From 182f204c958ab0c188197e403f75e8550bcb8279 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Sat, 29 Sep 2018 13:19:21 -0700
Subject: [PATCH] GUACAMOLE-635: Heap pollution is not possible within
 SimpleDirectory(ObjectType... objects).

From https://docs.oracle.com/javase/tutorial/java/generics/nonReifiableVarargsType.html#vulnerabilities:

"Heap pollution occurs when a variable of a parameterized type refers
to an object that is not of that parameterized type."

In this case, the parameterized type (ObjectType) and the array of that
type within this constructor are always used as their formal types.
---
 .../org/apache/guacamole/net/auth/simple/SimpleDirectory.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleDirectory.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleDirectory.java
index 4f64ec8c0..38655705a 100644
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleDirectory.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleDirectory.java
@@ -85,6 +85,7 @@ public class SimpleDirectory<ObjectType extends Identifiable>
      * @param objects
      *     The objects that should be present in this directory.
      */
+    @SafeVarargs
     public SimpleDirectory(ObjectType... objects) {
         this(Arrays.asList(objects));
     }