本文整理汇总了Java中org.owasp.esapi.ESAPI.encoder方法的典型用法代码示例。如果您正苦于以下问题:Java ESAPI.encoder方法的具体用法?Java ESAPI.encoder怎么用?Java ESAPI.encoder使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.owasp.esapi.ESAPI的用法示例。
在下文中一共展示了ESAPI.encoder方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: encode
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
public static String encode(String item, short encFor) throws PageException {
PrintStream out = System.out;
try {
System.setOut(new PrintStream(DevNullOutputStream.DEV_NULL_OUTPUT_STREAM));
Encoder encoder = ESAPI.encoder();
switch(encFor){
//case ENC_CSS:return encoder.encodeForBase64(item);
case ENC_CSS:return encoder.encodeForCSS(item);
case ENC_DN:return encoder.encodeForDN(item);
case ENC_HTML:return encoder.encodeForHTML(item);
case ENC_HTML_ATTR:return encoder.encodeForHTMLAttribute(item);
case ENC_JAVA_SCRIPT:return encoder.encodeForJavaScript(item);
case ENC_LDAP:return encoder.encodeForLDAP(item);
//case ENC_CSS:return encoder.encodeForOS(arg0, arg1)(item);
//case ENC_CSS:return encoder.encodeForSQL(arg0, arg1)CSS(item);
case ENC_URL:return encoder.encodeForURL(item);
case ENC_VB_SCRIPT:return encoder.encodeForVBScript(item);
case ENC_XML:return encoder.encodeForXML(item);
case ENC_XML_ATTR:return encoder.encodeForXMLAttribute(item);
case ENC_XPATH:return encoder.encodeForXPath(item);
}
throw new ApplicationException("invalid target encoding defintion");
}
catch(EncodingException ee){
throw Caster.toPageException(ee);
}
finally {
System.setOut(out);
}
}
示例2: populateVelocityContext
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Populate the Velocity context instance which will be used to render the POST body.
*
* @param velocityContext the Velocity context instance to populate with data
* @param messageContext the SAML message context source of data
* @param endpointURL endpoint URL to which to encode message
* @throws MessageEncodingException thrown if there is a problem encoding the message
*/
protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext,
String endpointURL) throws MessageEncodingException {
Encoder esapiEncoder = ESAPI.encoder();
String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
velocityContext.put("action", encodedEndpointURL);
velocityContext.put("binding", getBindingURI());
log.debug("Marshalling and Base64 encoding SAML message");
if (messageContext.getOutboundSAMLMessage().getDOM() == null) {
marshallMessage(messageContext.getOutboundSAMLMessage());
}
try {
String messageXML = XMLHelper.nodeToString(messageContext.getOutboundSAMLMessage().getDOM());
String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
if (messageContext.getOutboundSAMLMessage() instanceof RequestAbstractType) {
velocityContext.put("SAMLRequest", encodedMessage);
} else if (messageContext.getOutboundSAMLMessage() instanceof StatusResponseType) {
velocityContext.put("SAMLResponse", encodedMessage);
} else {
throw new MessageEncodingException(
"SAML message is neither a SAML RequestAbstractType or StatusResponseType");
}
} catch (UnsupportedEncodingException e) {
log.error("UTF-8 encoding is not supported, this VM is not Java compliant.");
throw new MessageEncodingException("Unable to encode message, UTF-8 encoding is not supported");
}
String relayState = messageContext.getRelayState();
if (checkRelayState(relayState)) {
String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(relayState);
log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", relayState, encodedRelayState);
velocityContext.put("RelayState", encodedRelayState);
}
}
示例3: contextInitialized
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
public void contextInitialized(ServletContextEvent event) {
/*
* Suppress noisy messages output by the ESAPI library. For more detail:
* https://stackoverflow.com/questions/45857064/how-to-suppress-messages-output-by-esapi-library
*/
PrintStream printStream = null;
OutputStream outputStream = null;
PrintStream original = System.out;
try {
outputStream = new OutputStream() {
public void write(int b) {
// Do nothing
}
};
printStream = new PrintStream(outputStream);
System.setOut(printStream);
System.setErr(printStream);
ESAPI.encoder();
} catch (Exception e) {
// Do nothing
} finally {
System.setOut(original);
Closer.close(printStream, outputStream);
}
}
示例4: testEncodeForHTML
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of encodeForHTML method, of class org.owasp.esapi.Encoder.
