• Home
• org.owasp.esapi
• esapi
• 2.2.1.0-RC1
• source code
• VBScriptCodec.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.owasp.esapi.codecs.VBScriptCodec Maven / Gradle / Ivy

/**
 * OWASP Enterprise Security API (ESAPI)
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * Enterprise Security API (ESAPI) project. For details, please see
 * http://www.owasp.org/index.php/ESAPI.
 *
 * Copyright (c) 2007 - The OWASP Foundation
 * 
 * The ESAPI is published by OWASP under the BSD license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jeff Williams Aspect Security
 * @created 2007
 */
package org.owasp.esapi.codecs;

import org.owasp.esapi.EncoderConstants;


/**
 * Implementation of the Codec interface for 'quote' encoding from VBScript.
 * 
 * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
 * @since June 1, 2007
 * @see org.owasp.esapi.Encoder
 */
public class VBScriptCodec extends AbstractCharacterCodec {

	/**
	 * Encode a String so that it can be safely used in a specific context.
	 * 
     * @param immune
     * @param input
	 * 		the String to encode
	 * @return the encoded String
	 */
    public String encode(char[] immune, String input) {
    	StringBuilder sb = new StringBuilder();
		boolean encoding = false;
		boolean inquotes = false;
		for ( int i=0; i 0 ) sb.append( "&" );
				if ( !inquotes && i > 0 ) sb.append( "\"" );
				sb.append( c );
				inquotes = true;
				encoding = false;
				
			// handle characters that need encoding
			} else {
				if ( inquotes && i < input.length() ) sb.append( "\"" );
				if ( i > 0 ) sb.append( "&" );
				sb.append( encodeCharacter( immune, Character.valueOf( c ) ) );
				inquotes = false;
				encoding = true;
			}
		}
		return sb.toString();
    }


	/**
	 * Returns quote-encoded character
     *
     * @param immune
     */
	public String encodeCharacter( char[] immune, Character c ) {
		char ch = c.charValue();
		
		// check for immune characters
		if ( containsCharacter( ch, immune ) ) {
			return ""+ch;
		}
		
		// check for alphanumeric characters
		String hex = super.getHexForNonAlphanumeric( ch );
		if ( hex == null ) {
			return ""+ch;
		}
		
        return "chrw(" + (int)c.charValue() + ")";
	}
	
	
	
	/**
	 * Returns the decoded version of the character starting at index, or
	 * null if no decoding is possible.
	 * 
	 * Formats all are legal both upper/lower case:
	 *   "x - all special characters
	 *   " + chr(x) + "  - not supported yet
	 */
	public Character decodeCharacter( PushbackSequence input ) {
		input.mark();
		Character first = input.next();
		if ( first == null ) {
			input.reset();
			return null;
		}
		
		// if this is not an encoded character, return null
		if ( first.charValue() != '\"' ) {
			input.reset();
			return null;
		}

		Character second = input.next();
		return second;
	}

}