- java.lang.Object
-
- io.github.pixee.security.JNDI
-
public final class JNDI extends java.lang.ObjectOffers utilities to defend against JNDI attacks by controlling allowed resources.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interfaceJNDI.LimitedContextA lookalike method forContextthat allows sandboxing resolution.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static JNDI.LimitedContextlimitedContext(javax.naming.Context context)Looks up a resource in the context, only allowing resources non-URL-based resources and "java:" resources.static JNDI.LimitedContextlimitedContextByProtocol(javax.naming.Context context, java.util.Set<UrlProtocol> allowedProtocols)Looks up a resource in the context, only allowing resources from the specified protocols.static JNDI.LimitedContextlimitedContextByResourceName(javax.naming.Context context, java.util.Set<java.lang.String> allowedResourceNames)Looks up a resource in the context, only allowing resources with the given names.
-
-
-
Method Detail
-
limitedContext
public static JNDI.LimitedContext limitedContext(javax.naming.Context context)
Looks up a resource in the context, only allowing resources non-URL-based resources and "java:" resources.
-
limitedContextByProtocol
public static JNDI.LimitedContext limitedContextByProtocol(javax.naming.Context context, java.util.Set<UrlProtocol> allowedProtocols)
Looks up a resource in the context, only allowing resources from the specified protocols.
-
limitedContextByResourceName
public static JNDI.LimitedContext limitedContextByResourceName(javax.naming.Context context, java.util.Set<java.lang.String> allowedResourceNames)
Looks up a resource in the context, only allowing resources with the given names.
-
-