on forName validate packages of classes to load

[DaanHoogland]

Description

This PR...

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

Attention: 11 lines in your changes are missing coverage. Please review.

Comparison is base (3bb318b) 13.13% compared to head (b3965d3) 13.11%.

❗ Current head b3965d3 differs from pull request most recent head e5e91a2. Consider uploading reports for the commit e5e91a2 to get more accurate results

Files	Patch %	Lines
...c/main/java/com/cloud/api/ApiSerializerHelper.java	45.00%	6 Missing and 5 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               4.18    #8277      +/-   ##
============================================
- Coverage     13.13%   13.11%   -0.02%     
+ Complexity     9143     9135       -8     
============================================
  Files          2720     2720              
  Lines        257717   257658      -59     
  Branches      40176    40173       -3     
============================================
- Hits          33843    33804      -39     
+ Misses       219583   219561      -22     
- Partials       4291     4293       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[weizhouapache]

I am not sure if this will improve security (is it the goal of this PR ?).
anyone can create java classes in the packages

[DaanHoogland]

yes, it is just an extra layer. They will also have to get those classes on the classpath of the remote machine though. I was think of extending the method to also be able to add a required base class or interface.

[DaanHoogland]

I am not sure if this will improve security (is it the goal of this PR ?). anyone can create java classes in the packages

any sugestions for improvement @weizhouapache ?

[codecov-commenter]

Codecov Report

❌ Patch coverage is 52.00000% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 16.18%. Comparing base (e4414d1) to head (3199374).
⚠️ Report is 9 commits behind head on 4.20.

Files with missing lines	Patch %	Lines
...c/main/java/com/cloud/api/ApiSerializerHelper.java	52.00%	7 Missing and 5 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               4.20    #8277      +/-   ##
============================================
- Coverage     16.18%   16.18%   -0.01%     
- Complexity    13300    13302       +2     
============================================
  Files          5657     5657              
  Lines        498478   498488      +10     
  Branches      60501    60503       +2     
============================================
- Hits          80668    80661       -7     
- Misses       408827   408840      +13     
- Partials       8983     8987       +4     

Flag	Coverage Δ
uitests	4.00% <ø> (ø)
unittests	17.03% <52.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[DaanHoogland]

@blueorangutan package