Skip to content

Commit 6412cb5

Browse files
ryandensryandens
committed
♻️ reanme APIs to be more clear and concise
1 parent af9a1a3 commit 6412cb5

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

src/main/java/io/github/pixee/security/ObjectInputStreams.java renamed to src/main/java/io/github/pixee/security/ValidatingObjectInputStreams.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,12 @@
1414
* href="https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html">OWASP
1515
* Cheat Sheet</a>.
1616
*/
17-
public final class ObjectInputStreams {
17+
public final class ValidatingObjectInputStreams {
1818

1919
/**
2020
* Private no-op constructor to prevent accidental initialization of this class
2121
*/
22-
private ObjectInputStreams() {}
22+
private ValidatingObjectInputStreams() {}
2323

2424
/**
2525
* This method returns a wrapped {@link ObjectInputStream} that protects against deserialization
@@ -29,7 +29,7 @@ private ObjectInputStreams() {}
2929
* @return an {@link ObjectInputStream} which is safe against all publicly known gadgets
3030
* @throws IOException if the underlying creation of {@link ObjectInputStream} fails
3131
*/
32-
public static ObjectInputStream createValidatingObjectInputStream(final InputStream ois)
32+
public static ObjectInputStream from(final InputStream ois)
3333
throws IOException {
3434
final ValidatingObjectInputStream is = new ValidatingObjectInputStream(ois);
3535
for (String gadget : UnwantedTypes.dangerousClassNameTokens()) {

src/test/java/io/github/pixee/security/ObjectInputStreamsTest.java renamed to src/test/java/io/github/pixee/security/ValidatingObjectInputStreamsTest.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
import static org.junit.jupiter.api.Assertions.assertThrows;
1616
import static org.junit.jupiter.api.Assertions.fail;
1717

18-
final class ObjectInputStreamsTest {
18+
final class ValidatingObjectInputStreamsTest {
1919

2020
private static DiskFileItem gadget; // this is an evil gadget type
2121
private static byte[] serializedGadget; // this the serialized bytes of that gadget
@@ -41,7 +41,7 @@ static void setup() throws IOException {
4141
@Test
4242
void validating_ois_works() throws Exception {
4343
ObjectInputStream ois =
44-
ObjectInputStreams.createValidatingObjectInputStream(new ByteArrayInputStream(serializedGadget));
44+
ValidatingObjectInputStreams.from(new ByteArrayInputStream(serializedGadget));
4545
assertThrows(
4646
InvalidClassException.class,
4747
() -> {

0 commit comments

Comments
 (0)