Index (java-security-toolkit 1.0.7 API)

A B C D E F G H I J L M N O P R S T U V X Z
All Classes All Packages

A

ALLOW_ALL - Static variable in interface io.github.pixee.security.HostValidator: A HostValidator that allows all hosts.
ANY - io.github.pixee.security.UrlProtocol: A protocol indicating that _any_ protocol is allowed.

B

BoundedLineReader - Class in io.github.pixee.security: This type exposes helper methods to deal with protecting I/O operations.

C

CLASSPATH - io.github.pixee.security.UrlProtocol: Classpath
create(String, String, int, String, URLStreamHandler, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(String, String, int, String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(String, String, String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls
create(URL, String, URLStreamHandler, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(URL, String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
createCombinedHardenedObjectFilter(ObjectInputFilter) - Static method in class io.github.pixee.security.ObjectInputFilters: This method returns an ObjectInputFilter for use in ObjectInputStream.setObjectInputFilter(ObjectInputFilter) to protect against deserialization code execution attacks.
createHardenedInputStream(InputStream) - Static method in class io.github.pixee.security.ZipSecurity: Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories beyond the root of the zip.
createHardenedInputStream(InputStream, Charset) - Static method in class io.github.pixee.security.ZipSecurity: Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories outside the zip's root.
createSafeObjectInputStream(InputStream) - Static method in class io.github.pixee.security.ObjectInputFilters: This method returns a wrapped ObjectInputStream that protects against deserialization code execution attacks.

D

dangerousClassNameTokens() - Static method in class io.github.pixee.security.UnwantedTypes: Return a List of class names and parts of class names that represent unwanted types.
defaultRestrictions() - Static method in class io.github.pixee.security.Reflection: Provide the default restrictions for loading a type that will work for the vast majority of applications.
defaultRestrictions() - Static method in class io.github.pixee.security.SystemCommand: The default restrictions if none are specified.
DENY_COMMON_INFRASTRUCTURE_TARGETS - Static variable in interface io.github.pixee.security.HostValidator: A HostValidator that prevents access to common infrastructure targets.
DISALLOW_DOCTYPE - io.github.pixee.security.XMLRestrictions
DISALLOW_EXTERNAL_ENTITIES - io.github.pixee.security.XMLRestrictions
DocumentBuilderFactorySecurity - Class in io.github.pixee.security: This type exposes helper methods that will help defend against XXE attacks in DocumentBuilderFactory.

E

enableObjectFilterIfUnprotected(ObjectInputStream) - Static method in class io.github.pixee.security.ObjectInputFilters: This method attempts to install an ObjectInputFilter if one doesn't exist in order to protect against deserialization code execution attacks.
encode(String) - Static method in class io.github.pixee.security.HtmlEncoder: Return an HTML-encoded version of the value passed in.

F

FILE - io.github.pixee.security.UrlProtocol: File
Filenames - Class in io.github.pixee.security: This type offers utilities to safely deal with filenames.
fromAllowedHostPattern(Pattern) - Static method in interface io.github.pixee.security.HostValidator: Return a HostValidator that will validate the host name against the "allowPattern".
FTP - io.github.pixee.security.UrlProtocol: FTP

G

getHardenedObjectFilter() - Static method in class io.github.pixee.security.ObjectInputFilters: This method returns an ObjectInputFilter for use in ObjectInputStream.setObjectInputFilter(ObjectInputFilter) to protect against deserialization code execution attacks.
GOPHER - io.github.pixee.security.UrlProtocol: Gopher

