当前位置: 首页>>代码示例>>Java>>正文


Java Codec类代码示例

本文整理汇总了Java中org.owasp.esapi.codecs.Codec的典型用法代码示例。如果您正苦于以下问题:Java Codec类的具体用法?Java Codec怎么用?Java Codec使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


Codec类属于org.owasp.esapi.codecs包,在下文中一共展示了Codec类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: testEncodeForSQL

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Test of encodeForSQL method, of class org.owasp.esapi.Encoder.
*/
  public void testEncodeForSQL() {
      System.out.println("encodeForSQL");
      Encoder instance = ESAPI.encoder();

      Codec mySQL1 = new MySQLCodec( MySQLCodec.ANSI_MODE );
      assertEquals("ANSI_MODE", null, instance.encodeForSQL(mySQL1, null));
      assertEquals("ANSI_MODE", "Jeff'' or ''1''=''1", instance.encodeForSQL(mySQL1, "Jeff' or '1'='1"));
      
      Codec mySQL2 = new MySQLCodec( MySQLCodec.MYSQL_MODE );
      assertEquals("MYSQL_MODE", null, instance.encodeForSQL(mySQL2, null));
      assertEquals("MYSQL_MODE", "Jeff\\' or \\'1\\'\\=\\'1", instance.encodeForSQL(mySQL2, "Jeff' or '1'='1"));

      Codec oracle = new OracleCodec();
      assertEquals("Oracle", null, instance.encodeForSQL(oracle, null));
      assertEquals("Oracle", "Jeff'' or ''1''=''1", instance.encodeForSQL(oracle, "Jeff' or '1'='1"));
  }
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:20,代码来源:EncoderTest.java

示例2: set

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
 * Set the parameter at index with supplied value using the supplied Codec to escape. 
 * @param index
 * @param value
 * @param codec
 */
public void set( int index, String value, Codec codec ) {
	if ( index < 1 || index > parameters.length ) {
		throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
	}
	String encoded = codec.encode( IMMUNE, value );
	parameters[index-1] = encoded;
}
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:14,代码来源:PreparedString.java

示例3: encodeForSQL

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
 * {@inheritDoc}
 */
public String encodeForSQL(Codec codec, String input) {
    if( input == null ) {
    	return null;
    }
    return codec.encode(IMMUNE_SQL, input);
}
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:10,代码来源:DefaultEncoder.java

示例4: encodeForOS

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
 * {@inheritDoc}
 */
public String encodeForOS(Codec codec, String input) {
    if( input == null ) {
    	return null;	
    }
    return codec.encode( IMMUNE_OS, input);
}
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:10,代码来源:DefaultEncoder.java

示例5: testWindowsCodec

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Test of WindowsCodec
*/
  public void testWindowsCodec() {
      System.out.println("WindowsCodec");
      Encoder instance = ESAPI.encoder();

      Codec win = new WindowsCodec();
      char[] immune = new char[0];
      assertEquals(null, instance.encodeForOS(win, null));
      
      PushbackString npbs = new PushbackString("n");
      assertEquals(null, win.decodeCharacter(npbs));

      PushbackString epbs = new PushbackString("");
      assertEquals(null, win.decodeCharacter(epbs));
      
      Character c = Character.valueOf('<');
      PushbackString cpbs = new PushbackString(win.encodeCharacter(immune, c));
      Character decoded = win.decodeCharacter(cpbs);
      assertEquals(c, decoded);
      
      String orig = "c:\\jeff";
      String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
      assertEquals(orig, win.decode(enc));
      assertEquals(orig, win.decode(orig));
      
   // TODO: Check that these are acceptable for Windows
      assertEquals("c^:^\\jeff", instance.encodeForOS(win, "c:\\jeff"));		
      assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"));
      assertEquals("dir^ ^&^ foo", instance.encodeForOS(win, "dir & foo"));
      assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"));
  }
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:34,代码来源:EncoderTest.java

示例6: testUnixCodec

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
* Test of UnixCodec
*/
  public void testUnixCodec() {
      System.out.println("UnixCodec");
      Encoder instance = ESAPI.encoder();

      Codec unix = new UnixCodec();
      char[] immune = new char[0];
      assertEquals(null, instance.encodeForOS(unix, null));
      
      PushbackString npbs = new PushbackString("n");
      assertEquals(null, unix.decodeCharacter(npbs));

      Character c = Character.valueOf('<');
      PushbackString cpbs = new PushbackString(unix.encodeCharacter(immune, c));
      Character decoded = unix.decodeCharacter(cpbs);
      assertEquals(c, decoded);
      
