Exploit Serialization To Perform Deep Copy

Exploit Serialization To Perform Deep Copy

The clone() method of java.lang.Object class makes a shallow copy of anobject i.e. a copy that excludes the objects that the to-be-cloned object contains. Therefore, to produce a deep copy of your complex objects, you have to write your own clone() method so that you take care of copying every contained object. This, depending on the complexity of your objects, may entail a lot of code. Java’s serialization mechanism provides a neat workaround to this situation.

To take advantage of serialization, you have to ensure that your objects and all their contained objects are serializable. The following code demonstrates deep copy via serialization:

 public class DeepCopyMaker {             private DeepCopyMaker()	{		//I made constructor private so that DeepCopyMaker could notbe created	}                         static public Object makeDeepCopy(Object obj2DeepCopy) throwsException             { 		//obj2DeepCopy must be serializable             	ObjectOutputStream outStream = null;                         ObjectInputStream inStream = null;                         try                         { 			ByteArrayOutputStream byteOut = 	                                    new ByteArrayOutputStream();                                     outStream = newObjectOutputStream(byteOut);                                     // serialize and write obj2DeepCopy tobyteOut                                    outStream.writeObject(obj2DeepCopy); 			//always flush your stream                                    outStream.flush();                                     ByteArrayInputStream byteIn =      	                               newByteArrayInputStream(byteOut.toByteArray());                                    inStream = newObjectInputStream(byteIn);                                     // read the serialized, and deep copied,object and return it                                     return inStream.readObject(); 		}                         catch(Exception e)                         {                         	//handle the exception			//it is not a bad idea to throw the exception, sothat the caller of the 			//method knows something went wrong			throw(e);                         }                          finally                          { 			//always close your streams in finally clauses                          	outStream.close();                                     inStream.close();                           } 	} } 
Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes