zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-07-26 04:28:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/util
History
Weimin Yu 4f017eba64 Defend against deserialization-based attacks (#2150) 
* Defend against deserialization-based attacks

Added the `SafeObjectInputStream` class that defends attacks using
malformed serialized data, including remote code execution and
denial-of-service attacks.

Started using the new class to handle EPP resource VKeys and
PendingDeposits, which are passed across credential-boundaries: between
TaskQueue and AppEngine server, and between AppEngine server and the RDE
pipeline on GCE. Note that the wireformat of VKeys do not change,
therefore existing tasks sitting in the TaskQueue are not affected.

Also removed an unused class: JaxbFragment.
2023-09-20 16:56:56 -04:00
..
src Defend against deserialization-based attacks (#2150) 2023-09-20 16:56:56 -04:00
build.gradle Remove Ofy (#1863) 2022-12-02 22:28:33 -05:00
buildscript-gradle.lockfile Upgrade to Gradle 7.0 (#1712) 2022-07-26 11:41:27 -04:00
gradle.lockfile Upgrade to gradle 8.3 (#2142) 2023-09-13 11:11:49 -04:00