      PushbackString epbs = new PushbackString("");
      assertEquals(null, unix.decodeCharacter(epbs));

      String orig = "/etc/passwd";
      String enc = unix.encode(immune, orig);
      assertEquals(orig, unix.decode(enc));
      assertEquals(orig, unix.decode(orig));
      
   // TODO: Check that these are acceptable for Unix hosts
      assertEquals("c\\:\\\\jeff", instance.encodeForOS(unix, "c:\\jeff"));
      assertEquals("c\\:\\\\jeff", unix.encode(immune, "c:\\jeff"));
      assertEquals("dir\\ \\&\\ foo", instance.encodeForOS(unix, "dir & foo"));
      assertEquals("dir\\ \\&\\ foo", unix.encode(immune, "dir & foo"));

      // Unix paths (that must be encoded safely)
      // TODO: Check that these are acceptable for Unix
      assertEquals("\\/etc\\/hosts", instance.encodeForOS(unix, "/etc/hosts"));
      assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", instance.encodeForOS(unix, "/etc/hosts; ls -l"));
  }
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:39,代码来源:EncoderTest.java

示例7: canonicalize

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
public static String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed) {
    if (input == null) {
        return null;
    }

    String working = input;
    Codec codecFound = null;
    int mixedCount = 1;
    int foundCount = 0;
    boolean clean = false;
    while (!clean) {
        clean = true;

        // try each codec and keep track of which ones work
        Iterator i = codecs.iterator();
        while (i.hasNext()) {
            Codec codec = (Codec) i.next();
            String old = working;
            working = codec.decode(working);
            if (!old.equals(working)) {
                if (codecFound != null && codecFound != codec) {
                    mixedCount++;
                }
                codecFound = codec;
                if (clean) {
                    foundCount++;
                }
                clean = false;
            }
        }
    }

    // do strict tests and handle if any mixed, multiple, nested encoding were found
    if (foundCount >= 2 && mixedCount > 1) {
        if (restrictMultiple || restrictMixed) {
            throw new IntrusionException("Input validation failure");
        } else {
            Debug.logWarning("Multiple (" + foundCount + "x) and mixed encoding (" + mixedCount + "x) detected in " + input, module);
        }
    } else if (foundCount >= 2) {
        if (restrictMultiple) {
            throw new IntrusionException("Input validation failure");
        } else {
            Debug.logWarning("Multiple (" + foundCount + "x) encoding detected in " + input, module);
        }
    } else if (mixedCount > 1) {
        if (restrictMixed) {
            throw new IntrusionException("Input validation failure");
        } else {
            Debug.logWarning("Mixed encoding (" + mixedCount + "x) detected in " + input, module);
        }
    }
    return working;
}
 
开发者ID:ilscipio,项目名称:scipio-erp,代码行数:55,代码来源:UtilCodec.java

示例8: canonicalize

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
 * {@inheritDoc}
 */
public String canonicalize( String input, boolean restrictMultiple, boolean restrictMixed ) {
	if ( input == null ) {
		return null;
	}
	
       String working = input;
       Codec codecFound = null;
       int mixedCount = 1;
       int foundCount = 0;
       boolean clean = false;
       while( !clean ) {
           clean = true;
           
           // try each codec and keep track of which ones work
           Iterator i = codecs.iterator();
           while ( i.hasNext() ) {
               Codec codec = (Codec)i.next();
               String old = working;
               working = codec.decode( working );
               if ( !old.equals( working ) ) {
                   if ( codecFound != null && codecFound != codec ) {
                       mixedCount++;
                   }
                   codecFound = codec;
                   if ( clean ) {
                       foundCount++;
                   }
                   clean = false;
               }
           }
       }
       
       // do strict tests and handle if any mixed, multiple, nested encoding were found
       if ( foundCount >= 2 && mixedCount > 1 ) {
           if ( restrictMultiple || restrictMixed ) {
               throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
           } else {
               logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
           }
       }
       else if ( foundCount >= 2 ) {
           if ( restrictMultiple ) {
               throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) encoding detected in " + input );
           } else {
               logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) encoding detected in " + input );
           }
       }
       else if ( mixedCount > 1 ) {
           if ( restrictMixed ) {
               throw new IntrusionException( "Input validation failure", "Mixed encoding ("+ mixedCount +"x) detected in " + input );
           } else {
               logger.warning( Logger.SECURITY_FAILURE, "Mixed encoding ("+ mixedCount +"x) detected in " + input );
           }
       }
       return working;
}
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:60,代码来源:DefaultEncoder.java