H

hardenDocumentBuilderFactory(DocumentBuilderFactory, boolean, boolean) - Static method in class io.github.pixee.security.DocumentBuilderFactorySecurity: Harden the DocumentBuilderFactory against XML-based attacks, and promote directly to the API forefront the decision to allow dangerous XML features.
hardenFactory(XMLInputFactory) - Static method in class io.github.pixee.security.XMLInputFactorySecurity: Harden the XMLInputFactory against external entity attacks
hardenFactory(XMLInputFactory, Set<XMLRestrictions>) - Static method in class io.github.pixee.security.XMLInputFactorySecurity: Harden the XMLInputFactory against XML-based attacks with the given restrictions.
hardenStream(InputStream) - Static method in class io.github.pixee.security.XMLDecoderSecurity: This method wraps the stream in a circular byte buffer which looks for common exploit types in the inbound XML.
HostValidator - Interface in io.github.pixee.security: A type that validates hosts to be connected.
HtmlEncoder - Class in io.github.pixee.security: This type exposes helper methods that will help defend against XSS attacks with HTML encoding.
HTTP - io.github.pixee.security.UrlProtocol: HTTP
HTTP_PROTOCOLS - Static variable in class io.github.pixee.security.Urls: This is a convenience Set provided for most people who probably only want to allow HTTP-based protocols.
HTTPS - io.github.pixee.security.UrlProtocol: HTTPS

I

io.github.pixee.security - package io.github.pixee.security: The intent of these types is to offer APIs that are usable by developers for implementing common security tasks.
io.github.pixee.security.jakarta - package io.github.pixee.security.jakarta
isAllowed(String) - Method in interface io.github.pixee.security.HostValidator: Decide whether a host is allowed to be reached
isUnwanted(String) - Static method in class io.github.pixee.security.UnwantedTypes: Return true if the given class name is a known unwanted type.

J

JAR - io.github.pixee.security.UrlProtocol: JAR

L

loadAndVerify(String) - Static method in class io.github.pixee.security.Reflection: Helper method that delegates Reflection.loadAndVerify(String, Set)
loadAndVerify(String, boolean, ClassLoader) - Static method in class io.github.pixee.security.Reflection: This method sandboxes the classloading to prevent possibly dangerous types from being loaded, using the default restrictions.
loadAndVerify(String, Set<ReflectionRestrictions>) - Static method in class io.github.pixee.security.Reflection: This method sandboxes the classloading to prevent possibly dangerous types from being loaded.
loadAndVerifyPackage(String, String) - Static method in class io.github.pixee.security.Reflection: This method sandboxes the classloading to prevent possibly types outside the expected package from being loaded, with no other restrictions enforced.

M

MAILTO - io.github.pixee.security.UrlProtocol: mailto
MUST_BE_PUBLIC - io.github.pixee.security.ReflectionRestrictions: Enforces that a class must be public.
MUST_NOT_INVOLVE_CODE_EXECUTION - io.github.pixee.security.ReflectionRestrictions: Enforces that a class must not be related to code execution.

N

Newlines - Class in io.github.pixee.security: This type exposes helper methods that will help defend against newline-based attacks.
NEWS - io.github.pixee.security.UrlProtocol: News

O

ObjectInputFilters - Class in io.github.pixee.security: This type exposes helper methods that will help defend against Java deserialization attacks.

P

PathValidator - Class in io.github.pixee.security.jakarta: This type exposes helper methods that will help defend against Jakarta EE-specific attacks.
PathValidator() - Constructor for class io.github.pixee.security.jakarta.PathValidator
PREVENT_ARGUMENTS_TARGETING_SENSITIVE_FILES - io.github.pixee.security.SystemCommandRestrictions: Prevent commands from passing arguments that seem to be sensitive files (e.g., /etc/shadow)
PREVENT_COMMAND_CHAINING - io.github.pixee.security.SystemCommandRestrictions: Prevent multiple commands from being executed in a single call.
PREVENT_COMMON_EXPLOIT_EXECUTABLES - io.github.pixee.security.SystemCommandRestrictions: Prevent commands commonly used in exploitation from being executed in a call (e.g., wget, netcat)

