Package hudson.remoting
Class URLDeserializationHelper
- java.lang.Object
-
- hudson.remoting.URLDeserializationHelper
-
public class URLDeserializationHelper extends Object
SECURITY-637, this helper wraps the URL into a "safe" version if the url has a non-empty host and the JVM configuration is standard. Essentially the wrap does not provide the same logic forURLStreamHandler.hashCode(URL)
andURLStreamHandler.equals(URL, URL)
but a version that use directly theString
representation instead of requesting the DNS to have name equivalence.- Since:
- 3.25
-
-
Constructor Summary
Constructors Constructor Description URLDeserializationHelper()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static URL
wrapIfRequired(URL url)
Wraps the given URL into a "safe" version against deserialization attack if the url has a non-empty host and the JVM configuration is standard.
-
-
-
Method Detail
-
wrapIfRequired
@NonNull public static URL wrapIfRequired(@NonNull URL url) throws IOException
Wraps the given URL into a "safe" version against deserialization attack if the url has a non-empty host and the JVM configuration is standard.- Throws:
IOException
-
-