Package org.owasp.esapi.codecs
Class AbstractCodec<T>
- java.lang.Object
-
- org.owasp.esapi.codecs.AbstractCodec<T>
-
- Type Parameters:
T
-
- All Implemented Interfaces:
Codec<T>
- Direct Known Subclasses:
AbstractCharacterCodec
,AbstractIntegerCodec
public abstract class AbstractCodec<T> extends java.lang.Object implements Codec<T>
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding and canonicalization. The design of these codecs allows for character-by-character decoding, which is necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques used by attackers to bypass validation and bury encoded attacks in data.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
Encoder
-
-
Constructor Summary
Constructors Constructor Description AbstractCodec()
Default constructor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
containsCharacter(char c, char[] array)
Utility to search a char[] for a specific char.T
decodeCharacter(PushbackSequence<T> input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.java.lang.String
encode(char[] immune, java.lang.String input)
WARNING!!Character
based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them tochar
s.java.lang.String
encodeCharacter(char[] immune, char c)
java.lang.String
encodeCharacter(char[] immune, int codePoint)
Default codepoint implementation that should be overridden in specific codecs.java.lang.String
encodeCharacter(char[] immune, java.lang.Character c)
WARNING!!!! Passing a standard char to this method will resolve to thejava.lang.String
getHexForNonAlphanumeric(char c)
Lookup the hex value of any character that is not alphanumeric.java.lang.String
getHexForNonAlphanumeric(int c)
Lookup the hex value of any character that is not alphanumeric.java.lang.String
toHex(char c)
java.lang.String
toHex(int c)
java.lang.String
toOctal(char c)
-
-
-
Method Detail
-
encode
public java.lang.String encode(char[] immune, java.lang.String input)
WARNING!!Character
based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them tochar
s. If you are implementing anInteger
based codec, these will be silently discarded based on the return fromCharacter.isValidCodePoint( int )
. This is the preferred behavior moving forward. Encode a String so that it can be safely used in a specific context.
-
encodeCharacter
public java.lang.String encodeCharacter(char[] immune, java.lang.Character c)
WARNING!!!! Passing a standard char to this method will resolve to the- Specified by:
encodeCharacter
in interfaceCodec<T>
- Parameters:
immune
- array of chars to NOT encode. Use with caution.c
- the Character to encode- Returns:
- the encoded Character
- See Also:
method instead of this one!!! YOU HAVE BEEN WARNED!!!!
-
encodeCharacter
public java.lang.String encodeCharacter(char[] immune, char c)
-
encodeCharacter
public java.lang.String encodeCharacter(char[] immune, int codePoint)
Description copied from interface:Codec
Default codepoint implementation that should be overridden in specific codecs.- Specified by:
encodeCharacter
in interfaceCodec<T>
codePoint
- the integer to encode- Returns:
- the encoded Character
-
decodeCharacter
public T decodeCharacter(PushbackSequence<T> input)
Description copied from interface:Codec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString.- Specified by:
decodeCharacter
in interfaceCodec<T>
- Parameters:
input
- the Character to decode- Returns:
- the decoded Character
-
getHexForNonAlphanumeric
public java.lang.String getHexForNonAlphanumeric(char c)
Lookup the hex value of any character that is not alphanumeric.- Specified by:
getHexForNonAlphanumeric
in interfaceCodec<T>
- Parameters:
c
- The character to lookup.- Returns:
- return null if alphanumeric or the character code in hex.
-
getHexForNonAlphanumeric
public java.lang.String getHexForNonAlphanumeric(int c)
Lookup the hex value of any character that is not alphanumeric.- Specified by:
getHexForNonAlphanumeric
in interfaceCodec<T>
- Parameters:
c
- The character to lookup.- Returns:
- return null if alphanumeric or the character code in hex.
-
containsCharacter
public boolean containsCharacter(char c, char[] array)
Utility to search a char[] for a specific char.- Specified by:
containsCharacter
in interfaceCodec<T>
- Returns:
- True if the supplied array contains the specified character. False otherwise.
-
-