*
* @throws Exception
*/
public void testEncodeForHTML() throws Exception {
System.out.println("encodeForHTML");
Encoder instance = ESAPI.encoder();
assertEquals(null, instance.encodeForHTML(null));
// test invalid characters are replaced with spaces
assertEquals("a�b�c�d�e�f	g", instance.encodeForHTML("a" + (char)0 + "b" + (char)4 + "c" + (char)128 + "d" + (char)150 + "e" +(char)159 + "f" + (char)9 + "g"));
assertEquals("<script>", instance.encodeForHTML("<script>"));
assertEquals("&lt;script&gt;", instance.encodeForHTML("<script>"));
assertEquals("!@$%()=+{}[]", instance.encodeForHTML("[email protected]$%()=+{}[]"));
assertEquals("!@$%()=+{}[]", instance.encodeForHTML(instance.canonicalize("!@$%()=+{}[]") ) );
assertEquals(",.-_ ", instance.encodeForHTML(",.-_ "));
assertEquals("dir&", instance.encodeForHTML("dir&"));
assertEquals("one&two", instance.encodeForHTML("one&two"));
assertEquals("" + (char)12345 + (char)65533 + (char)1244, "" + (char)12345 + (char)65533 + (char)1244 );
}
示例5: decode
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
public static String decode(String item, short decFrom) throws PageException {
PrintStream out = System.out;
try {
System.setOut(new PrintStream(DevNullOutputStream.DEV_NULL_OUTPUT_STREAM));
Encoder encoder = ESAPI.encoder();
switch(decFrom){
case DEC_URL:return encoder.decodeFromURL(item);
//case DEC_BASE64:return encoder.decodeFromBase64(item);
case DEC_HTML:return encoder.decodeForHTML(item);
}
throw new ApplicationException("invalid target decoding defintion");
}
catch(EncodingException ee){
throw Caster.toPageException(ee);
}
finally {
System.setOut(out);
}
}
示例6: testEncodeForSQL
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of encodeForSQL method, of class org.owasp.esapi.Encoder.
*/
public void testEncodeForSQL() {
System.out.println("encodeForSQL");
Encoder instance = ESAPI.encoder();
Codec mySQL1 = new MySQLCodec( MySQLCodec.ANSI_MODE );
assertEquals("ANSI_MODE", null, instance.encodeForSQL(mySQL1, null));
assertEquals("ANSI_MODE", "Jeff'' or ''1''=''1", instance.encodeForSQL(mySQL1, "Jeff' or '1'='1"));
Codec mySQL2 = new MySQLCodec( MySQLCodec.MYSQL_MODE );
assertEquals("MYSQL_MODE", null, instance.encodeForSQL(mySQL2, null));
assertEquals("MYSQL_MODE", "Jeff\\' or \\'1\\'\\=\\'1", instance.encodeForSQL(mySQL2, "Jeff' or '1'='1"));
Codec oracle = new OracleCodec();
assertEquals("Oracle", null, instance.encodeForSQL(oracle, null));
assertEquals("Oracle", "Jeff'' or ''1''=''1", instance.encodeForSQL(oracle, "Jeff' or '1'='1"));
}
示例7: testEncodeForBase64
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of encodeForBase64 method, of class org.owasp.esapi.Encoder.
*/
public void testEncodeForBase64() {
System.out.println("encodeForBase64");
Encoder instance = ESAPI.encoder();
try {
assertEquals(null, instance.encodeForBase64(null, false));
assertEquals(null, instance.encodeForBase64(null, true));
assertEquals(null, instance.decodeFromBase64(null));
for ( int i=0; i < 100; i++ ) {
byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
byte[] decoded = instance.decodeFromBase64( encoded );
assertTrue( Arrays.equals( r, decoded ) );
}
} catch ( IOException e ) {
fail();
}
}
示例8: postEncode
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Performs HTTP POST based encoding.
*
* @param artifactContext current request context
* @param outTransport outbound HTTP transport
*
* @throws MessageEncodingException thrown if there is a problem POST encoding the artifact
*/
protected void postEncode(SAMLMessageContext artifactContext, HTTPOutTransport outTransport)
throws MessageEncodingException {
log.debug("Performing HTTP POST SAML 2 artifact encoding");
log.debug("Creating velocity context");
VelocityContext context = new VelocityContext();
Encoder esapiEncoder = ESAPI.encoder();
String endpointURL = getEndpointURL(artifactContext).toString();
String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
log.debug("Setting action parameter to: '{}', encoded as '{}'", endpointURL, encodedEndpointURL);
context.put("action", encodedEndpointURL);
context.put("SAMLArt", buildArtifact(artifactContext).base64Encode());
context.put("binding", getBindingURI());
if (checkRelayState(artifactContext.getRelayState())) {
String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(artifactContext.getRelayState());
log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", artifactContext.getRelayState(), encodedRelayState);
context.put("RelayState", encodedRelayState);
}
try {
log.debug("Invoking velocity template");
OutputStreamWriter outWriter = new OutputStreamWriter(outTransport.getOutgoingStream());
velocityEngine.mergeTemplate(velocityTemplateId, "UTF-8", context, outWriter);
} catch (Exception e) {
log.error("Error invoking velocity template to create POST form", e);
throw new MessageEncodingException("Error creating output document", e);
}
}
示例9: testEncodeForHTMLAttribute
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of encodeForHTMLAttribute method, of class org.owasp.esapi.Encoder.
