140. Avoiding DoS attacks at deserialization
Denial-of-service (DoS) attacks are typically malicious actions meant to trigger, in a short period of time, a lot of requests to a server, application, and so on. Generally speaking, a DoS attack is any kind of action that intentionally/accidentally overwhelms a process and forces it to slow down or even crash. Let’s see a snippet of code that is a good candidate for representing a DoS attack in the deserialization phase:
ArrayList<Object> startList = new ArrayList<>();
List<Object> list1 = startList;
List<Object> list2 = new ArrayList<>();
for (int i = 0; i < 101; i++) {
List<Object> sublist1 = new ArrayList<>();
List<Object> sublist2 = new ArrayList<>();
sublist1.add("value: " + i);
list1.add(sublist1);
list1.add(sublist2);
list2.add(sublist1);
list2.add(sublist2);
list1 = sublist1;
list2 = sublist2;
}
We plan to serialize the startList...