Fix #1931

Author: cowtowncoder

release-notes/VERSION

@@ -9,6 +9,7 @@ Project: jackson-databind
 #1872 `NullPointerException` in `SubTypeValidator.validateSubType` when
   validating Spring interface
  (reported by Rob W)
+#1931: Two more `c3p0` gadgets to exploit default typing issue
 
 2.7.9.2 (20-Dec-2017)
 

src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

@@ -18,7 +18,10 @@
  */
 public class SubTypeValidator
 {
-    protected final static String PREFIX_STRING = "org.springframework.";
+    protected final static String PREFIX_SPRING = "org.springframework.";
+
+    protected final static String PREFIX_C3P0 = "com.mchange.v2.c3p0.";
+
     /**
      * Set of well-known "nasty classes", deserialization of which is considered dangerous
      * and should (and is) prevented by default.
@@ -45,11 +48,13 @@ public class SubTypeValidator
         // [databind#1737]; 3rd party
 //s.add("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor"); // deprecated by [databind#1855]
         s.add("org.springframework.beans.factory.config.PropertyPathFactoryBean");
-        s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource");
-        s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource");
+
+// s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); // deprecated by [databind#1931]
+// s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); // - "" -
         // [databind#1855]: more 3rd party
         s.add("org.apache.tomcat.dbcp.dbcp2.BasicDataSource");
         s.add("com.sun.org.apache.bcel.internal.util.ClassLoader");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }
 
@@ -80,7 +85,9 @@ public void validateSubType(DeserializationContext ctxt, JavaType type) throws J
             // 18-Dec-2017, tatu: As per [databind#1855], need bit more sophisticated handling
             //    for some Spring framework types
             // 05-Jan-2017, tatu: ... also, only applies to classes, not interfaces
-            if (!raw.isInterface() && full.startsWith(PREFIX_STRING)) {
+            if (raw.isInterface()) {
+                ;
+            } else if (full.startsWith(PREFIX_SPRING)) {
                 for (Class<?> cls = raw; (cls != null) && (cls != Object.class); cls = cls.getSuperclass()){
                     String name = cls.getSimpleName();
                     // looking for "AbstractBeanFactoryPointcutAdvisor" but no point to allow any is there?
@@ -90,6 +97,16 @@ public void validateSubType(DeserializationContext ctxt, JavaType type) throws J
                         break main_check;
                     }
                 }
+            } else if (full.startsWith(PREFIX_C3P0)) {
+                // [databind#1737]; more 3rd party
+                // s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource");
+                // s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource");
+                // [databind#1931]; more 3rd party
+                // com.mchange.v2.c3p0.ComboPooledDataSource
+                // com.mchange.v2.c3p0.debug.AfterCloseLoggingComboPooledDataSource 
+                if (full.endsWith("DataSource")) {
+                    break main_check;
+                }
             }
             return;
         } while (false);

src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java

@@ -6,6 +6,7 @@
 
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import com.fasterxml.jackson.databind.*;
+import com.mchange.v2.c3p0.jacksontest.ComboPooledDataSource;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -86,23 +87,17 @@ public void testJDKTypes1855() throws Exception
 
     // 17-Aug-2017, tatu: Ideally would test handling of 3rd party types, too,
     //    but would require adding dependencies. This may be practical when
-    //    checking done by module, but for now let's not do that for databind.
+    //    checking done by separate module, but for now let's not do that for databind.
 
     /*
     public void testSpringTypes1737() throws Exception
     {
         _testIllegalType("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor");
         _testIllegalType("org.springframework.beans.factory.config.PropertyPathFactoryBean");
     }
-
-    public void testC3P0Types1737() throws Exception
-    {
-        _testIllegalType("com.mchange.v2.c3p0.JndiRefForwardingDataSource");
-        _testIllegalType("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource");
-    }
     */
 
-        // // // Tests for [databind#1872]
+    // // // Tests for [databind#1872]
     public void testJDKTypes1872() throws Exception
     {
         ObjectMapper mapper = new ObjectMapper();
@@ -113,6 +108,13 @@ public void testJDKTypes1872() throws Exception
         Authentication1872 result = mapper.readValue(json, Authentication1872.class);
         assertNotNull(result);
     }
+
+    // [databind#1931]
+    public void testC3P0Types() throws Exception
+    {
+        _testIllegalType(ComboPooledDataSource.class); // [databind#1931]
+    }
+
     private void _testIllegalType(Class<?> nasty) throws Exception {
         _testIllegalType(nasty.getName());
     }

src/test/java/com/mchange/v2/c3p0/jacksontest/ComboPooledDataSource.java

@@ -0,0 +1,6 @@
+package com.mchange.v2.c3p0.jacksontest;
+
+// test class for [databind#1931]
+public class ComboPooledDataSource {
+
+}