示例9: testMySQLANSIModeQuoteInjection

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
public void testMySQLANSIModeQuoteInjection() {
    Encoder instance = ESAPI.encoder();
    Codec c = new MySQLCodec(MySQLCodec.Mode.ANSI);
    assertEquals("MySQL Ansi Quote Injection Bug", " or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
}
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:6,代码来源:EncoderTest.java

示例10: encodeForSQL

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/** {@inheritDoc} */
public String encodeForSQL(Codec codec, String s) {
    return _referenceEncoder.encodeForSQL(codec, s);
}
 
开发者ID:OWASP,项目名称:owasp-java-encoder,代码行数:5,代码来源:ESAPIEncoder.java

示例11: encodeForOS

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/** {@inheritDoc} */
public String encodeForOS(Codec codec, String s) {
    return _referenceEncoder.encodeForOS(codec, s);
}
 
开发者ID:OWASP,项目名称:owasp-java-encoder,代码行数:5,代码来源:ESAPIEncoder.java

示例12: encodeForSQL

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
 * Encode input for use in a SQL query, according to the selected codec 
 * (appropriate codecs include the MySQLCodec and OracleCodec).
 * 
 * This method is not recommended. The use of the PreparedStatement 
 * interface is the preferred approach. However, if for some reason 
 * this is impossible, then this method is provided as a weaker 
 * alternative. 
 * 
 * The best approach is to make sure any single-quotes are double-quoted.
 * Another possible approach is to use the {escape} syntax described in the
 * JDBC specification in section 1.5.6.
 * 
 * However, this syntax does not work with all drivers, and requires
 * modification of all queries.
 * 
 * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
 *  
 * @param codec 
 * 		a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
 * @param input 
 * 		the text to encode for SQL
 * 
 * @return input encoded for use in SQL
 */
String encodeForSQL(Codec codec, String input);
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:27,代码来源:Encoder.java

示例13: encodeForOS

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
    * Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec). 
    *
    * Please note the following recommendations before choosing to use this method: 
    * 
    * 1)      It is strongly recommended that applications avoid making direct OS system calls if possible as such calls are not portable, and they are potentially unsafe. Please use language provided features if at all possible, rather than native OS calls to implement the desired feature.
    * 2)      If an OS call cannot be avoided, then it is recommended that the program to be invoked be invoked directly (e.g., System.exec("nameofcommand" + "parameterstocommand");) as this avoids the use of the command shell. The "parameterstocommand" should of course be validated before passing them to the OS command.
    * 3)      If you must use this method, then we recommend validating all user supplied input passed to the command shell as well, in addition to using this method in order to make the command shell invocation safe.
    *  
    * An example use of this method would be: System.exec("dir " + ESAPI.encodeForOS(WindowsCodec, "parameter(s)tocommandwithuserinput");
    * 
    * @param codec 
    *      a Codec that declares which operating system 'input' is being encoded for (ie. Windows, Unix, etc.)
    * @param input 
    *      the text to encode for the command shell
    * 
    * @return input encoded for use in command shell
    */
String encodeForOS(Codec codec, String input);
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:20,代码来源:Encoder.java

示例14: executeSystemCommand

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
 * Executes a system command after checking that the executable exists and
 * escaping all the parameters to ensure that injection is impossible.
 * Implementations must change to the specified working
 * directory before invoking the command.
 *
 * @param executable
 *            the command to execute
 * @param params
 *            the parameters of the command being executed
 * @param workdir
 *            the working directory
 * @param codec
 *            the codec to use to encode for the particular OS in use
 * @param logParams
 *            use false if any parameters contains sensitive or confidential information
 *
 * @return the output of the command being run
 *
 * @throws ExecutorException
 *             the service exception
 */
ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException;
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:24,代码来源:Executor.java

示例15: PreparedString

import org.owasp.esapi.codecs.Codec; //导入依赖的package包/类
/**
 * Create a PreparedString with the supplied template and Codec. The template should use the 
 * default parameter placeholder character (?) in the place where actual parameters are to be inserted.
 * The supplied Codec will be used to escape characters in calls to set, unless a specific Codec is
 * provided to override it.
 * @param template
 * @param codec
 */
public PreparedString( String template, Codec codec ) {
	this.codec = codec;
	split( template, parameterCharacter );
}
 
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:13,代码来源:PreparedString.java


注:本文中的org.owasp.esapi.codecs.Codec类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。