From 996f701a1916d10202c1d0d281f06ab1f2e1117e Mon Sep 17 00:00:00 2001
From: Brian Clozel <bclozel@vmware.com>
Date: Thu, 31 Mar 2022 09:34:51 +0200
Subject: [PATCH] Refine PropertyDescriptor filtering

Restrict property paths under `Class` and properties of types
`ClassLoader` or `ProtectionDomain`.
---
 .../beans/CachedIntrospectionResults.java      | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java b/spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java
index 63ab95a11fe9..c66fd04b2171 100644
--- a/spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java
+++ b/spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
 import java.beans.IntrospectionException;
 import java.beans.Introspector;
 import java.beans.PropertyDescriptor;
+import java.security.ProtectionDomain;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -281,9 +282,13 @@ private CachedIntrospectionResults(Class<?> beanClass) throws BeansException {
 			// This call is slow so we do it once.
 			PropertyDescriptor[] pds = this.beanInfo.getPropertyDescriptors();
 			for (PropertyDescriptor pd : pds) {
-				if (Class.class == beanClass &&
-						("classLoader".equals(pd.getName()) ||  "protectionDomain".equals(pd.getName()))) {
-					// Ignore Class.getClassLoader() and getProtectionDomain() methods - nobody needs to bind to those
+				if (Class.class == beanClass && (!"name".equals(pd.getName()) && !pd.getName().endsWith("Name"))) {
+					// Only allow all name variants of Class properties
+					continue;
+				}
+				if (pd.getPropertyType() != null && (ClassLoader.class.isAssignableFrom(pd.getPropertyType())
+						|| ProtectionDomain.class.isAssignableFrom(pd.getPropertyType()))) {
+					// Ignore ClassLoader and ProtectionDomain types - nobody needs to bind to those
 					continue;
 				}
 				if (logger.isTraceEnabled()) {
@@ -321,6 +326,11 @@ private void introspectInterfaces(Class<?> beanClass, Class<?> currClass) throws
 						// GenericTypeAwarePropertyDescriptor leniently resolves a set* write method
 						// against a declared read method, so we prefer read method descriptors here.
 						pd = buildGenericTypeAwarePropertyDescriptor(beanClass, pd);
+						if (pd.getPropertyType() != null && (ClassLoader.class.isAssignableFrom(pd.getPropertyType())
+								|| ProtectionDomain.class.isAssignableFrom(pd.getPropertyType()))) {
+							// Ignore ClassLoader and ProtectionDomain types - nobody needs to bind to those
+							continue;
+						}
 						this.propertyDescriptors.put(pd.getName(), pd);
 					}
 				}