2 // Getdown - application installer, patcher and launcher
3 // Copyright (C) 2004-2018 Getdown authors
4 // https://github.com/threerings/getdown/blob/master/LICENSE
6 package com.threerings.getdown.util;
8 import java.net.MalformedURLException;
10 import java.util.List;
12 import com.threerings.getdown.data.Build;
15 * Optional support for compiling a URL host whitelist into the Getdown JAR.
16 * Useful if you're on the paranoid end of the security spectrum.
18 * @see Build#hostWhitelist()
20 public final class HostWhitelist
23 * Verifies that the specified URL should be accessible, per the built-in host whitelist.
24 * See {@link Build#hostWhitelist()} and {@link #verify(List,URL)}.
26 public static URL verify (URL url) throws MalformedURLException
28 return verify(Build.hostWhitelist(), url);
32 * Verifies that the specified URL should be accessible, per the supplied host whitelist.
33 * If the URL should not be accessible, this method throws a {@link MalformedURLException}.
34 * If the URL should be accessible, this method simply returns the {@link URL} passed in.
36 public static URL verify (List<String> hosts, URL url) throws MalformedURLException
38 if (url == null || hosts.isEmpty()) {
39 // either there is no URL to validate or no whitelist was configured
43 String urlHost = url.getHost();
44 for (String host : hosts) {
45 String regex = host.replace(".", "\\.").replace("*", ".*");
46 if (urlHost.matches(regex)) {
51 throw new MalformedURLException(
52 "The host for the specified URL (" + url + ") is not in the host whitelist: " + hosts);