Module io.github.pixee.security
Package io.github.pixee.security

Class Urls

  • public final class Urls
extends java.lang.Object
    This type exposes utilities to help developers protect against server-side request forgery (SSRF) and any other possible attacks based on creating unvalidated URLs.

    https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.util.Set<UrlProtocol> HTTP_PROTOCOLS
      This is a convenience Set provided for most people who probably only want to allow HTTP-based protocols.

    • Constructor Summary

      Constructors 
      Constructor Description
      Urls()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.net.URL create​(java.lang.String protocol, java.lang.String host, int port, java.lang.String file, java.net.URLStreamHandler handler, java.util.Set<UrlProtocol> allowedProtocols, HostValidator hostValidator)
      Convenience method which delegates to create(URL, Set, HostValidator).
      static java.net.URL create​(java.lang.String protocol, java.lang.String host, int port, java.lang.String file, java.util.Set<UrlProtocol> allowedProtocols, HostValidator hostValidator)
      Convenience method which delegates to create(URL, Set, HostValidator).
      static java.net.URL create​(java.lang.String protocol, java.lang.String host, java.lang.String file, java.util.Set<UrlProtocol> allowedProtocols, HostValidator hostValidator)
      Convenience method which delegates to create(URL, Set, HostValidator).
      static java.net.URL create​(java.lang.String url, java.util.Set<UrlProtocol> allowedProtocols, HostValidator validator)  
      static java.net.URL create​(java.net.URL context, java.lang.String spec, java.net.URLStreamHandler handler, java.util.Set<UrlProtocol> allowedProtocols, HostValidator hostValidator)
      Convenience method which delegates to create(URL, Set, HostValidator).
      static java.net.URL create​(java.net.URL context, java.lang.String spec, java.util.Set<UrlProtocol> allowedProtocols, HostValidator hostValidator)
      Convenience method which delegates to create(URL, Set, HostValidator).

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • HTTP_PROTOCOLS

        public static java.util.Set<UrlProtocol> HTTP_PROTOCOLS
        This is a convenience Set provided for most people who probably only want to allow HTTP-based protocols.

    • Constructor Detail

      • Urls

        public Urls()

    • Method Detail

      • create

        public static java.net.URL create​(java.lang.String url,
                                  java.util.Set<UrlProtocol> allowedProtocols,
                                  HostValidator validator)
                           throws java.net.MalformedURLException
        Throws:
        java.net.MalformedURLException

      • create

        public static java.net.URL create​(java.lang.String protocol,
                                  java.lang.String host,
                                  int port,
                                  java.lang.String file,
                                  java.util.Set<UrlProtocol> allowedProtocols,
                                  HostValidator hostValidator)
                           throws java.net.MalformedURLException
        Convenience method which delegates to create(URL, Set, HostValidator).
        Throws:
        java.net.MalformedURLException

      • create

        public static java.net.URL create​(java.lang.String protocol,
                                  java.lang.String host,
                                  int port,
                                  java.lang.String file,
                                  java.net.URLStreamHandler handler,
                                  java.util.Set<UrlProtocol> allowedProtocols,
                                  HostValidator hostValidator)
                           throws java.net.MalformedURLException
        Convenience method which delegates to create(URL, Set, HostValidator).
        Throws:
        java.net.MalformedURLException

      • create

        public static java.net.URL create​(java.net.URL context,
                                  java.lang.String spec,
                                  java.util.Set<UrlProtocol> allowedProtocols,
                                  HostValidator hostValidator)
                           throws java.net.MalformedURLException
        Convenience method which delegates to create(URL, Set, HostValidator).
        Throws:
        java.net.MalformedURLException

      • create

        public static java.net.URL create​(java.net.URL context,
                                  java.lang.String spec,
                                  java.net.URLStreamHandler handler,
                                  java.util.Set<UrlProtocol> allowedProtocols,
                                  HostValidator hostValidator)
                           throws java.net.MalformedURLException
        Convenience method which delegates to create(URL, Set, HostValidator).
        Throws:
        java.net.MalformedURLException

      • create

        public static java.net.URL create​(java.lang.String protocol,
                                  java.lang.String host,
                                  java.lang.String file,
                                  java.util.Set<UrlProtocol> allowedProtocols,
                                  HostValidator hostValidator)
                           throws java.net.MalformedURLException
        Convenience method which delegates to create(URL, Set, HostValidator).
        Throws:
        java.net.MalformedURLException