Package hudson.util
Class XStream2
java.lang.Object
com.thoughtworks.xstream.XStream
hudson.util.XStream2
public class XStream2
extends com.thoughtworks.xstream.XStream
XStream
customized in various ways for Jenkins’ needs.
Most importantly, integrates RobustReflectionConverter
.-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Create a nestedConverterImpl
subclass that extends this class to run some callback code just after a type is unmarshalled by RobustReflectionConverter.Nested classes/interfaces inherited from class com.thoughtworks.xstream.XStream
com.thoughtworks.xstream.XStream.InitializationException
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Determine what is the value (in seconds) of the "collectionUpdateLimit" added by XStream to protect against CVE-2021-43859.Fields inherited from class com.thoughtworks.xstream.XStream
COLLECTION_UPDATE_LIMIT, COLLECTION_UPDATE_SECONDS, ID_REFERENCES, NO_REFERENCES, PRIORITY_LOW, PRIORITY_NORMAL, PRIORITY_VERY_HIGH, PRIORITY_VERY_LOW, SINGLE_NODE_XPATH_ABSOLUTE_REFERENCES, SINGLE_NODE_XPATH_RELATIVE_REFERENCES, XPATH_ABSOLUTE_REFERENCES, XPATH_RELATIVE_REFERENCES
-
Constructor Summary
ConstructorDescriptionXStream2()
XStream2
(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver driver, com.thoughtworks.xstream.core.ClassLoaderReference classLoaderReference, com.thoughtworks.xstream.mapper.Mapper mapper, com.thoughtworks.xstream.converters.ConverterLookup converterLookup, com.thoughtworks.xstream.converters.ConverterRegistry converterRegistry) XStream2
(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver) -
Method Summary
Modifier and TypeMethodDescriptionvoid
addCompatibilityAlias
(String oldClassName, Class newClass) Adds an alias in case class names change.void
addCriticalField
(Class<?> clazz, String field) Specifies that a given field of a given class should not be treated with laxity byRobustCollectionConverter
.static com.thoughtworks.xstream.io.HierarchicalStreamDriver
Convenience method so we only have to change the driver in one place if we switch to something new in the futurecom.thoughtworks.xstream.mapper.Mapper
void
setMapper
(com.thoughtworks.xstream.mapper.Mapper m) This method allows one to insert additional mappers afterXStream2
was created, but because of the way XStream works internally, this needs to be done carefully.protected void
void
toXML
(Object obj, OutputStream out) Deprecated.Uses default encoding yet fails to write an encoding header.void
toXMLUTF8
(Object obj, OutputStream out) Serializes to a byte stream.unmarshal
(com.thoughtworks.xstream.io.HierarchicalStreamReader reader, Object root, com.thoughtworks.xstream.converters.DataHolder dataHolder) unmarshal
(com.thoughtworks.xstream.io.HierarchicalStreamReader reader, Object root, com.thoughtworks.xstream.converters.DataHolder dataHolder, boolean nullOut) Variant ofunmarshal(HierarchicalStreamReader, Object, DataHolder)
that nulls out non-transient
instance fields not defined in the source when unmarshaling into an existing object.protected com.thoughtworks.xstream.mapper.MapperWrapper
wrapMapper
(com.thoughtworks.xstream.mapper.MapperWrapper next) Methods inherited from class com.thoughtworks.xstream.XStream
addDefaultImplementation, addImmutableType, addImmutableType, addImplicitArray, addImplicitArray, addImplicitArray, addImplicitCollection, addImplicitCollection, addImplicitCollection, addImplicitMap, addImplicitMap, addPermission, alias, alias, aliasAttribute, aliasAttribute, aliasField, aliasPackage, aliasSystemAttribute, aliasType, allowTypeHierarchy, allowTypes, allowTypes, allowTypesByRegExp, allowTypesByRegExp, allowTypesByWildcard, autodetectAnnotations, createObjectInputStream, createObjectInputStream, createObjectInputStream, createObjectInputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, createObjectOutputStream, denyPermission, denyTypeHierarchy, denyTypes, denyTypes, denyTypesByRegExp, denyTypesByRegExp, denyTypesByWildcard, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, fromXML, getClassLoader, getClassLoaderReference, getConverterLookup, getMapper, getReflectionProvider, ignoreUnknownElements, ignoreUnknownElements, ignoreUnknownElements, marshal, marshal, newDataHolder, omitField, processAnnotations, processAnnotations, registerConverter, registerConverter, registerConverter, registerConverter, registerLocalConverter, registerLocalConverter, setClassLoader, setCollectionUpdateLimit, setMarshallingStrategy, setMode, setupAliases, setupDefaultImplementations, setupDefaultSecurity, setupImmutableTypes, setupSecurity, toXML, toXML, unmarshal, unmarshal, useAttributeFor, useAttributeFor, useAttributeFor, useXStream11XmlFriendlyMapper
-
Field Details
-
