Package hudson.util

Class XStream2

  • public class XStream2
extends com.thoughtworks.xstream.XStream
    XStream customized in various ways for Jenkins’ needs. Most importantly, integrates RobustReflectionConverter.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  XStream2.PassthruConverter<T>
      Create a nested ConverterImpl subclass that extends this class to run some callback code just after a type is unmarshalled by RobustReflectionConverter.

      • Nested classes/interfaces inherited from class com.thoughtworks.xstream.XStream

        com.thoughtworks.xstream.XStream.InitializationException

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String COLLECTION_UPDATE_LIMIT_PROPERTY_NAME
      Determine what is the value (in seconds) of the "collectionUpdateLimit" added by XStream to protect against CVE-2021-43859.

      • Fields inherited from class com.thoughtworks.xstream.XStream

        COLLECTION_UPDATE_LIMIT, COLLECTION_UPDATE_SECONDS, ID_REFERENCES, NO_REFERENCES, PRIORITY_LOW, PRIORITY_NORMAL, PRIORITY_VERY_HIGH, PRIORITY_VERY_LOW, SINGLE_NODE_XPATH_ABSOLUTE_REFERENCES, SINGLE_NODE_XPATH_RELATIVE_REFERENCES, XPATH_ABSOLUTE_REFERENCES, XPATH_RELATIVE_REFERENCES

    • Constructor Summary

      Constructors 
      Constructor Description
      XStream2()  
      XStream2​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver driver, com.thoughtworks.xstream.core.ClassLoaderReference classLoaderReference, com.thoughtworks.xstream.mapper.Mapper mapper, com.thoughtworks.xstream.converters.ConverterLookup converterLookup, com.thoughtworks.xstream.converters.ConverterRegistry converterRegistry)  
      XStream2​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      void addCompatibilityAlias​(String oldClassName, Class newClass)
      Adds an alias in case class names change.
      void addCriticalField​(Class<?> clazz, String field)
      Specifies that a given field of a given class should not be treated with laxity by RobustCollectionConverter.
      static com.thoughtworks.xstream.io.HierarchicalStreamDriver getDefaultDriver()
      Convenience method so we only have to change the driver in one place if we switch to something new in the future
      com.thoughtworks.xstream.mapper.Mapper getMapperInjectionPoint()  
      void setMapper​(com.thoughtworks.xstream.mapper.Mapper m)
      This method allows one to insert additional mappers after XStream2 was created, but because of the way XStream works internally, this needs to be done carefully.
      protected void setupConverters()  
      void toXML​(Object obj, OutputStream out)
      Deprecated.
      Uses default encoding yet fails to write an encoding header.
      void toXMLUTF8​(Object obj, OutputStream out)
      Serializes to a byte stream.
      Object unmarshal​(com.thoughtworks.xstream.io.HierarchicalStreamReader reader, Object root, com.thoughtworks.xstream.converters.DataHolder dataHolder)  
      Object unmarshal​(com.thoughtworks.xstream.io.HierarchicalStreamReader reader, Object root, com.thoughtworks.xstream.converters.DataHolder dataHolder, boolean nullOut)
      Variant of unmarshal(HierarchicalStreamReader, Object, DataHolder) that nulls out non-transient instance fields not defined in the source when unmarshaling into an existing object.
      protected com.thoughtworks.xstream.mapper.MapperWrapper wrapMapper​(com.thoughtworks.xstream.mapper.MapperWrapper next)  

      • Methods inherited from class com.thoughtworks.xstream.XStream

        addDefaultImplementation, addImmutableType, addImmutableType, addImplicitArray, addImplicitArray, addImplicitArray, addImplicitCollection, addImplicitCollection, addImplicitCollection, addImplicitMap, addImplicitMap, addPermission, alias, alias, aliasAttribute, aliasAttribute, aliasField, aliasPackage, aliasSystemAttribute, aliasType, allowTypeHierarchy, allowTypes, allowTypes, allowTypesByRegExp, allowTypesByRegExp, allowTypesByWildcard, autodetectAnnotations, createObjectInputStream, createObjectInputStream, createObjectInputStream, createObjectInputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, denyPermission, denyTypeHierarchy, denyTypes, denyTypes, denyTypesByRegExp, denyTypesByRegExp, denyTypesByWildcard, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, getClassLoader, getClassLoaderReference, getConverterLookup, getMapper, getReflectionProvider, ignoreUnknownElements, ignoreUnknownElements, ignoreUnknownElements, marshal, marshal, newDataHolder, omitField, processAnnotations, processAnnotations, registerConverter, registerConverter, registerConverter, registerConverter, registerLocalConverter, registerLocalConverter, setClassLoader, setCollectionUpdateLimit, setMarshallingStrategy, setMode, setupAliases, setupDefaultImplementations, setupDefaultSecurity, setupImmutableTypes, setupSecurity, toXML, toXML, unmarshal, unmarshal, useAttributeFor, useAttributeFor, useAttributeFor, useXStream11XmlFriendlyMapper

