Package org.kie.utll.xml
Class XStreamUtils
- java.lang.Object
-
- org.kie.utll.xml.XStreamUtils
-
public class XStreamUtils extends java.lang.Object
-
-
Constructor Summary
Constructors Constructor Description XStreamUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream()Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.util.function.UnaryOperator<com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, java.util.function.Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader, java.util.function.BiFunction<com.thoughtworks.xstream.io.HierarchicalStreamDriver,com.thoughtworks.xstream.core.ClassLoaderReference,com.thoughtworks.xstream.XStream> builder)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...).static com.thoughtworks.xstream.XStreamcreateTrustingXStream()Only use for XML or JSON that comes from a 100% trusted source.static com.thoughtworks.xstream.XStreamcreateTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)Only use for XML or JSON that comes from a 100% trusted source.static com.thoughtworks.xstream.XStreamcreateTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)Only use for XML or JSON that comes from a 100% trusted source.static com.thoughtworks.xstream.XStreamcreateTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, java.util.function.Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Only use for XML or JSON that comes from a 100% trusted source.static com.thoughtworks.xstream.XStreamcreateTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)Only use for XML or JSON that comes from a 100% trusted source.static com.thoughtworks.xstream.XStreamcreateTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader)Only use for XML or JSON that comes from a 100% trusted source.static com.thoughtworks.xstream.XStreamcreateXStream()Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()static com.thoughtworks.xstream.XStreamcreateXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()static com.thoughtworks.xstream.XStreamcreateXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, java.util.function.Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()static com.thoughtworks.xstream.XStreamcreateXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()static com.thoughtworks.xstream.XStreamcreateXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader)Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()
-
-
-
Method Detail
-
createXStream
@Deprecated public static com.thoughtworks.xstream.XStream createXStream()
Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!
-
createXStream
@Deprecated public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!
-
createXStream
@Deprecated public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader)Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!
-
createXStream
@Deprecated public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!
-
createXStream
@Deprecated public static com.thoughtworks.xstream.XStream createXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, java.util.function.Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Deprecated.in favor ofcreateTrustingXStream()andcreateNonTrustingXStream()Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!
-
createTrustingXStream
public static com.thoughtworks.xstream.XStream createTrustingXStream()
Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST usecreateNonTrustingXStream().
-
createTrustingXStream
public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST usecreateNonTrustingXStream().
-
createTrustingXStream
public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader)Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST usecreateNonTrustingXStream().
-
createTrustingXStream
public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST usecreateNonTrustingXStream().
-
createTrustingXStream
public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST usecreateNonTrustingXStream().
-
createTrustingXStream
public static com.thoughtworks.xstream.XStream createTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, java.util.function.Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Only use for XML or JSON that comes from a 100% trusted source. The XML/JSON must be as safe as executable java code. Otherwise, you MUST usecreateNonTrustingXStream().
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream()
Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)
Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.lang.ClassLoader classLoader, java.util.function.BiFunction<com.thoughtworks.xstream.io.HierarchicalStreamDriver,com.thoughtworks.xstream.core.ClassLoaderReference,com.thoughtworks.xstream.XStream> builder)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider)
Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, com.thoughtworks.xstream.io.HierarchicalStreamDriver hierarchicalStreamDriver, java.util.function.UnaryOperator<com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
createNonTrustingXStream
public static com.thoughtworks.xstream.XStream createNonTrustingXStream(com.thoughtworks.xstream.converters.reflection.ReflectionProvider reflectionProvider, java.util.function.Function<com.thoughtworks.xstream.mapper.MapperWrapper,com.thoughtworks.xstream.mapper.MapperWrapper> mapper)Use for XML or JSON that might not come from a trusted source (such as REST services payloads, ...). Automatically allowlists all classes with anXStreamAliasannotation. Often requires allowlisting additional domain specific classes, which you'll need to expose in your API's.
-
-