All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.owasp.esapi.waf.rules.AddHeaderRule Maven / Gradle / Ivy

Go to download 

/**
 * OWASP Enterprise Security API (ESAPI)
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * Enterprise Security API (ESAPI) project. For details, please see
 * http://www.owasp.org/index.php/ESAPI.
 *
 * Copyright (c) 2009 - The OWASP Foundation
 * 
 * The ESAPI is published by OWASP under the BSD license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Arshan Dabirsiaghi Aspect Security
 * @created 2009
 */
package org.owasp.esapi.waf.rules;

import java.util.List;
import java.util.regex.Pattern;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.DoNothingAction;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;

/**
 * This is the Rule subclass executed for <add-header> rules.
 * @author Arshan Dabirsiaghi
 *
 */
public class AddHeaderRule extends Rule {

	private String header;
	private String value;
	private Pattern path;
	private List exceptions;

	public AddHeaderRule(String id, String header, String value, Pattern path, List exceptions) {
		setId(id);
		this.header = header;
		this.value = value;
		this.path = path;
		this.exceptions = exceptions;
	}

	public Action check(
			HttpServletRequest request, 
			InterceptingHTTPServletResponse response, 
			HttpServletResponse httpResponse) {

		DoNothingAction action = new DoNothingAction();

		if ( path.matcher(request.getRequestURI()).matches() ) {

			for(int i=0;i 















© 2015 - 2024 Weber Informatics LLC | Privacy Policy