Index (java-security-toolkit 1.2.1 API)

A B C D E F G H I J L M N P R S T U V X Z
All Classes All Packages

A

ALLOW_ALL - Static variable in interface io.github.pixee.security.HostValidator: A HostValidator that allows all hosts.
ANY - io.github.pixee.security.UrlProtocol: A protocol indicating that _any_ protocol is allowed.

B

BoundedLineReader - Class in io.github.pixee.security: This type exposes helper methods to deal with protecting I/O operations.

C

CLASSPATH - io.github.pixee.security.UrlProtocol: Classpath
create(String, String, int, String, URLStreamHandler, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(String, String, int, String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(String, String, String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls
create(URL, String, URLStreamHandler, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
create(URL, String, Set<UrlProtocol>, HostValidator) - Static method in class io.github.pixee.security.Urls: Convenience method which delegates to Urls.create(URL, Set, HostValidator).
createHardenedInputStream(InputStream) - Static method in class io.github.pixee.security.ZipSecurity: Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories beyond the root of the zip.
createHardenedInputStream(InputStream, Charset) - Static method in class io.github.pixee.security.ZipSecurity: Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories outside the zip's root.

D

dangerousClassNameTokens() - Static method in class io.github.pixee.security.UnwantedTypes: Return a List of class names and parts of class names that represent unwanted types.
defaultRestrictions() - Static method in class io.github.pixee.security.Reflection: Provide the default restrictions for loading a type that will work for the vast majority of applications.
defaultRestrictions() - Static method in class io.github.pixee.security.SystemCommand: The default restrictions if none are specified.
DENY_COMMON_INFRASTRUCTURE_TARGETS - Static variable in interface io.github.pixee.security.HostValidator: A HostValidator that prevents access to common infrastructure targets.
DISALLOW_DOCTYPE - io.github.pixee.security.XMLRestrictions
DISALLOW_EXTERNAL_ENTITIES - io.github.pixee.security.XMLRestrictions
DocumentBuilderFactorySecurity - Class in io.github.pixee.security: This type exposes helper methods that will help defend against XXE attacks in DocumentBuilderFactory.

E

encode(String) - Static method in class io.github.pixee.security.HtmlEncoder: Return an HTML-encoded version of the value passed in.

F

FILE - io.github.pixee.security.UrlProtocol: File
Filenames - Class in io.github.pixee.security: This type offers utilities to safely deal with filenames.
from(InputStream) - Static method in class io.github.pixee.security.ValidatingObjectInputStreams: This method returns a wrapped ObjectInputStream that protects against deserialization code execution attacks.
fromAllowedHostDomain(String) - Static method in interface io.github.pixee.security.HostValidator: Return a HostValidator that will assure a given domain is within the allowed domain.
fromAllowedHostPattern(Pattern) - Static method in interface io.github.pixee.security.HostValidator: Return a HostValidator that will validate the host name against the "allowPattern".
FTP - io.github.pixee.security.UrlProtocol: FTP

G

GOPHER - io.github.pixee.security.UrlProtocol: Gopher

H

hardenDocumentBuilderFactory(DocumentBuilderFactory, boolean, boolean) - Static method in class io.github.pixee.security.DocumentBuilderFactorySecurity: Harden the DocumentBuilderFactory against XML-based attacks, and promote directly to the API forefront the decision to allow dangerous XML features.
hardenFactory(XMLInputFactory) - Static method in class io.github.pixee.security.XMLInputFactorySecurity: Harden the XMLInputFactory against external entity attacks
hardenFactory(XMLInputFactory, Set<XMLRestrictions>) - Static method in class io.github.pixee.security.XMLInputFactorySecurity: Harden the XMLInputFactory against XML-based attacks with the given restrictions.
hardenStream(InputStream) - Static method in class io.github.pixee.security.XMLDecoderSecurity: This method wraps the stream in a circular byte buffer which looks for common exploit types in the inbound XML.
HostValidator - Interface in io.github.pixee.security: A type that validates hosts to be connected.
HtmlEncoder - Class in io.github.pixee.security: This type exposes helper methods that will help defend against XSS attacks with HTML encoding.
HTTP - io.github.pixee.security.UrlProtocol: HTTP
HTTP_PROTOCOLS - Static variable in class io.github.pixee.security.Urls: This is a convenience Set provided for most people who probably only want to allow HTTP-based protocols.
HTTPS - io.github.pixee.security.UrlProtocol: HTTPS

I

io.github.pixee.security - module io.github.pixee.security
io.github.pixee.security - package io.github.pixee.security: The intent of these types is to offer APIs that are usable by developers for implementing common security tasks.
io.github.pixee.security.jakarta - package io.github.pixee.security.jakarta
isAllowed(String) - Method in interface io.github.pixee.security.HostValidator: Decide whether a host is allowed to be reached
isUnwanted(String) - Static method in class io.github.pixee.security.UnwantedTypes: Return true if the given class name is a known unwanted type.