    • Field Detail

      • COLLECTION_UPDATE_LIMIT_PROPERTY_NAME

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public static final String COLLECTION_UPDATE_LIMIT_PROPERTY_NAME
        Determine what is the value (in seconds) of the "collectionUpdateLimit" added by XStream to protect against CVE-2021-43859. It corresponds to the accumulated timeout when adding an item to a collection. Default: 5 seconds (in contrary to XStream default to 20 which is a bit too tolerant) If negative: disable the DoS protection

    • Constructor Detail

      • XStream2

        public XStream2()

      • XStream2

        public XStream2​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)

      • XStream2

        public XStream2​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
                com.thoughtworks.xstream.io.HierarchicalStreamDriver driver,
                com.thoughtworks.xstream.core.ClassLoaderReference classLoaderReference,
                com.thoughtworks.xstream.mapper.Mapper mapper,
                com.thoughtworks.xstream.converters.ConverterLookup converterLookup,
                com.thoughtworks.xstream.converters.ConverterRegistry converterRegistry)
        Since:
        2.318

    • Method Detail

      • getDefaultDriver

        public static com.thoughtworks.xstream.io.HierarchicalStreamDriver getDefaultDriver()
        Convenience method so we only have to change the driver in one place if we switch to something new in the future
        Returns:
        a new instance of the HierarchicalStreamDriver we want to use

      • unmarshal

        public Object unmarshal​(com.thoughtworks.xstream.io.HierarchicalStreamReader reader,
                        Object root,
                        com.thoughtworks.xstream.converters.DataHolder dataHolder)
        Overrides:
        unmarshal in class com.thoughtworks.xstream.XStream

      • unmarshal

        public Object unmarshal​(com.thoughtworks.xstream.io.HierarchicalStreamReader reader,
                        Object root,
                        com.thoughtworks.xstream.converters.DataHolder dataHolder,
                        boolean nullOut)
        Variant of unmarshal(HierarchicalStreamReader, Object, DataHolder) that nulls out non-transient instance fields not defined in the source when unmarshaling into an existing object.

        Typically useful when loading user-supplied XML files in place (non-null root) where some reference-valued fields of the root object may have legitimate reasons for being null. Without this mode, it is impossible to clear such fields in an existing instance, since XStream has no notation for a null field value. Even for primitive-valued fields, it is useful to guarantee that unmarshaling will produce the same result as creating a new instance.

        Do not use in cases where the root objects defines fields (typically final) which it expects to be NonNull unless you are prepared to restore default values for those fields.

        Parameters:
        nullOut - whether to perform this special behavior; false to use the stock XStream behavior of leaving unmentioned root fields untouched
        Since:
        2.99
        See Also:
        XmlFile.unmarshalNullingOut(java.lang.Object), JENKINS-21017

      • setupConverters

        protected void setupConverters()
        Overrides:
        setupConverters in class com.thoughtworks.xstream.XStream

      • addCriticalField

        public void addCriticalField​(Class<?> clazz,
                             String field)
        Specifies that a given field of a given class should not be treated with laxity by RobustCollectionConverter.
        Parameters:
        clazz - a class which we expect to hold a non-transient field
        field - a field name in that class
        Since:
        2.85 this method can be used from outside core, before then it was restricted since initially added in 1.551 / 1.532.2

      • wrapMapper

        protected com.thoughtworks.xstream.mapper.MapperWrapper wrapMapper​(com.thoughtworks.xstream.mapper.MapperWrapper next)
        Overrides:
        wrapMapper in class com.thoughtworks.xstream.XStream

      • getMapperInjectionPoint

        public com.thoughtworks.xstream.mapper.Mapper getMapperInjectionPoint()

      • toXMLUTF8

        public void toXMLUTF8​(Object obj,
                      OutputStream out)
               throws IOException
        Serializes to a byte stream. Uses UTF-8 encoding and specifies that in the XML encoding declaration.
        Throws:
        IOException
        Since:
        1.504

      • setMapper

        public void setMapper​(com.thoughtworks.xstream.mapper.Mapper m)
        This method allows one to insert additional mappers after XStream2 was created, but because of the way XStream works internally, this needs to be done carefully. Namely,
        1. You need to getMapperInjectionPoint() wrap it, then put that back into setMapper(Mapper).
        2. The whole sequence needs to be synchronized against this object to avoid a concurrency issue.

      • addCompatibilityAlias

        public void addCompatibilityAlias​(String oldClassName,
                                  Class newClass)
        Adds an alias in case class names change. Unlike XStream.alias(String, Class), which uses the registered alias name for writing XML, this method registers an alias to be used only for the sake of reading from XML. This makes this method usable for the situation when class names change.
        Parameters:
        oldClassName - Fully qualified name of the old class name.
        newClass - New class that's field-compatible with the given old class name.
        Since:
        1.416