feat(scanallclasses): create a scan all classes boolean

agent/src/main/java/io/dogboy/serializationisbad/agent/SIBTransformer.java

@@ -2,6 +2,7 @@
 
 import io.dogboy.serializationisbad.core.Patches;
 import io.dogboy.serializationisbad.core.SerializationIsBad;
+import io.dogboy.serializationisbad.core.config.PatchModule;
 import org.objectweb.asm.tree.ClassNode;
 
 import java.lang.instrument.ClassFileTransformer;
@@ -13,9 +14,9 @@ public class SIBTransformer implements ClassFileTransformer {
     public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
         String classNameDots = className.replace('/', '.');
 
-        if (Patches.getPatchModuleForClass(classNameDots) == null) return classfileBuffer;
-
-        SerializationIsBad.logger.info("Applying patches to " + classNameDots);
+        if (!Patches.shouldPatchClass(classNameDots)) {
+            return classfileBuffer;
+        }
 
         ClassNode classNode = Patches.readClassNode(classfileBuffer);
         Patches.applyPatches(classNameDots, classNode);

core/src/main/java/io/dogboy/serializationisbad/core/Patches.java

@@ -14,14 +14,22 @@
 
 public class Patches {
 
+    public static boolean shouldPatchClass(String className) {
+        return SerializationIsBad.getInstance().getConfig().isScanAllClasses() || isClassKnown(className);
+    }
+
+    public static boolean isClassKnown(String className) {
+        return getPatchModuleForClass(className) != PatchModule.EMPTY;
+    }
+
     public static PatchModule getPatchModuleForClass(String className) {
         for (PatchModule patchModule : SerializationIsBad.getInstance().getConfig().getPatchModules()) {
             if (patchModule.getClassesToPatch().contains(className)) {
                 return patchModule;
             }
         }
 
-        return null;
+        return PatchModule.EMPTY;
     }
 
     public static ClassNode readClassNode(byte[] classBytecode) {
@@ -38,6 +46,13 @@ public static byte[] writeClassNode(ClassNode classNode) {
     }
 
     public static void applyPatches(String className, ClassNode classNode) {
+        boolean isClassKnown = isClassKnown(className);
+        boolean patched = false;
+
+        if (isClassKnown) {
+            SerializationIsBad.logger.info("Applying patches to " + className);
+        }
+
         for (MethodNode methodNode : classNode.methods) {
             InsnList instructions = methodNode.instructions;
             for (int i = 0; i < instructions.size(); i++) {
@@ -61,9 +76,13 @@ public static void applyPatches(String className, ClassNode classNode) {
                     instructions.insertBefore(instruction, additionalInstructions);
 
                     SerializationIsBad.logger.info("  (2/2) Redirecting ObjectInputStream to ClassFilteringObjectInputStream in method " + methodNode.name);
+                    patched = true;
                 }
             }
         }
+        if (patched && !isClassKnown) {
+            SerializationIsBad.logger.warn("Applied ObjectInputStream patches in unknown class " + className + ", please report this to the developers of SerializationIsBad responsibly.");
+        }
     }
 
 }

core/src/main/java/io/dogboy/serializationisbad/core/config/PatchModule.java

@@ -4,6 +4,8 @@
 import java.util.Set;
 
 public class PatchModule {
+    public final static PatchModule EMPTY = new PatchModule();
+
     private Set<String> classesToPatch;
     private Set<String> classAllowlist;
     private Set<String> packageAllowlist;

core/src/main/java/io/dogboy/serializationisbad/core/config/SIBConfig.java

@@ -6,18 +6,28 @@
 import java.util.Set;
 
 public class SIBConfig {
+    private boolean scanAllClasses;
     private boolean executeBlocking;
     private List<PatchModule> patchModules;
     private Set<String> classAllowlist;
     private Set<String> packageAllowlist;
 
     public SIBConfig() {
+        this.scanAllClasses = true;
         this.executeBlocking = true;
         this.patchModules = new ArrayList<>();
         this.classAllowlist = new HashSet<>();
         this.packageAllowlist = new HashSet<>();
     }
 
+    public boolean isScanAllClasses() {
+        return this.scanAllClasses;
+    }
+
+    public void setScanAllClasses(boolean scanAllClasses) {
+        this.scanAllClasses = scanAllClasses;
+    }
+
     public boolean isExecuteBlocking() {
         return this.executeBlocking;
     }

legacyforge/src/main/java/io/dogboy/serializationisbad/legacyforge/SIBTransformer.java

@@ -2,15 +2,16 @@
 
 import io.dogboy.serializationisbad.core.Patches;
 import io.dogboy.serializationisbad.core.SerializationIsBad;
+import io.dogboy.serializationisbad.core.config.PatchModule;
 import net.minecraft.launchwrapper.IClassTransformer;
 import org.objectweb.asm.tree.ClassNode;
 
 public class SIBTransformer implements IClassTransformer {
     @Override
     public byte[] transform(String name, String transformedName, byte[] basicClass) {
-        if (Patches.getPatchModuleForClass(transformedName) == null) return basicClass;
-
-        SerializationIsBad.logger.info("Applying patches to " + transformedName);
+        if (!Patches.shouldPatchClass(transformedName)) {
+            return basicClass;
+        }
 
         ClassNode classNode = Patches.readClassNode(basicClass);
         Patches.applyPatches(transformedName, classNode);

serializationisbad.json

@@ -1,4 +1,5 @@
 {
+    "scanAllClasses": true,
     "executeBlocking": true,
     "patchModules": [
         {