ValidatingObjectInputStreams (java-security-toolkit 1.2.1 API)

java.lang.Object
- io.github.pixee.security.ValidatingObjectInputStreams

```
public final class ValidatingObjectInputStreams
extends java.lang.Object
```
This type exposes helper methods that will help defend against Java deserialization attacks leveraging ObjectInputStream APIs by wrapping it in an Apache Commons IO ValidatingObjectInputStream that is configued to reject types that are known to be leveraged in deserialization attacks
For more information on deserialization checkout the OWASP Cheat Sheet.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static java.io.ObjectInputStream`	`from(java.io.InputStream ois)`	This method returns a wrapped `ObjectInputStream` that protects against deserialization code execution attacks.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - from
```
public static java.io.ObjectInputStream from(java.io.InputStream ois)
                                      throws java.io.IOException
```
    This method returns a wrapped ObjectInputStream that protects against deserialization code execution attacks. This method can be used in Java 8 and previous.
    
    Parameters:
    
    ois - the stream to wrap and harden
    
    Returns:
    
    an ObjectInputStream which is safe against all publicly known gadgets
    
    Throws:
    
    java.io.IOException - if the underlying creation of ObjectInputStream fails