*/
public void testEncodeForHTMLAttribute() {
System.out.println("encodeForHTMLAttribute");
Encoder instance = ESAPI.encoder();
assertEquals(null, instance.encodeForHTMLAttribute(null));
assertEquals("<script>", instance.encodeForHTMLAttribute("<script>"));
assertEquals(",.-_", instance.encodeForHTMLAttribute(",.-_"));
assertEquals(" !@$%()=+{}[]", instance.encodeForHTMLAttribute(" [email protected]$%()=+{}[]"));
}
示例10: testEncodeForURL
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of encodeForURL method, of class org.owasp.esapi.Encoder.
*
* @throws Exception
*/
public void testEncodeForURL() throws Exception {
System.out.println("encodeForURL");
Encoder instance = ESAPI.encoder();
assertEquals(null, instance.encodeForURL(null));
assertEquals("%3Cscript%3E", instance.encodeForURL("<script>"));
}
示例11: encode
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
public static String encode(String item, short encFor, boolean canonicalize) throws PageException {
if(StringUtil.isEmpty(item)) return item;
PrintStream out = System.out;
try {
System.setOut(new PrintStream(DevNullOutputStream.DEV_NULL_OUTPUT_STREAM));
Encoder encoder = ESAPI.encoder();
if(canonicalize)item=encoder.canonicalize(item, false);
switch(encFor){
case ENC_CSS:return encoder.encodeForCSS(item);
case ENC_DN:return encoder.encodeForDN(item);
case ENC_HTML:return encoder.encodeForHTML(item);
case ENC_HTML_ATTR:return encoder.encodeForHTMLAttribute(item);
case ENC_JAVA_SCRIPT:return encoder.encodeForJavaScript(item);
case ENC_LDAP:return encoder.encodeForLDAP(item);
case ENC_URL:return encoder.encodeForURL(item);
case ENC_VB_SCRIPT:return encoder.encodeForVBScript(item);
case ENC_XML:return encoder.encodeForXML(item);
case ENC_XML_ATTR:return encoder.encodeForXMLAttribute(item);
case ENC_XPATH:return encoder.encodeForXPath(item);
}
throw new ApplicationException("invalid target encoding defintion");
}
catch(EncodingException ee){
throw Caster.toPageException(ee);
}
finally {
System.setOut(out);
}
}
示例12: testEncodeForLDAP
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
*/
public void testEncodeForLDAP() {
System.out.println("encodeForLDAP");
Encoder instance = ESAPI.encoder();
assertEquals(null, instance.encodeForLDAP(null));
assertEquals("No special characters to escape", "Hi This is a test #��", instance.encodeForLDAP("Hi This is a test #��"));
assertEquals("Zeros", "Hi \\00", instance.encodeForLDAP("Hi \u0000"));
assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # � � �", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �"));
}
示例13: testEncodeForDN
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
*/
public void testEncodeForDN() {
System.out.println("encodeForDN");
Encoder instance = ESAPI.encoder();
assertEquals(null, instance.encodeForDN(null));
assertEquals("No special characters to escape", "Hello�", instance.encodeForDN("Hello�"));
assertEquals("leading #", "\\# Hello�", instance.encodeForDN("# Hello�"));
assertEquals("leading space", "\\ Hello�", instance.encodeForDN(" Hello�"));
assertEquals("trailing space", "Hello�\\ ", instance.encodeForDN("Hello� "));
assertEquals("less than greater than", "Hello\\<\\>", instance.encodeForDN("Hello<>"));
assertEquals("only 3 spaces", "\\ \\ ", instance.encodeForDN(" "));
assertEquals("Christmas Tree DN", "\\ Hello\\\\ \\+ \\, \\\"World\\\" \\;\\ ", instance.encodeForDN(" Hello\\ + , \"World\" ; "));
}
示例14: testWindowsCodec
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
* Test of WindowsCodec
*/
public void testWindowsCodec() {
System.out.println("WindowsCodec");
Encoder instance = ESAPI.encoder();
Codec win = new WindowsCodec();
char[] immune = new char[0];
assertEquals(null, instance.encodeForOS(win, null));
PushbackString npbs = new PushbackString("n");
assertEquals(null, win.decodeCharacter(npbs));
PushbackString epbs = new PushbackString("");
assertEquals(null, win.decodeCharacter(epbs));
Character c = Character.valueOf('<');
PushbackString cpbs = new PushbackString(win.encodeCharacter(immune, c));
Character decoded = win.decodeCharacter(cpbs);
assertEquals(c, decoded);
String orig = "c:\\jeff";
String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
assertEquals(orig, win.decode(enc));
assertEquals(orig, win.decode(orig));
// TODO: Check that these are acceptable for Windows
assertEquals("c^:^\\jeff", instance.encodeForOS(win, "c:\\jeff"));
assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"));
assertEquals("dir^ ^&^ foo", instance.encodeForOS(win, "dir & foo"));
assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"));
}
示例15: testEncodeForXMLAttributePound
import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
public void testEncodeForXMLAttributePound() {
Encoder instance = ESAPI.encoder();
assertEquals("£", instance.encodeForXMLAttribute("\u00A3"));
}