本文整理汇总了Java中org.owasp.esapi.codecs.Codec类的典型用法代码示例。如果您正苦于以下问题:Java Codec类的具体用法?Java Codec怎么用?Java Codec使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Codec类属于org.owasp.esapi.codecs包,在下文中一共展示了Codec类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testEncodeForSQL
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Test of encodeForSQL method, of class org.owasp.esapi.Encoder.
*/
public void testEncodeForSQL() {
System.out.println("encodeForSQL");
Encoder instance = ESAPI.encoder();
Codec mySQL1 = new MySQLCodec( MySQLCodec.ANSI_MODE );
assertEquals("ANSI_MODE", null, instance.encodeForSQL(mySQL1, null));
assertEquals("ANSI_MODE", "Jeff'' or ''1''=''1", instance.encodeForSQL(mySQL1, "Jeff' or '1'='1"));
Codec mySQL2 = new MySQLCodec( MySQLCodec.MYSQL_MODE );
assertEquals("MYSQL_MODE", null, instance.encodeForSQL(mySQL2, null));
assertEquals("MYSQL_MODE", "Jeff\\' or \\'1\\'\\=\\'1", instance.encodeForSQL(mySQL2, "Jeff' or '1'='1"));
Codec oracle = new OracleCodec();
assertEquals("Oracle", null, instance.encodeForSQL(oracle, null));
assertEquals("Oracle", "Jeff'' or ''1''=''1", instance.encodeForSQL(oracle, "Jeff' or '1'='1"));
}
示例2: set
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Set the parameter at index with supplied value using the supplied Codec to escape.
* @param index
* @param value
* @param codec
*/
public void set( int index, String value, Codec codec ) {
if ( index < 1 || index > parameters.length ) {
throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
}
String encoded = codec.encode( IMMUNE, value );
parameters[index-1] = encoded;
}
示例3: encodeForSQL
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* {@inheritDoc}
*/
public String encodeForSQL(Codec codec, String input) {
if( input == null ) {
return null;
}
return codec.encode(IMMUNE_SQL, input);
}
示例4: encodeForOS
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* {@inheritDoc}
*/
public String encodeForOS(Codec codec, String input) {
if( input == null ) {
return null;
}
return codec.encode( IMMUNE_OS, input);
}
示例5: testWindowsCodec
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Test of WindowsCodec
*/
public void testWindowsCodec() {
System.out.println("WindowsCodec");
Encoder instance = ESAPI.encoder();
Codec win = new WindowsCodec();
char[] immune = new char[0];
assertEquals(null, instance.encodeForOS(win, null));
PushbackString npbs = new PushbackString("n");
assertEquals(null, win.decodeCharacter(npbs));
PushbackString epbs = new PushbackString("");
assertEquals(null, win.decodeCharacter(epbs));
Character c = Character.valueOf('<');
PushbackString cpbs = new PushbackString(win.encodeCharacter(immune, c));
Character decoded = win.decodeCharacter(cpbs);
assertEquals(c, decoded);
String orig = "c:\\jeff";
String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
assertEquals(orig, win.decode(enc));
assertEquals(orig, win.decode(orig));
// TODO: Check that these are acceptable for Windows
assertEquals("c^:^\\jeff", instance.encodeForOS(win, "c:\\jeff"));
assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"));
assertEquals("dir^ ^&^ foo", instance.encodeForOS(win, "dir & foo"));
assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"));
}
示例6: testUnixCodec
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Test of UnixCodec
*/
public void testUnixCodec() {
System.out.println("UnixCodec");
Encoder instance = ESAPI.encoder();
Codec unix = new UnixCodec();
char[] immune = new char[0];
assertEquals(null, instance.encodeForOS(unix, null));
PushbackString npbs = new PushbackString("n");
assertEquals(null, unix.decodeCharacter(npbs));
Character c = Character.valueOf('<');
PushbackString cpbs = new PushbackString(unix.encodeCharacter(immune, c));
Character decoded = unix.decodeCharacter(cpbs);
assertEquals(c, decoded);
PushbackString epbs = new PushbackString("");
assertEquals(null, unix.decodeCharacter(epbs));
String orig = "/etc/passwd";
String enc = unix.encode(immune, orig);
assertEquals(orig, unix.decode(enc));
assertEquals(orig, unix.decode(orig));
// TODO: Check that these are acceptable for Unix hosts
assertEquals("c\\:\\\\jeff", instance.encodeForOS(unix, "c:\\jeff"));
assertEquals("c\\:\\\\jeff", unix.encode(immune, "c:\\jeff"));
assertEquals("dir\\ \\&\\ foo", instance.encodeForOS(unix, "dir & foo"));
assertEquals("dir\\ \\&\\ foo", unix.encode(immune, "dir & foo"));
// Unix paths (that must be encoded safely)
// TODO: Check that these are acceptable for Unix
assertEquals("\\/etc\\/hosts", instance.encodeForOS(unix, "/etc/hosts"));
assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", instance.encodeForOS(unix, "/etc/hosts; ls -l"));
}
示例7: canonicalize
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
public static String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed) {
if (input == null) {
return null;
}
String working = input;
Codec codecFound = null;
int mixedCount = 1;
int foundCount = 0;
boolean clean = false;
while (!clean) {
clean = true;
// try each codec and keep track of which ones work
Iterator i = codecs.iterator();
while (i.hasNext()) {
Codec codec = (Codec) i.next();
String old = working;
working = codec.decode(working);
if (!old.equals(working)) {
if (codecFound != null && codecFound != codec) {
mixedCount++;
}
codecFound = codec;
if (clean) {
foundCount++;
}
clean = false;
}
}
}
// do strict tests and handle if any mixed, multiple, nested encoding were found
if (foundCount >= 2 && mixedCount > 1) {
if (restrictMultiple || restrictMixed) {
throw new IntrusionException("Input validation failure");
} else {
Debug.logWarning("Multiple (" + foundCount + "x) and mixed encoding (" + mixedCount + "x) detected in " + input, module);
}
} else if (foundCount >= 2) {
if (restrictMultiple) {
throw new IntrusionException("Input validation failure");
} else {
Debug.logWarning("Multiple (" + foundCount + "x) encoding detected in " + input, module);
}
} else if (mixedCount > 1) {
if (restrictMixed) {
throw new IntrusionException("Input validation failure");
} else {
Debug.logWarning("Mixed encoding (" + mixedCount + "x) detected in " + input, module);
