You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/main/java/eu/righettod/SecurityUtils.java
+5-5Lines changed: 5 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -542,10 +542,10 @@ public static boolean isPublicIPAddress(String ip) {
542
542
}
543
543
544
544
/**
545
-
* Compute a SHA256 hash from an input composed of a collection of strings.<br>
546
-
* This method take care to build the source string in a way to prevent this source string to be prone to abuse targeting the different parts composing it.<br>
545
+
* Compute a SHA256 hash from an input composed of a collection of strings.<br><br>
546
+
* This method take care to build the source string in a way to prevent this source string to be prone to abuse targeting the different parts composing it.<br><br>
547
547
* Example of possible abuse without precautions applied during the hash calculation logic:<br>
548
-
* Hash of <code>SHA256("Hello", "My", "World!!!")</code> will be equals to the hash of <code>SHA256("Hell", "oMyW", "orld!!!")</code>.<br>
548
+
* Hash of <code>SHA256("Hello", "My", "World!!!")</code> will be equals to the hash of <code>SHA256("Hell", "oMyW", "orld!!!")</code>.<br><br>
549
549
* This method ensure that both hash above will be different.
550
550
*
551
551
* @param parts Ordered list of strings to use to build the input string for which the hash must be computed on. No null value is accepted on object composing the collection.
@@ -572,8 +572,8 @@ public static byte[] computeHashNoProneToAbuseOnParts(List<String> parts) throws
572
572
}
573
573
574
574
/**
575
-
* Ensure that an XML file only uses DTD/XSD references (called System Identifier) present in the allowed list provided.<br>
576
-
* The code is based on the validation implemented into the OpenJDK 21, by the class <b><a href="https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.prefs/share/classes/java/util/prefs/XmlSupport.java">java.util.prefs.XmlSupport</a></b>, in the method <b><a href="https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.prefs/share/classes/java/util/prefs/XmlSupport.java#L240">loadPrefsDoc()</a></b>.<br>
575
+
* Ensure that an XML file only uses DTD/XSD references (called System Identifier) present in the allowed list provided.<br><br>
576
+
* The code is based on the validation implemented into the OpenJDK 21, by the class <b><a href="https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.prefs/share/classes/java/util/prefs/XmlSupport.java">java.util.prefs.XmlSupport</a></b>, in the method <b><a href="https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.prefs/share/classes/java/util/prefs/XmlSupport.java#L240">loadPrefsDoc()</a></b>.<br><br>
577
577
* The method also ensure that no Public Identifier is used to prevent potential bypasses of the validations.
578
578
*
579
579
* @param xmlFilePath Filename of the XML file to check.
0 commit comments