Package org.kie.utll.xml

Class XStreamUtils

java.lang.Object

org.kie.utll.xml.XStreamUtils

public class XStreamUtils
extends Object

Constructor Summary

Constructors

Constructor	Description
XStreamUtils()

Method Summary

Modifier and Type	Method	Description
static com.thoughtworks.xstream.XStream	createNonTrustingXStream()	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, UnaryOperator<com.thoughtworks.xstream.mapper.MapperWrapper> mapper)	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader)	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader, BiFunction<com.thoughtworks.xstream.io.HierarchicalStreamDriver,com.thoughtworks.xstream.core.ClassLoaderReference,com.thoughtworks.xstream.XStream> builder)	Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
static com.thoughtworks.xstream.XStream	createTrustingXStream()	Only use for XML or JSON that comes from a 100% trusted source.
static com.thoughtworks.xstream.XStream	createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)	Only use for XML or JSON that comes from a 100% trusted source.
static com.thoughtworks.xstream.XStream	createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)	Only use for XML or JSON that comes from a 100% trusted source.
static com.thoughtworks.xstream.XStream	createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)	Only use for XML or JSON that comes from a 100% trusted source.
static com.thoughtworks.xstream.XStream	createTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)	Only use for XML or JSON that comes from a 100% trusted source.
static com.thoughtworks.xstream.XStream	createTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader)	Only use for XML or JSON that comes from a 100% trusted source.
static com.thoughtworks.xstream.XStream	createXStream()	Deprecated. in favor of createTrustingXStream() and createNonTrustingXStream()
static com.thoughtworks.xstream.XStream	createXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)	Deprecated. in favor of createTrustingXStream() and createNonTrustingXStream()
static com.thoughtworks.xstream.XStream	createXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)	Deprecated. in favor of createTrustingXStream() and createNonTrustingXStream()
static com.thoughtworks.xstream.XStream	createXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)	Deprecated. in favor of createTrustingXStream() and createNonTrustingXStream()
static com.thoughtworks.xstream.XStream	createXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader)	Deprecated. in favor of createTrustingXStream() and createNonTrustingXStream()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

XStreamUtils

public XStreamUtils()

Method Details

createXStream

@Deprecated
public static com.thoughtworks.xstream.XStream createXStream()

Deprecated.

in favor of createTrustingXStream() and createNonTrustingXStream()

Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

createXStream

@Deprecated
public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)

Deprecated.

in favor of createTrustingXStream() and createNonTrustingXStream()

Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

createXStream

@Deprecated
public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
 ClassLoader classLoader)

Deprecated.

in favor of createTrustingXStream() and createNonTrustingXStream()

Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

createXStream

@Deprecated
public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)

Deprecated.

in favor of createTrustingXStream() and createNonTrustingXStream()

Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

createXStream

@Deprecated
public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
 Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)

Deprecated.

in favor of createTrustingXStream() and createNonTrustingXStream()

Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

createTrustingXStream

public static com.thoughtworks.xstream.XStream createTrustingXStream()

Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

createTrustingXStream

public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)

Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

createTrustingXStream

public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
 ClassLoader classLoader)

Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

createTrustingXStream

public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)

Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

createTrustingXStream

public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
 com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)

Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

createTrustingXStream

public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
 Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)

Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream()

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
 ClassLoader classLoader)

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
 ClassLoader classLoader,
 BiFunction<com.thoughtworks.xstream.io.HierarchicalStreamDriver,com.thoughtworks.xstream.core.ClassLoaderReference,com.thoughtworks.xstream.XStream> builder)

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
 com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
 com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
 UnaryOperator<com.thoughtworks.xstream.mapper.MapperWrapper> mapper)

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

createNonTrustingXStream

public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
 Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)

Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.