Package io.appium.java_client.internal

Class DirectConnectUrlSafety

java.lang.Object

io.appium.java_client.internal.DirectConnectUrlSafety

public final class DirectConnectUrlSafety
extends Object

Validates URLs used with overrideServerUrl (for example after a directConnect response). Refuses the override when any resolved address is loopback, link-local (including typical cloud metadata IPv4 link-local space), unspecified, or multicast.

This is not a full "public internet only" policy: RFC 1918 private space, shared address space (100.64.0.0/10), IPv6 unique-local (fc00::/7), and other addresses outside the checks above are still accepted. Stricter control belongs at the application or network layer (allowlists, egress rules, etc.).

Method Summary

Modifier and Type	Method	Description
static void	requireSafeOverrideTarget(URL url)	Ensures the given URL's host does not resolve to loopback, link-local, unspecified, or multicast addresses (see class documentation for what is still allowed).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

requireSafeOverrideTarget

public static void requireSafeOverrideTarget(URL url)
                                      throws org.openqa.selenium.SessionNotCreatedException

Ensures the given URL's host does not resolve to loopback, link-local, unspecified, or multicast addresses (see class documentation for what is still allowed).

Parameters:

url - candidate server URL

Throws:

org.openqa.selenium.SessionNotCreatedException - if the host is missing, cannot be resolved, or resolves to any address in the disallowed categories