package ratpack.session.internal;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ratpack.session.SessionSerializer;

/* loaded from: input_file:ratpack/session/internal/InsecureSessionSerializerWarning.class */
public class InsecureSessionSerializerWarning {
    public static final Logger LOGGER = LoggerFactory.getLogger(InsecureSessionSerializerWarning.class);

    private InsecureSessionSerializerWarning() {
    }

    public static void log(Class<? extends SessionSerializer> cls) {
        if (LOGGER.isWarnEnabled()) {
            LOGGER.warn(cls.getName() + " does not implement type filtering, which makes your application vulnerable if session data can be provided by untrusted sources (see https://portswigger.net/web-security/deserialization). Please contact the author of " + cls.getName() + " and urge them to update it to support type filtering.");
        }
    }
}
