本文整理汇总了Java中org.owasp.esapi.Encoder.canonicalize方法的典型用法代码示例。如果您正苦于以下问题:Java Encoder.canonicalize方法的具体用法?Java Encoder.canonicalize怎么用?Java Encoder.canonicalize使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.owasp.esapi.Encoder的用法示例。
在下文中一共展示了Encoder.canonicalize方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: fixParams
import org.owasp.esapi.Encoder; //导入方法依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
public String[] fixParams(final String name, final String url, final String[] params) throws ValidationFailedException {
checkNotNull(name);
checkArgument(!name.trim().isEmpty());
checkNotNull(url);
checkArgument(!url.trim().isEmpty());
checkNotNull(params);
checkArgument(params.length != 0, "PVF-BUG-0003: params should always have at least one value");
final String[] retValues = new String[params.length];
for (int paramIndex = 0, paramLength = params.length; paramIndex < paramLength; ++paramIndex) {
final String param = params[paramIndex];
if (param == null) {
retValues[paramIndex] = null;
} else {
final Encoder encoder = DefaultEncoder.getInstance();
final String canonicalized = encoder.canonicalize(param, false);
retValues[paramIndex] = canonicalized;
}
}
return retValues;
}
示例2: encode
import org.owasp.esapi.Encoder; //导入方法依赖的package包/类
public static String encode(String item, short encFor, boolean canonicalize) throws PageException {
if(StringUtil.isEmpty(item)) return item;
PrintStream out = System.out;
try {
System.setOut(new PrintStream(DevNullOutputStream.DEV_NULL_OUTPUT_STREAM));
Encoder encoder = ESAPI.encoder();
if(canonicalize)item=encoder.canonicalize(item, false);
switch(encFor){
case ENC_CSS:return encoder.encodeForCSS(item);
case ENC_DN:return encoder.encodeForDN(item);
case ENC_HTML:return encoder.encodeForHTML(item);
case ENC_HTML_ATTR:return encoder.encodeForHTMLAttribute(item);
case ENC_JAVA_SCRIPT:return encoder.encodeForJavaScript(item);
case ENC_LDAP:return encoder.encodeForLDAP(item);
case ENC_URL:return encoder.encodeForURL(item);
case ENC_VB_SCRIPT:return encoder.encodeForVBScript(item);
case ENC_XML:return encoder.encodeForXML(item);
case ENC_XML_ATTR:return encoder.encodeForXMLAttribute(item);
case ENC_XPATH:return encoder.encodeForXPath(item);
}
throw new ApplicationException("invalid target encoding defintion");
}
catch(EncodingException ee){
throw Caster.toPageException(ee);
}
finally {
System.setOut(out);
}
}
示例3: fixParams
import org.owasp.esapi.Encoder; //导入方法依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
public String[] fixParams(final String name, final String url, final String[] params) throws ValidationFailedException {
checkNotNull(name);
checkArgument(!name.trim().isEmpty());
checkNotNull(url);
checkArgument(!url.trim().isEmpty());
checkNotNull(params);
checkArgument(params.length != 0, "PVF-BUG-0003: params should always have at least one value");
for (int paramIndex = 0, paramLength = params.length; paramIndex < paramLength; ++paramIndex) {
String param = params[paramIndex];
if (allowBackSlash) {
param = param.replaceAll("\\\\", "");
}
if (param != null) {
final Encoder encoder = DefaultEncoder.getInstance();
final String canonicalized = encoder.canonicalize(param, false);
if (!canonicalized.equals(param)) {
throw new ValidationFailedException("PVF-SECURITY-0002: Param was found to already be encoded.\nNAME: " + name + "\nVALUE: " + param + "\nURL: " + url);
}
}
}
return params;
}
开发者ID:mcasperson,项目名称:ParameterValidationFilter,代码行数:32,代码来源:FailIfNotCanonicalizedValidationRule.java
示例4: testCanonicalizePerformance
import org.owasp.esapi.Encoder; //导入方法依赖的package包/类
public void testCanonicalizePerformance() throws Exception {
System.out.println("Canonicalization Performance");
Encoder encoder = ESAPI.encoder();
int iterations = 100;
String normal = "The quick brown fox jumped over the lazy dog";
long start = System.currentTimeMillis();
String temp = null; // Trade in 1/2 doz warnings in Eclipse for one (never read)
for ( int i=0; i< iterations; i++ ) {
temp = normal;
}
long stop = System.currentTimeMillis();
System.out.println( "Normal: " + (stop-start) );
start = System.currentTimeMillis();
for ( int i=0; i< iterations; i++ ) {
temp = encoder.canonicalize( normal, false );
}
stop = System.currentTimeMillis();
System.out.println( "Normal Loose: " + (stop-start) );
start = System.currentTimeMillis();
for ( int i=0; i< iterations; i++ ) {
temp = encoder.canonicalize( normal, true );
}
stop = System.currentTimeMillis();
System.out.println( "Normal Strict: " + (stop-start) );
String attack = "%252%35252\\u0036lt;\r\n\r\n%&#x%%%3333\\u0033;&%23101;";
start = System.currentTimeMillis();
for ( int i=0; i< iterations; i++ ) {
temp = attack;
}
stop = System.currentTimeMillis();
System.out.println( "Attack: " + (stop-start) );
start = System.currentTimeMillis();
for ( int i=0; i< iterations; i++ ) {
temp = encoder.canonicalize( attack, false );
}
stop = System.currentTimeMillis();
System.out.println( "Attack Loose: " + (stop-start) );
start = System.currentTimeMillis();
for ( int i=0; i< iterations; i++ ) {
try {
temp = encoder.canonicalize( attack, true );
} catch( IntrusionException e ) {
// expected
}
}
stop = System.currentTimeMillis();
System.out.println( "Attack Strict: " + (stop-start) );
}