R

readLine(Reader, int) - Static method in class io.github.pixee.security.BoundedLineReader: This method reads until a newline is encountered or the specified number of characters is reached.
Reflection - Class in io.github.pixee.security: This type exposes helper methods that will help defend against attacks involving reflection and classloading.
ReflectionRestrictions - Enum in io.github.pixee.security: The set of restrictions developers can use when using Reflection APIs.
RESOURCE - io.github.pixee.security.UrlProtocol: Resource
runCommand(Runtime, String) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String, Set) with default restrictions.
runCommand(Runtime, String[]) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String[], Set) with default restrictions.
runCommand(Runtime, String[], String[]) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String[], String[], Set) with default restrictions.
runCommand(Runtime, String[], String[], File) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String[], String[], File, Set) with default restrictions.
runCommand(Runtime, String[], String[], File, Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String[], Set) but also include more data to pass into Runtime.exec(String[], String[], File).
runCommand(Runtime, String[], String[], Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String[], Set) but also include more data to pass into Runtime.exec(String[], String[]).
runCommand(Runtime, String[], Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Does the same as Runtime.exec(String[]), but adds restrictions on what types of commands will be allowed.
runCommand(Runtime, String, String[]) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String, String[], Set) with default restrictions.
runCommand(Runtime, String, String[], File) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String, String[], File, Set) with default restrictions.
runCommand(Runtime, String, String[], File, Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String, Set) but also include more data to pass into Runtime.exec(String, String[], File).
runCommand(Runtime, String, String[], Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String, Set) but also include more data to pass into Runtime.exec(String, String[]).
runCommand(Runtime, String, Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Does the same as Runtime.exec(String), but adds restrictions on what types of commands will be allowed.

S

SMB - io.github.pixee.security.UrlProtocol: SMB
stripAll(String) - Static method in class io.github.pixee.security.Newlines: Removes newlines from the given string, if any exist.
SystemCommand - Class in io.github.pixee.security: This type offers utility methods to run system commands more safely.
SystemCommandRestrictions - Enum in io.github.pixee.security: The restrictions that could be applied to a command being run through this type.

T

TELNET - io.github.pixee.security.UrlProtocol: telnet
toSimpleFileName(String) - Static method in class io.github.pixee.security.Filenames: Take an arbitrary file path (full, relative, or a simple name) and return a guaranteed simple name without any directory.

U

UnwantedTypes - Class in io.github.pixee.security: This type is only intended to hold a list of types that we don't want to deserialize because they pose a security risk.
UrlProtocol - Enum in io.github.pixee.security: The set of protocols that we can allow (notice "ANY") is an option in Urls methods.
Urls - Class in io.github.pixee.security: This type exposes utilities to help developers protect against server-side request forgery (SSRF) and any other possible attacks based on creating unvalidated URLs.
Urls() - Constructor for class io.github.pixee.security.Urls

V

validateDispatcherPath(String) - Static method in class io.github.pixee.security.jakarta.PathValidator: Validates the path argument to javax.servlet.http.HttpServletRequest#getRequestDispatcher(), which could be used to gain access to sensitive assets like configuration files, code files, etc.
valueOf(String) - Static method in enum io.github.pixee.security.ReflectionRestrictions: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum io.github.pixee.security.SystemCommandRestrictions: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum io.github.pixee.security.UrlProtocol: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum io.github.pixee.security.XMLRestrictions: Returns the enum constant of this type with the specified name.
values() - Static method in enum io.github.pixee.security.ReflectionRestrictions: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum io.github.pixee.security.SystemCommandRestrictions: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum io.github.pixee.security.UrlProtocol: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum io.github.pixee.security.XMLRestrictions: Returns an array containing the constants of this enum type, in the order they are declared.

X

XMLDecoderSecurity - Class in io.github.pixee.security: This type offers APIs to help secure the usage of XMLDecoder.
XMLInputFactorySecurity - Class in io.github.pixee.security: This type exposes helper methods that will help defend against XXE attacks in XMLInputFactory.
XMLRestrictions - Enum in io.github.pixee.security: The set of restrictions that we can apply to a secured XML read.

Z

ZipSecurity - Class in io.github.pixee.security: This type exposes helper methods to deal with attacks related to Zipping operations, most notably the "zip slip" attack.

A B C D E F G H I J L M N O P R S T U V X Z
All Classes All Packages