}
}
return working;
}
示例8: canonicalize
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* {@inheritDoc}
*/
public String canonicalize( String input, boolean restrictMultiple, boolean restrictMixed ) {
if ( input == null ) {
return null;
}
String working = input;
Codec codecFound = null;
int mixedCount = 1;
int foundCount = 0;
boolean clean = false;
while( !clean ) {
clean = true;
// try each codec and keep track of which ones work
Iterator i = codecs.iterator();
while ( i.hasNext() ) {
Codec codec = (Codec)i.next();
String old = working;
working = codec.decode( working );
if ( !old.equals( working ) ) {
if ( codecFound != null && codecFound != codec ) {
mixedCount++;
}
codecFound = codec;
if ( clean ) {
foundCount++;
}
clean = false;
}
}
}
// do strict tests and handle if any mixed, multiple, nested encoding were found
if ( foundCount >= 2 && mixedCount > 1 ) {
if ( restrictMultiple || restrictMixed ) {
throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
} else {
logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
}
}
else if ( foundCount >= 2 ) {
if ( restrictMultiple ) {
throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) encoding detected in " + input );
} else {
logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) encoding detected in " + input );
}
}
else if ( mixedCount > 1 ) {
if ( restrictMixed ) {
throw new IntrusionException( "Input validation failure", "Mixed encoding ("+ mixedCount +"x) detected in " + input );
} else {
logger.warning( Logger.SECURITY_FAILURE, "Mixed encoding ("+ mixedCount +"x) detected in " + input );
}
}
return working;
}
示例9: testMySQLANSIModeQuoteInjection
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
public void testMySQLANSIModeQuoteInjection() {
Encoder instance = ESAPI.encoder();
Codec c = new MySQLCodec(MySQLCodec.Mode.ANSI);
assertEquals("MySQL Ansi Quote Injection Bug", " or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
}
示例10: encodeForSQL
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/** {@inheritDoc} */
public String encodeForSQL(Codec codec, String s) {
return _referenceEncoder.encodeForSQL(codec, s);
}
示例11: encodeForOS
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/** {@inheritDoc} */
public String encodeForOS(Codec codec, String s) {
return _referenceEncoder.encodeForOS(codec, s);
}
示例12: encodeForSQL
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Encode input for use in a SQL query, according to the selected codec
* (appropriate codecs include the MySQLCodec and OracleCodec).
*
* This method is not recommended. The use of the PreparedStatement
* interface is the preferred approach. However, if for some reason
* this is impossible, then this method is provided as a weaker
* alternative.
*
* The best approach is to make sure any single-quotes are double-quoted.
* Another possible approach is to use the {escape} syntax described in the
* JDBC specification in section 1.5.6.
*
* However, this syntax does not work with all drivers, and requires
* modification of all queries.
*
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
*
* @param codec
* a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
* @param input
* the text to encode for SQL
*
* @return input encoded for use in SQL
*/
String encodeForSQL(Codec codec, String input);
示例13: encodeForOS
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
*
* Please note the following recommendations before choosing to use this method:
*
* 1) It is strongly recommended that applications avoid making direct OS system calls if possible as such calls are not portable, and they are potentially unsafe. Please use language provided features if at all possible, rather than native OS calls to implement the desired feature.
* 2) If an OS call cannot be avoided, then it is recommended that the program to be invoked be invoked directly (e.g., System.exec("nameofcommand" + "parameterstocommand");) as this avoids the use of the command shell. The "parameterstocommand" should of course be validated before passing them to the OS command.
* 3) If you must use this method, then we recommend validating all user supplied input passed to the command shell as well, in addition to using this method in order to make the command shell invocation safe.
*
* An example use of this method would be: System.exec("dir " + ESAPI.encodeForOS(WindowsCodec, "parameter(s)tocommandwithuserinput");
*
* @param codec
* a Codec that declares which operating system 'input' is being encoded for (ie. Windows, Unix, etc.)
* @param input
* the text to encode for the command shell
*
* @return input encoded for use in command shell
*/
String encodeForOS(Codec codec, String input);
示例14: executeSystemCommand
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Executes a system command after checking that the executable exists and
* escaping all the parameters to ensure that injection is impossible.
* Implementations must change to the specified working
* directory before invoking the command.
*
* @param executable
* the command to execute
* @param params
* the parameters of the command being executed
* @param workdir
* the working directory
* @param codec
* the codec to use to encode for the particular OS in use
* @param logParams
* use false if any parameters contains sensitive or confidential information
*
* @return the output of the command being run
*
* @throws ExecutorException
* the service exception
*/
ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException;
示例15: PreparedString
import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Create a PreparedString with the supplied template and Codec. The template should use the
* default parameter placeholder character (?) in the place where actual parameters are to be inserted.
* The supplied Codec will be used to escape characters in calls to set, unless a specific Codec is
* provided to override it.
* @param template
* @param codec
*/
public PreparedString( String template, Codec codec ) {
this.codec = codec;
split( template, parameterCharacter );
}