Package org.kie.utll.xml

Class XStreamUtils

  • public class XStreamUtils
extends Object

    • Constructor Summary

      Constructors 
      Constructor Description
      XStreamUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static com.thoughtworks.xstream.XStream createNonTrustingXStream()
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, UnaryOperator<com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, Function<com.thoughtworks.xstream.mapper.MapperWrapper,​com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader)
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader, BiFunction<com.thoughtworks.xstream.io.HierarchicalStreamDriver,​com.thoughtworks.xstream.core.ClassLoaderReference,​com.thoughtworks.xstream.XStream> builder)
      Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).
      static com.thoughtworks.xstream.XStream createTrustingXStream()
      Only use for XML or JSON that comes from a 100% trusted source.
      static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
      Only use for XML or JSON that comes from a 100% trusted source.
      static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
      Only use for XML or JSON that comes from a 100% trusted source.
      static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, Function<com.thoughtworks.xstream.mapper.MapperWrapper,​com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
      Only use for XML or JSON that comes from a 100% trusted source.
      static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
      Only use for XML or JSON that comes from a 100% trusted source.
      static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader)
      Only use for XML or JSON that comes from a 100% trusted source.
      static com.thoughtworks.xstream.XStream createXStream()
      Deprecated.
      in favor of createTrustingXStream() and createNonTrustingXStream()
      static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
      Deprecated.
      in favor of createTrustingXStream() and createNonTrustingXStream()
      static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, Function<com.thoughtworks.xstream.mapper.MapperWrapper,​com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
      Deprecated.
      in favor of createTrustingXStream() and createNonTrustingXStream()
      static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
      Deprecated.
      in favor of createTrustingXStream() and createNonTrustingXStream()
      static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, ClassLoader classLoader)
      Deprecated.
      in favor of createTrustingXStream() and createNonTrustingXStream()

    • Constructor Detail

      • XStreamUtils

        public XStreamUtils()

    • Method Detail

      • createXStream

        @Deprecated
public static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
        Deprecated.
        in favor of createTrustingXStream() and createNonTrustingXStream()
        Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

      • createXStream

        @Deprecated
public static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
                                                             ClassLoader classLoader)
        Deprecated.
        in favor of createTrustingXStream() and createNonTrustingXStream()
        Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

      • createXStream

        @Deprecated
public static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
        Deprecated.
        in favor of createTrustingXStream() and createNonTrustingXStream()
        Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

      • createXStream

        @Deprecated
public static com.thoughtworks.xstream.XStream createXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
                                                             Function<com.thoughtworks.xstream.mapper.MapperWrapper,​com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
        Deprecated.
        in favor of createTrustingXStream() and createNonTrustingXStream()
        Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!

      • createTrustingXStream

        public static com.thoughtworks.xstream.XStream createTrustingXStream()
        Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

      • createTrustingXStream

        public static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
        Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

      • createTrustingXStream

        public static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
                                                                     ClassLoader classLoader)
        Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

      • createTrustingXStream

        public static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
        Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

      • createTrustingXStream

        public static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
                                                                     com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
        Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

      • createTrustingXStream

        public static com.thoughtworks.xstream.XStream createTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
                                                                     Function<com.thoughtworks.xstream.mapper.MapperWrapper,​com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
        Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST use createNonTrustingXStream().

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream()
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
                                                                        ClassLoader classLoader)
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
                                                                        ClassLoader classLoader,
                                                                        BiFunction<com.thoughtworks.xstream.io.HierarchicalStreamDriver,​com.thoughtworks.xstream.core.ClassLoaderReference,​com.thoughtworks.xstream.XStream> builder)
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
                                                                        com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
                                                                        com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver,
                                                                        UnaryOperator<com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.

      • createNonTrustingXStream

        public static com.thoughtworks.xstream.XStream createNonTrustingXStream​(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider,
                                                                        Function<com.thoughtworks.xstream.mapper.MapperWrapper,​com.thoughtworks.xstream.mapper.MapperWrapper> mapper)
        Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with an XStreamAlias annotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.