💡 improve javadoc to clarify apache commons dependency

ryandens · ryandens · commit 93247216a144 · 2023-09-28T15:42:20.000-07:00
diff --git a/src/main/java/io/github/pixee/security/ValidatingObjectInputStreams.java b/src/main/java/io/github/pixee/security/ValidatingObjectInputStreams.java
@@ -8,7 +8,8 @@
 
 /**
  * This type exposes helper methods that will help defend against Java deserialization attacks
- * leveraging {@link ObjectInputStream} APIs.
+ * leveraging {@link ObjectInputStream} APIs by wrapping it in an Apache Commons IO {@link ValidatingObjectInputStream}
+ * that is configued to reject types that are known to be leveraged in deserialization attacks
  *
  * <p>For more information on deserialization checkout the <a
  * href="https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html">OWASP

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,8 @@`
`8`	`8`
`9`	`9`	`/**`
`10`	`10`	`* This type exposes helper methods that will help defend against Java deserialization attacks`
`11`		`- * leveraging {@link ObjectInputStream} APIs.`
	`11`	`+ * leveraging {@link ObjectInputStream} APIs by wrapping it in an Apache Commons IO {@link ValidatingObjectInputStream}`
	`12`	`+ * that is configued to reject types that are known to be leveraged in deserialization attacks`
`12`	`13`	`*`
`13`	`14`	`* <p>For more information on deserialization checkout the <a`
`14`	`15`	`* href="https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html">OWASP`