• Home
• org.owasp.esapi
• esapi
• 2.2.1.0-RC1
• source code
• DB2Codec.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.owasp.esapi.codecs.DB2Codec Maven / Gradle / Ivy

/**
 * OWASP Enterprise Security API (ESAPI)
 *
 * This file is part of the Open Web Application Security Project (OWASP)
 * Enterprise Security API (ESAPI) project. For details, please see
 * http://www.owasp.org/index.php/ESAPI.
 *
 * Copyright (c) 2007 - The OWASP Foundation
 *
 * The ESAPI is published by OWASP under the BSD license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 */
package org.owasp.esapi.codecs;


/**
 * Implementation of the Codec interface for DB2 strings. This function will only protect you from SQLi in limited situations.
 * 
 * @author Sivasankar Tanakala ([email protected])
 * @since October 26, 2010
 * @see org.owasp.esapi.Encoder
 */
public class DB2Codec extends AbstractCharacterCodec {

	public String encodeCharacter(char[] immune, Character c) {

		if (c.charValue() == '\'')
			return "\'\'";

		if (c.charValue() == ';')
			return ".";

		return "" + c;
	}

	public Character decodeCharacter(PushbackString input) {

		input.mark();
		Character first = input.next();

		if (first == null) {
			input.reset();
			return null;
		}

		// if this is not an encoded character, return null

		if (first.charValue() != '\'') {
			input.reset();
			return null;
		}

		Character second = input.next();

		if (second == null) {
			input.reset();
			return null;
		}

		// if this is not an encoded character, return null
		if (second.charValue() != '\'') {
			input.reset();
			return null;
		}

		return (Character.valueOf('\''));
	}
}