J

JAR - io.github.pixee.security.UrlProtocol: JAR
JAVA - io.github.pixee.security.UrlProtocol: Java
JNDI - Class in io.github.pixee.security: Offers utilities to defend against JNDI attacks by controlling allowed resources.
JNDI.LimitedContext - Interface in io.github.pixee.security: A lookalike method for Context that allows sandboxing resolution.

L

LDAP - io.github.pixee.security.UrlProtocol: LDAP
limitedContext(Context) - Static method in class io.github.pixee.security.JNDI: Looks up a resource in the context, only allowing resources non-URL-based resources and "java:" resources.
limitedContextByProtocol(Context, Set<UrlProtocol>) - Static method in class io.github.pixee.security.JNDI: Looks up a resource in the context, only allowing resources from the specified protocols.
limitedContextByResourceName(Context, Set<String>) - Static method in class io.github.pixee.security.JNDI: Looks up a resource in the context, only allowing resources with the given names.
loadAndVerify(String) - Static method in class io.github.pixee.security.Reflection: Helper method that delegates Reflection.loadAndVerify(String, Set)
loadAndVerify(String, boolean, ClassLoader) - Static method in class io.github.pixee.security.Reflection: This method sandboxes the classloading to prevent possibly dangerous types from being loaded, using the default restrictions.
loadAndVerify(String, Set<ReflectionRestrictions>) - Static method in class io.github.pixee.security.Reflection: This method sandboxes the classloading to prevent possibly dangerous types from being loaded.
loadAndVerifyPackage(String, String) - Static method in class io.github.pixee.security.Reflection: This method sandboxes the classloading to prevent possibly types outside the expected package from being loaded, with no other restrictions enforced.
lookup(String) - Method in interface io.github.pixee.security.JNDI.LimitedContext: Looks up a resource in the context, but only allows resources that are in the allowed set.

M

MAILTO - io.github.pixee.security.UrlProtocol: mailto
MUST_BE_PUBLIC - io.github.pixee.security.ReflectionRestrictions: Enforces that a class must be public.
MUST_NOT_INVOLVE_CODE_EXECUTION - io.github.pixee.security.ReflectionRestrictions: Enforces that a class must not be related to code execution.

N

Newlines - Class in io.github.pixee.security: This type exposes helper methods that will help defend against newline-based attacks.
NEWS - io.github.pixee.security.UrlProtocol: News

P

PathValidator - Class in io.github.pixee.security.jakarta: This type exposes helper methods that will help defend against Jakarta EE-specific attacks.
PathValidator() - Constructor for class io.github.pixee.security.jakarta.PathValidator
PREVENT_ARGUMENTS_TARGETING_SENSITIVE_FILES - io.github.pixee.security.SystemCommandRestrictions: Prevent commands from passing arguments that seem to be sensitive files (e.g., /etc/shadow)
PREVENT_COMMAND_CHAINING - io.github.pixee.security.SystemCommandRestrictions: Prevent multiple commands from being executed in a single call.
PREVENT_COMMON_EXPLOIT_EXECUTABLES - io.github.pixee.security.SystemCommandRestrictions: Prevent commands commonly used in exploitation from being executed in a call (e.g., wget, netcat)

