2 // Getdown - application installer, patcher and launcher
3 // Copyright (C) 2004-2018 Getdown authors
4 // https://github.com/threerings/getdown/blob/master/LICENSE
6 package com.threerings.getdown.util;
8 import java.net.MalformedURLException;
10 import java.util.List;
12 import com.threerings.getdown.data.Build;
15 * Optional support for compiling a URL host whitelist into the Getdown JAR.
16 * Useful if you're on the paranoid end of the security spectrum.
18 * @see Build#hostWhitelist()
20 public final class HostWhitelist
23 * Verifies that the specified URL should be accessible, per the built-in host whitelist.
24 * See {@link Build#hostWhitelist()} and {@link #verify(List,URL)}.
26 public static URL verify (URL url) throws MalformedURLException
30 return verify(Build.hostWhitelist(), url);
34 * Verifies that the specified URL should be accessible, per the supplied host whitelist.
35 * If the URL should not be accessible, this method throws a {@link MalformedURLException}.
36 * If the URL should be accessible, this method simply returns the {@link URL} passed in.
38 public static URL verify (List<String> hosts, URL url) throws MalformedURLException
40 if (url == null || hosts.isEmpty()) {
41 // either there is no URL to validate or no whitelist was configured
45 String urlHost = url.getHost();
46 String protocol = url.getProtocol();
48 if (ALLOW_LOCATOR_FILE_PROTOCOL && protocol.equals("file") && urlHost.equals("")) {
52 for (String host : hosts) {
53 String regex = host.replace(".", "\\.").replace("*", ".*");
54 if (urlHost.matches(regex)) {
59 throw new MalformedURLException(
60 "The host for the specified URL (" + url + ") is not in the host whitelist: " + hosts);
62 private static final boolean ALLOW_LOCATOR_FILE_PROTOCOL = Build.allowLocatorFileProtocol();
git://source.jalview.org / jalview.git / blob