Package hudson.remoting
Class URLDeserializationHelper
java.lang.Object
hudson.remoting.URLDeserializationHelper
SECURITY-637, this helper wraps the URL into a "safe" version if the url has a non-empty host
and the JVM configuration is standard.
Essentially the wrap does not provide the same logic for
URLStreamHandler.hashCode(URL)
and URLStreamHandler.equals(URL, URL)
but a version that use directly the String
representation
instead of requesting the DNS to have name equivalence.- Since:
- 3.25
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic URL
wrapIfRequired
(URL url) Wraps the given URL into a "safe" version against deserialization attack if the url has a non-empty host and the JVM configuration is standard.
-
Constructor Details
-
URLDeserializationHelper
public URLDeserializationHelper()
-
-
Method Details
-
wrapIfRequired
Wraps the given URL into a "safe" version against deserialization attack if the url has a non-empty host and the JVM configuration is standard.- Throws:
IOException
-