Class PmXssStringDeserializer

java.lang.Object
com.fasterxml.jackson.databind.JsonDeserializer<T>
com.fasterxml.jackson.databind.deser.std.StdDeserializer<String>
de.hybris.platform.partytmfwebservices.deserializers.PmXssStringDeserializer
All Implemented Interfaces:
com.fasterxml.jackson.databind.deser.NullValueProvider, com.fasterxml.jackson.databind.deser.ValueInstantiator.Gettable, Serializable

public class PmXssStringDeserializer extends com.fasterxml.jackson.databind.deser.std.StdDeserializer<String>
JSON Deserializer used for deserialization of String values by applying XSS filtering rules.
Since:
2205
See Also:
  • Nested Class Summary

    Nested classes/interfaces inherited from class com.fasterxml.jackson.databind.JsonDeserializer

    com.fasterxml.jackson.databind.JsonDeserializer.None
  • Field Summary

    Fields inherited from class com.fasterxml.jackson.databind.deser.std.StdDeserializer

    _valueClass, _valueType, F_MASK_ACCEPT_ARRAYS, F_MASK_INT_COERCIONS
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    deserialize(com.fasterxml.jackson.core.JsonParser jsonParser, com.fasterxml.jackson.databind.DeserializationContext deserializationContext)
     
    protected List<Pattern>
    Creates a list of compiled patterns from a given map
    protected Map<String,String>
    Loads xss pattern definitions from the configuration files and returns them as a map
    protected String
    Filter a string for xss

    Methods inherited from class com.fasterxml.jackson.databind.deser.std.StdDeserializer

    _byteOverflow, _checkBooleanToStringCoercion, _checkCoercionFail, _checkDoubleSpecialValue, _checkFloatSpecialValue, _checkFloatToIntCoercion, _checkFloatToStringCoercion, _checkFromStringCoercion, _checkFromStringCoercion, _checkIntToFloatCoercion, _checkIntToStringCoercion, _checkTextualNull, _checkToStringCoercion, _coerceBooleanFromInt, _coercedTypeDesc, _coercedTypeDesc, _coerceEmptyString, _coerceIntegral, _coerceNullToken, _coerceTextualNull, _deserializeFromArray, _deserializeFromEmpty, _deserializeFromEmptyString, _deserializeFromString, _deserializeWrappedValue, _failDoubleToIntCoercion, _findCoercionFromBlankString, _findCoercionFromEmptyArray, _findCoercionFromEmptyString, _findNullProvider, _hasTextualNull, _intOverflow, _isBlank, _isEmptyOrTextualNull, _isFalse, _isIntNumber, _isNaN, _isNegInf, _isPosInf, _isTrue, _neitherNull, _nonNullNumber, _parseBoolean, _parseBooleanFromInt, _parseBooleanPrimitive, _parseBooleanPrimitive, _parseBytePrimitive, _parseDate, _parseDate, _parseDateFromArray, _parseDouble, _parseDouble, _parseDoublePrimitive, _parseDoublePrimitive, _parseDoublePrimitive, _parseFloatPrimitive, _parseFloatPrimitive, _parseFloatPrimitive, _parseInteger, _parseInteger, _parseIntPrimitive, _parseIntPrimitive, _parseLong, _parseLong, _parseLongPrimitive, _parseLongPrimitive, _parseShortPrimitive, _parseString, _parseString, _reportFailedNullCoerce, _shortOverflow, _verifyEndArrayForSingle, _verifyNullForPrimitive, _verifyNullForPrimitiveCoercion, _verifyNullForScalarCoercion, _verifyNumberForScalarCoercion, _verifyStringForScalarCoercion, deserializeWithType, findContentNullProvider, findContentNullStyle, findConvertingContentDeserializer, findDeserializer, findFormatFeature, findFormatOverrides, findValueNullProvider, getValueClass, getValueInstantiator, getValueType, getValueType, handledType, handleMissingEndArrayForSingle, handleNestedArrayForSingle, handleUnknownProperty, isDefaultDeserializer, isDefaultKeyDeserializer

    Methods inherited from class com.fasterxml.jackson.databind.JsonDeserializer

    deserialize, deserializeWithType, findBackReference, getAbsentValue, getDelegatee, getEmptyAccessPattern, getEmptyValue, getEmptyValue, getKnownPropertyNames, getNullAccessPattern, getNullValue, getNullValue, getObjectIdReader, isCachable, logicalType, replaceDelegatee, supportsUpdate, unwrappingDeserializer

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • PmXssStringDeserializer

      public PmXssStringDeserializer()
  • Method Details

    • deserialize

      public String deserialize(com.fasterxml.jackson.core.JsonParser jsonParser, com.fasterxml.jackson.databind.DeserializationContext deserializationContext) throws IOException
      Specified by:
      deserialize in class com.fasterxml.jackson.databind.JsonDeserializer<String>
      Throws:
      IOException
    • xssFilter

      protected String xssFilter(String value)
      Filter a string for xss
      Parameters:
      value - the string to be filtered
      Returns:
      the filtered string
    • getCompiledPatterns

      protected List<Pattern> getCompiledPatterns(Map<String,String> rules)
      Creates a list of compiled patterns from a given map
      Parameters:
      rules - a map containing pattern rules
      Returns:
      the list of compiled patterns obtained
    • getPatternDefinitions

      protected Map<String,String> getPatternDefinitions()
      Loads xss pattern definitions from the configuration files and returns them as a map
      Returns:
      the resulting map