R

readLine(Reader, int) - Static method in class io.github.pixee.security.BoundedLineReader: This method reads until a newline is encountered or the specified number of characters is reached.
Reflection - Class in io.github.pixee.security: This type exposes helper methods that will help defend against attacks involving reflection and classloading.
ReflectionRestrictions - Enum in io.github.pixee.security: The set of restrictions developers can use when using Reflection APIs.
RESOURCE - io.github.pixee.security.UrlProtocol: Resource
RMI - io.github.pixee.security.UrlProtocol: RMI
runCommand(Runtime, String) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String, Set) with default restrictions.
runCommand(Runtime, String[]) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String[], Set) with default restrictions.
runCommand(Runtime, String[], String[]) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String[], String[], Set) with default restrictions.
runCommand(Runtime, String[], String[], File) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String[], String[], File, Set) with default restrictions.
runCommand(Runtime, String[], String[], File, Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String[], Set) but also include more data to pass into Runtime.exec(String[], String[], File).
runCommand(Runtime, String[], String[], Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String[], Set) but also include more data to pass into Runtime.exec(String[], String[]).
runCommand(Runtime, String[], Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Does the same as Runtime.exec(String[]), but adds restrictions on what types of commands will be allowed.
runCommand(Runtime, String, String[]) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String, String[], Set) with default restrictions.
runCommand(Runtime, String, String[], File) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runCommand(Runtime, String, String[], File, Set) with default restrictions.
runCommand(Runtime, String, String[], File, Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String, Set) but also include more data to pass into Runtime.exec(String, String[], File).
runCommand(Runtime, String, String[], Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Same as SystemCommand.runCommand(Runtime, String, Set) but also include more data to pass into Runtime.exec(String, String[]).
runCommand(Runtime, String, Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Does the same as Runtime.exec(String), but adds restrictions on what types of commands will be allowed.
runProcessBuilder(ProcessBuilder) - Static method in class io.github.pixee.security.SystemCommand: Delegates to SystemCommand.runProcessBuilder(ProcessBuilder, Set) with default restrictions.
runProcessBuilder(ProcessBuilder, Set<SystemCommandRestrictions>) - Static method in class io.github.pixee.security.SystemCommand: Does the same as ProcessBuilder.start(), but adds restrictions on what types of commands will be allowed.

S

SMB - io.github.pixee.security.UrlProtocol: SMB
stripAll(Object) - Static method in class io.github.pixee.security.Newlines: Removes newlines from the given string, if any exist.
stripAll(String) - Static method in class io.github.pixee.security.Newlines: Removes newlines from the given string, if any exist.
SystemCommand - Class in io.github.pixee.security: This type offers utility methods to run system commands more safely.
SystemCommandRestrictions - Enum in io.github.pixee.security: The restrictions that could be applied to a command being run through this type.

T

TELNET - io.github.pixee.security.UrlProtocol: telnet
toSimpleFileName(String) - Static method in class io.github.pixee.security.Filenames: Take an arbitrary file path (full, relative, or a simple name) and return a guaranteed simple name without any directory.

U

UnwantedTypes - Class in io.github.pixee.security: This type is only intended to hold a list of types that we don't want to deserialize because they pose a security risk.
UrlProtocol - Enum in io.github.pixee.security: The set of protocols that we can allow (notice "ANY") is an option in Urls methods.
Urls - Class in io.github.pixee.security: This type exposes utilities to help developers protect against server-side request forgery (SSRF) and any other possible attacks based on creating unvalidated URLs.
Urls() - Constructor for class io.github.pixee.security.Urls

V

validateDispatcherPath(String) - Static method in class io.github.pixee.security.jakarta.PathValidator: Validates the path argument to javax.servlet.http.HttpServletRequest#getRequestDispatcher(), which could be used to gain access to sensitive assets like configuration files, code files, etc.
ValidatingObjectInputStreams - Class in io.github.pixee.security: This type exposes helper methods that will help defend against Java deserialization attacks leveraging ObjectInputStream APIs by wrapping it in an Apache Commons IO ValidatingObjectInputStream that is configued to reject types that are known to be leveraged in deserialization attacks
valueOf(String) - Static method in enum io.github.pixee.security.ReflectionRestrictions: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum io.github.pixee.security.SystemCommandRestrictions: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum io.github.pixee.security.UrlProtocol: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum io.github.pixee.security.XMLRestrictions: Returns the enum constant of this type with the specified name.
values() - Static method in enum io.github.pixee.security.ReflectionRestrictions: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum io.github.pixee.security.SystemCommandRestrictions: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum io.github.pixee.security.UrlProtocol: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum io.github.pixee.security.XMLRestrictions: Returns an array containing the constants of this enum type, in the order they are declared.

X

XMLDecoderSecurity - Class in io.github.pixee.security: This type offers APIs to help secure the usage of XMLDecoder.
XMLInputFactorySecurity - Class in io.github.pixee.security: This type exposes helper methods that will help defend against XXE attacks in XMLInputFactory.
XMLRestrictions - Enum in io.github.pixee.security: The set of restrictions that we can apply to a secured XML read.

Z

ZipSecurity - Class in io.github.pixee.security: This type exposes helper methods to deal with attacks related to Zipping operations, most notably the "zip slip" attack.

A B C D E F G H I J L M N P R S T U V X Z
All Classes All Packages