All Classes
-
All Classes Interface Summary Class Summary Enum Summary Class Description BoundedLineReader This type exposes helper methods to deal with protecting I/O operations.DocumentBuilderFactorySecurity This type exposes helper methods that will help defend against XXE attacks inDocumentBuilderFactory.Filenames This type offers utilities to safely deal with filenames.HostValidator A type that validates hosts to be connected.HtmlEncoder This type exposes helper methods that will help defend against XSS attacks with HTML encoding.JNDI Offers utilities to defend against JNDI attacks by controlling allowed resources.JNDI.LimitedContext A lookalike method forContextthat allows sandboxing resolution.Newlines This type exposes helper methods that will help defend against newline-based attacks.PathValidator This type exposes helper methods that will help defend against Jakarta EE-specific attacks.Reflection This type exposes helper methods that will help defend against attacks involving reflection and classloading.ReflectionRestrictions The set of restrictions developers can use when usingReflectionAPIs.SystemCommand This type offers utility methods to run system commands more safely.SystemCommandRestrictions The restrictions that could be applied to a command being run through this type.UnwantedTypes This type is only intended to hold a list of types that we don't want to deserialize because they pose a security risk.UrlProtocol The set of protocols that we can allow (notice "ANY") is an option inUrlsmethods.Urls This type exposes utilities to help developers protect against server-side request forgery (SSRF) and any other possible attacks based on creating unvalidated URLs.ValidatingObjectInputStreams This type exposes helper methods that will help defend against Java deserialization attacks leveragingObjectInputStreamAPIs by wrapping it in an Apache Commons IOValidatingObjectInputStreamthat is configued to reject types that are known to be leveraged in deserialization attacksXMLDecoderSecurity This type offers APIs to help secure the usage ofXMLDecoder.XMLInputFactorySecurity This type exposes helper methods that will help defend against XXE attacks inXMLInputFactory.XMLRestrictions The set of restrictions that we can apply to a secured XML read.ZipSecurity This type exposes helper methods to deal with attacks related to Zipping operations, most notably the "zip slip" attack.