void enableBinarySerializationIamAwareOfSecurityRisks()
Enables binary serialization done by the SerializationUtils. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.
-
disableBinarySerialization
public static void disableBinarySerialization()
Disables binary serialization done by the SerializationUtils. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.
-
isBinarySerializationEnabled
public static boolean isBinarySerializationEnabled()
Returns whether binary serialization done by SerializationUtils is enabled by. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Returns:
- True if enabled, false if disabled.
-
checkLastOperationWasSuccessful
public static boolean checkLastOperationWasSuccessful()
Information whether the last ordered operation under any serialization or deserialization method was correctly performed. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Returns:
- true if the operation was performed correctly, otherwise false.
-
getLastOperationMessage
public static String getLastOperationMessage()
Text information about the last operation performed by any serialization or deserialization method. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Returns:
- The content of the error in case of failure, information about the operation performed in case of success.
-
serializeToBytes
public static byte[] serializeToBytes(Serializable objectToSerialize)
Serialization of an object to byte data. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Parameters:
objectToSerialize
- The object for which serialization is possible.- Returns:
- The data object if the operation was successful, otherwise it returns null.
- See Also:
getLastOperationMessage()
,checkLastOperationWasSuccessful()
-
serializeToString
public static String serializeToString(Serializable objectToSerialize)
Serialization of an object to String data. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Parameters:
objectToSerialize
- The object for which serialization is possible.- Returns:
- The data string if the operation was successful, otherwise it returns null.
- See Also:
getLastOperationMessage()
,checkLastOperationWasSuccessful()
-
serializeToFile
public static boolean serializeToFile(Serializable objectToSerialize, String filePath)
Serialization of an object to a file. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Parameters:
objectToSerialize
- The object for which serialization is possible.filePath
- File path- Returns:
- true if the operation was successful, otherwise it returns false.
- See Also:
getLastOperationMessage()
,checkLastOperationWasSuccessful()
-
deserializeFromBytes
public static <T> T deserializeFromBytes(byte[] data)
Deserializes an object from byte data. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Type Parameters:
T
- Resulting class type.- Parameters:
data
- Data object.- Returns:
- The deserialized object if operation was successful, otherwise it returns null.
-
deserializeFromString
public static <T> T deserializeFromString(String data)
Deserializes an object from string data. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Type Parameters:
T
- Resulting class type.- Parameters:
data
- Data object.- Returns:
- The deserialized object if operation was successful, otherwise it returns null.
-
deserializeFromFile
public static <T> T deserializeFromFile(String filePath)
Deserializes an object from byte data. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Type Parameters:
T
- Resulting class type.- Parameters:
filePath
- File path.- Returns:
- The deserialized object if operation was successful, otherwise it returns null.
-
getSerialVersionUID
public static long getSerialVersionUID(int classId)
Unique serialization UID based on library version and class id. Important - using binary serialization you confirm that you understand the security risks. WARNING: Deserializing data from an untrusted source can introduce security vulnerabilities to your application. Depending on the settings used during deserialization, untrusted data may be able to execute arbitrary code or cause a denial of service attack. Untrusted data can come from over the network from an untrusted source (e.g. any network client), or it can be manipulated/tampered by an intermediary while in transit over an unauthenticated connection, or from local storage where it may have been compromised/tampered, or from many other sources. MathParser.org-mXparser does not provide any means to authenticate data or secure it from tampering. Use an appropriate data authentication method before deserializing. Be very mindful of these attack scenarios; many projects and companies and users of serialization libraries in general have been bitten by untrusted deserialization of user data in the past.- Parameters:
classId
- Class id- Returns:
- The digits from the right 0 the first two digits are the class id, the digits 3 and 4 are the parser version in the PATCH range, the digits 5 and 6 are the parser version in the MINOR range, the digits 7 and 8 are the parser version in the MAJOR range.
-
-