COLLECTION_UPDATE_LIMIT_PROPERTY_NAME
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final String COLLECTION_UPDATE_LIMIT_PROPERTY_NAMEDetermine what is the value (in seconds) of the "collectionUpdateLimit" added by XStream to protect against CVE-2021-43859. It corresponds to the accumulated timeout when adding an item to a collection. Default: 5 seconds (in contrary to XStream default to 20 which is a bit too tolerant) If negative: disable the DoS protection
-
-
Constructor Details
-
XStream2
public XStream2() -
XStream2
public XStream2(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver) -
XStream2
public XStream2(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver driver, com.thoughtworks.xstream.core.ClassLoaderReference classLoaderReference, com.thoughtworks.xstream.mapper.Mapper mapper, com.thoughtworks.xstream.converters.ConverterLookup converterLookup, com.thoughtworks.xstream.converters.ConverterRegistry converterRegistry) - Since:
- 2.318
-
-
Method Details
-
getDefaultDriver
public static com.thoughtworks.xstream.io.HierarchicalStreamDriver getDefaultDriver()Convenience method so we only have to change the driver in one place if we switch to something new in the future- Returns:
- a new instance of the HierarchicalStreamDriver we want to use
-
unmarshal
public Object unmarshal(com.thoughtworks.xstream.io.HierarchicalStreamReader reader, Object root, com.thoughtworks.xstream.converters.DataHolder dataHolder) - Overrides:
unmarshal
in classcom.thoughtworks.xstream.XStream
-
unmarshal
public Object unmarshal(com.thoughtworks.xstream.io.HierarchicalStreamReader reader, Object root, com.thoughtworks.xstream.converters.DataHolder dataHolder, boolean nullOut) Variant ofunmarshal(HierarchicalStreamReader, Object, DataHolder)
that nulls out non-transient
instance fields not defined in the source when unmarshaling into an existing object.Typically useful when loading user-supplied XML files in place (non-null
root
) where some reference-valued fields of the root object may have legitimate reasons for being null. Without this mode, it is impossible to clear such fields in an existing instance, since XStream has no notation for a null field value. Even for primitive-valued fields, it is useful to guarantee that unmarshaling will produce the same result as creating a new instance.Do not use in cases where the root objects defines fields (typically
final
) which it expects to beNonNull
unless you are prepared to restore default values for those fields.- Parameters:
nullOut
- whether to perform this special behavior; false to use the stock XStream behavior of leaving unmentionedroot
fields untouched- Since:
- 2.99
- See Also:
-
setupConverters
protected void setupConverters()- Overrides:
setupConverters
in classcom.thoughtworks.xstream.XStream
-
addCriticalField
Specifies that a given field of a given class should not be treated with laxity byRobustCollectionConverter
.- Parameters:
clazz
- a class which we expect to hold a non-transient
fieldfield
- a field name in that class- Since:
- 2.85 this method can be used from outside core, before then it was restricted since initially added in 1.551 / 1.532.2
-
wrapMapper
protected com.thoughtworks.xstream.mapper.MapperWrapper wrapMapper(com.thoughtworks.xstream.mapper.MapperWrapper next) - Overrides:
wrapMapper
in classcom.thoughtworks.xstream.XStream
-
getMapperInjectionPoint
public com.thoughtworks.xstream.mapper.Mapper getMapperInjectionPoint() -
toXML
Deprecated.Uses default encoding yet fails to write an encoding header. PrefertoXMLUTF8(java.lang.Object, java.io.OutputStream)
.- Overrides:
toXML
in classcom.thoughtworks.xstream.XStream
-
toXMLUTF8
Serializes to a byte stream. Uses UTF-8 encoding and specifies that in the XML encoding declaration.- Throws:
IOException
- Since:
- 1.504
-
setMapper
public void setMapper(com.thoughtworks.xstream.mapper.Mapper m) This method allows one to insert additional mappers afterXStream2
was created, but because of the way XStream works internally, this needs to be done carefully. Namely,- You need to
getMapperInjectionPoint()
wrap it, then put that back intosetMapper(Mapper)
. - The whole sequence needs to be synchronized against this object to avoid a concurrency issue.
- You need to
-
addCompatibilityAlias
Adds an alias in case class names change. UnlikeXStream.alias(String, Class)
, which uses the registered alias name for writing XML, this method registers an alias to be used only for the sake of reading from XML. This makes this method usable for the situation when class names change.- Parameters:
oldClassName
- Fully qualified name of the old class name.newClass
- New class that's field-compatible with the given old class name.- Since:
- 1.416
-