Package org.owasp.validator.css

Class CssScanner

  • Direct Known Subclasses:
    ExternalCssScanner
    public class CssScanner
extends java.lang.Object
    Encapsulates the parsing and validation of a CSS stylesheet or inline declaration. To make use of this class, instantiate the scanner with the desired policy and call either scanInlineSheet() or scanStyleSheet as appropriate.
    Author:
    Jason Li
    See Also:
    scanInlineStyle(String, String, int), scanStyleSheet(String, int)

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static int DEFAULT_TIMEOUT  
      protected java.util.ResourceBundle messages
      The message bundled to pull error messages from.
      protected org.apache.batik.css.parser.Parser parser
      The parser to be used in any scanning
      protected InternalPolicy policy
      The policy file to be used in any scanning

    • Constructor Summary

      Constructors 
      Constructor Description
      CssScanner​(InternalPolicy policy, java.util.ResourceBundle messages)
      Constructs a scanner based on the given policy.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static void main​(java.lang.String[] args)
      Deprecated. 
      protected void parseImportedStylesheets​(java.util.LinkedList stylesheets, CssHandler handler, java.util.List<java.lang.String> errorMessages, int sizeLimit)
      Parses through a LinkedList of imported stylesheet URIs, this method parses through those stylesheets and validates them
      CleanResults scanInlineStyle​(java.lang.String taintedCss, java.lang.String tagName, int sizeLimit)
      Scans the contents of an inline style declaration (ex.
      CleanResults scanStyleSheet​(java.lang.String taintedCss, int sizeLimit)
      Scans the contents of a full stylesheet (ex.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • parser

        protected final org.apache.batik.css.parser.Parser parser
        The parser to be used in any scanning

      • policy

        protected final InternalPolicy policy
        The policy file to be used in any scanning

      • messages

        protected final java.util.ResourceBundle messages
        The message bundled to pull error messages from.

    • Constructor Detail

      • CssScanner

        public CssScanner​(InternalPolicy policy,
                  java.util.ResourceBundle messages)
        Constructs a scanner based on the given policy.
        Parameters:
        policy - the policy to follow when scanning

    • Method Detail

      • scanStyleSheet

        public CleanResults scanStyleSheet​(java.lang.String taintedCss,
                                   int sizeLimit)
                            throws ScanException
        Scans the contents of a full stylesheet (ex. a file based stylesheet or the complete stylesheet contents as declared within <style> tags)
        Parameters:
        taintedCss - a String containing the contents of the CSS stylesheet to validate
        sizeLimit - the limit on the total size in bytes of any imported stylesheets
        Returns:
        a CleanResuts object containing the results of the scan
        Throws:
        ScanException - if an error occurs during scanning

      • scanInlineStyle

        public CleanResults scanInlineStyle​(java.lang.String taintedCss,
                                    java.lang.String tagName,
                                    int sizeLimit)
                             throws ScanException
        Scans the contents of an inline style declaration (ex. in the style attribute of an HTML tag) and validates the style sheet according to this CssScanner's policy file.
        Parameters:
        taintedCss - a String containing the contents of the CSS stylesheet to validate
        tagName - the name of the tag for which this inline style was declared
        sizeLimit - the limit on the total size in bites of any imported stylesheets
        Returns:
        a CleanResuts object containing the results of the scan
        Throws:
        ScanException - if an error occurs during scanning

      • parseImportedStylesheets

        protected void parseImportedStylesheets​(java.util.LinkedList stylesheets,
                                        CssHandler handler,
                                        java.util.List<java.lang.String> errorMessages,
                                        int sizeLimit)
                                 throws ScanException
        Parses through a LinkedList of imported stylesheet URIs, this method parses through those stylesheets and validates them
        Parameters:
        stylesheets - the LinkedList of stylesheet URIs to parse
        handler - the CssHandler to use for parsing
        errorMessages - the list of error messages to append to
        sizeLimit - the limit on the total size in bites of any imported stylesheets
        Throws:
        ScanException - if an error occurs during scanning

      • main

        public static void main​(java.lang.String[] args)
                 throws java.lang.Exception
        Deprecated.
        Test method to demonstrate CSS scanning.
        Parameters:
        args - unused
        Throws:
        java.lang.Exception - if any error occurs