protected void setupSecurity()

in xstream/src/java/com/thoughtworks/xstream/XStream.java [714:776]

• 59 lines of code
• 3 McCabe index (conditional complexity)

    protected void setupSecurity() {
        if (securityMapper == null) {
            return;
        }

        addPermission(NullPermission.NULL);
        addPermission(PrimitiveTypePermission.PRIMITIVES);
        addPermission(ArrayTypePermission.ARRAYS);
        addPermission(InterfaceTypePermission.INTERFACES);
        allowTypeHierarchy(Calendar.class);
        allowTypeHierarchy(Collection.class);
        allowTypeHierarchy(Enum.class);
        allowTypeHierarchy(Map.class);
        allowTypeHierarchy(Map.Entry.class);
        allowTypeHierarchy(Member.class);
        allowTypeHierarchy(Number.class);
        allowTypeHierarchy(Throwable.class);
        allowTypeHierarchy(TimeZone.class);
        allowTypeHierarchy(Path.class);

        final Set<Class<?>> types = new HashSet<>();
        types.addAll(Arrays.<Class<?>>asList(AtomicBoolean.class, AtomicInteger.class, AtomicLong.class,
            AtomicReference.class, BitSet.class, Charset.class, Class.class, Currency.class, Date.class,
            DecimalFormatSymbols.class, File.class, Locale.class, Object.class, Pattern.class, StackTraceElement.class,
            String.class, StringBuffer.class, StringBuilder.class, URL.class, URI.class, UUID.class));
        if (JVM.isSQLAvailable()) {
            types.add(JVM.loadClassForName("java.sql.Timestamp"));
            types.add(JVM.loadClassForName("java.sql.Time"));
            types.add(JVM.loadClassForName("java.sql.Date"));
        }
        
        allowTypeHierarchy(Clock.class);
        types.add(Duration.class);
        types.add(Instant.class);
        types.add(LocalDate.class);
        types.add(LocalDateTime.class);
        types.add(LocalTime.class);
        types.add(MonthDay.class);
        types.add(OffsetDateTime.class);
        types.add(OffsetTime.class);
        types.add(Period.class);
        types.add(JVM.loadClassForName("java.time.Ser"));
        types.add(Year.class);
        types.add(YearMonth.class);
        types.add(ZonedDateTime.class);
        allowTypeHierarchy(ZoneId.class);
        types.add(HijrahDate.class);
        types.add(JapaneseDate.class);
        types.add(JapaneseEra.class);
        types.add(MinguoDate.class);
        types.add(ThaiBuddhistDate.class);
        types.add(JVM.loadClassForName("java.time.chrono.Ser"));
        allowTypeHierarchy(Chronology.class);
        types.add(ValueRange.class);
        types.add(WeekFields.class);
        types.add(Optional.class);
        types.add(OptionalDouble.class);
        types.add(OptionalInt.class);
        types.add(OptionalLong.class);

        types.remove(null);
        allowTypes(types.toArray(new Class[types.size()]));
    }