com.thoughtworks.xstream.converters.basic.AbstractSingleValueConverter

com.thoughtworks.xstream.converters.basic.URLConverter

jenkins.util.xstream.SafeURLConverter

All Implemented Interfaces:: com.thoughtworks.xstream.converters.ConverterMatcher, com.thoughtworks.xstream.converters.SingleValueConverter

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public class SafeURLConverter extends com.thoughtworks.xstream.converters.basic.URLConverter

Wrap the URL handler during deserialization into a specific one that does not generate DNS query on the hostname for URLStreamHandler.equals(URL, URL) or URLStreamHandler.hashCode(URL). Required to protect against SECURITY-637

Since:: 2.121.3

Constructor Summary

Constructors

Constructor

Description

SafeURLConverter()
Method Summary

Modifier and Type

Method

Description

Object

fromString(String str)

Methods inherited from class com.thoughtworks.xstream.converters.basic.URLConverter
canConvert

Methods inherited from class com.thoughtworks.xstream.converters.basic.AbstractSingleValueConverter
toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- SafeURLConverter
  
  public SafeURLConverter()
Method Details
- fromString
  
  public Object fromString(String str)
  
  Specified by:
  
  fromString in interface com.thoughtworks.xstream.converters.SingleValueConverter
  
  Overrides:
  
  fromString in class com.thoughtworks.xstream.converters.basic.URLConverter

Class SafeURLConverter

Constructor Summary

Method Summary

Methods inherited from class com.thoughtworks.xstream.converters.basic.URLConverter

Methods inherited from class com.thoughtworks.xstream.converters.basic.AbstractSingleValueConverter

Methods inherited from class java.lang.Object

Constructor Details

SafeURLConverter

Method Details

fromString