Package net.sourceforge.plantuml.security

Enum Class SecurityProfile

java.lang.Object
java.lang.Enum<SecurityProfile>
net.sourceforge.plantuml.security.SecurityProfile
All Implemented Interfaces:
Serializable, Comparable<SecurityProfile>, Constable
public enum SecurityProfile extends Enum<SecurityProfile>
There are 4 different security profile defined.

The security profile to be used is set at the launch of PlantUML and cannot be changed by users. The security profile defines what an instance of PlantUML is allowed to do:
- access some local file
- connection to some remote URL
- print some technical information to the users.

The security profile is defined:
- either by an environment variable
- or an option at command line

There is also a default value, which is LEGACY in this current implementation.

  • Enum Constant Details

    • SANDBOX

      public static final SecurityProfile SANDBOX
      Running in SANDBOX mode is completely secure. No local file can be read (except dot executable) No remote URL access can be used No technical information are print to users.

      This mode is defined for test and debug, since it's not very useful for users. However, you can use it if you need to.

    • ALLOWLIST

      public static final SecurityProfile ALLOWLIST

    • INTERNET

      public static final SecurityProfile INTERNET
      This mode is designed for PlantUML running in a web server.

    • LEGACY

      public static final SecurityProfile LEGACY
      This mode reproduce old PlantUML version behaviour.

      Right now, this is the default Security Profile but this will be removed from future version because it is now full secure, especially on Internet server.

    • UNSECURE

      public static final SecurityProfile UNSECURE
      Running in UNSECURE mode means that PlantUML can access to any local file and can connect to any URL.

      Some technical information (file path, Java version) are also printed in some error messages. This is not an issue if you are running PlantUML locally. But you should not use this mode if PlantUML is running on some server, especially if the server is accessible from Internet.

  • Method Details

    • values

      public static SecurityProfile[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static SecurityProfile valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • longDescription

      public String longDescription()
      A Human understandable description.

    • getTimeout

      public long getTimeout()
      Retrieve the timeout for URL.

    • canWeReadThisEnvironmentVariable

      public boolean canWeReadThisEnvironmentVariable(String name)