Fix stripe#1190 by marking RequestOptions transient

Also try to prevent similar problems in the future by checking that we only use the reflection-based type adapter for classes in `com.stripe.`.
ramon-stripe · Apr 19, 2021 · 8121871 · 8121871
1 parent 4262fcc
commit 8121871
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -29,6 +29,7 @@ jobs:
           - "11.0"
           - "12.0"
           - "13.0"
+          - "16.0"
 
     steps:
       - uses: actions/checkout@master

diff --git a/src/main/java/com/stripe/model/StripeCollection.java b/src/main/java/com/stripe/model/StripeCollection.java
@@ -50,7 +50,7 @@ public abstract class StripeCollection<T extends HasId> extends StripeObject
 
   @Getter(onMethod_ = {@Override})
   @Setter(onMethod = @__({@Override}))
-  private RequestOptions requestOptions;
+  private transient RequestOptions requestOptions;
 
   @Getter(onMethod_ = {@Override})
   @Setter(onMethod = @__({@Override}))

diff --git a/src/main/java/com/stripe/net/ApiResourceTypeAdapterFactoryProvider.java b/src/main/java/com/stripe/net/ApiResourceTypeAdapterFactoryProvider.java
@@ -18,6 +18,7 @@ final class ApiResourceTypeAdapterFactoryProvider {
     factories.add(new BalanceTransactionSourceTypeAdapterFactory());
     factories.add(new ExternalAccountTypeAdapterFactory());
     factories.add(new PaymentSourceTypeAdapterFactory());
+    factories.add(new ReflectionCheckingTypeAdapterFactory());
   }
 
   public static List<TypeAdapterFactory> getAll() {

diff --git a/src/main/java/com/stripe/net/ReflectionCheckingTypeAdapterFactory.java b/src/main/java/com/stripe/net/ReflectionCheckingTypeAdapterFactory.java
@@ -0,0 +1,26 @@
+package com.stripe.net;
+
+import com.google.gson.Gson;
+import com.google.gson.TypeAdapter;
+import com.google.gson.TypeAdapterFactory;
+import com.google.gson.internal.bind.ReflectiveTypeAdapterFactory;
+import com.google.gson.reflect.TypeToken;
+
+/**
+ * {@link TypeAdapterFactory} that checks that we don't use {@link ReflectiveTypeAdapterFactory}
+ * accidentally for classes outside {@code com.stripe} packages. This usually happens when we forget
+ * to mark a field {@code transient}.
+ */
+class ReflectionCheckingTypeAdapterFactory implements TypeAdapterFactory {
+  @Override
+  public <T> TypeAdapter<T> create(Gson gson, TypeToken<T> type) {
+    if (!type.getType().getTypeName().startsWith("com.stripe.")) {
+      TypeAdapter<T> adapter = gson.getDelegateAdapter(this, type);
+      if (adapter instanceof ReflectiveTypeAdapterFactory.Adapter) {
+        throw new IllegalArgumentException(
+            "Refusing to create type reflection-based type adapter for external class: " + type);
+      }
+    }
+    return null;
+  }
+}