Class SafeURLConverter

  • All Implemented Interfaces:
    com.thoughtworks.xstream.converters.ConverterMatcher, com.thoughtworks.xstream.converters.SingleValueConverter

    @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
    public class SafeURLConverter
    extends com.thoughtworks.xstream.converters.basic.URLConverter
    Wrap the URL handler during deserialization into a specific one that does not generate DNS query on the hostname for URLStreamHandler.equals(URL, URL) or URLStreamHandler.hashCode(URL). Required to protect against SECURITY-637
    Since:
    2.121.3
    • Constructor Detail

      • SafeURLConverter

        public SafeURLConverter()
    • Method Detail

      • fromString

        public Object fromString​(String str)
        Specified by:
        fromString in interface com.thoughtworks.xstream.converters.SingleValueConverter
        Overrides:
        fromString in class com.thoughtworks.xstream.converters.basic.URLConverter