Package hudson.util

Class XStream2SecurityUtils

  • @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
    public class XStream2SecurityUtils
    extends Object
    Strongly inspired by and taking into account Once the related issue is fixed, we will be able to use the regular method from XStream.
    See Also:
    • Constructor Detail

      • XStream2SecurityUtils

        public XStream2SecurityUtils()
    • Method Detail

      • checkForCollectionDoSAttack

        public static void checkForCollectionDoSAttack​(com.thoughtworks.xstream.converters.UnmarshallingContext context,
                                                       long startNano)
        Check the consumed time adding elements to collections or maps. Every custom converter should call this method after an unmarshalled element has been added to a collection or map. In case of an attack the operation will take too long, because the calculation of the hash code or the comparison of the elements in the collection operate on recursive structures.
        context - the unmarshalling context
        startNano - the nanoTime just before the element was added to the collection or map