Package org.owasp.esapi.codecs

Class AbstractCodec<T>

java.lang.Object

org.owasp.esapi.codecs.AbstractCodec<T>

Type Parameters:

T -

All Implemented Interfaces:

Codec<T>

Direct Known Subclasses:

AbstractCharacterCodec, AbstractIntegerCodec

public abstract class AbstractCodec<T>
extends java.lang.Object
implements Codec<T>

The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding and canonicalization. The design of these codecs allows for character-by-character decoding, which is necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques used by attackers to bypass validation and bury encoded attacks in data.

Since:

June 1, 2007

Author:

Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

See Also:

Encoder

Constructor Summary

Constructors

Constructor	Description
AbstractCodec()	Default constructor

Method Summary

Modifier and Type	Method	Description
boolean	containsCharacter(char c, char[] array)	Utility to search a char[] for a specific char.
T	decodeCharacter(PushbackSequence<T> input)	Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
java.lang.String	encode(char[] immune, java.lang.String input)	WARNING!! Character based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them to chars.
java.lang.String	encodeCharacter(char[] immune, char c)
java.lang.String	encodeCharacter(char[] immune, int codePoint)	Default codepoint implementation that should be overridden in specific codecs.
java.lang.String	encodeCharacter(char[] immune, java.lang.Character c)	WARNING!!!! Passing a standard char to this method will resolve to the
java.lang.String	getHexForNonAlphanumeric(char c)	Lookup the hex value of any character that is not alphanumeric.
java.lang.String	getHexForNonAlphanumeric(int c)	Lookup the hex value of any character that is not alphanumeric.
java.lang.String	toHex(char c)
java.lang.String	toHex(int c)
java.lang.String	toOctal(char c)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.owasp.esapi.codecs.Codec

decode

Constructor Detail

AbstractCodec

public AbstractCodec()

Default constructor

Method Detail

encode

public java.lang.String encode(char[] immune,
                               java.lang.String input)

WARNING!! Character based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them to chars.

If you are implementing an Integer based codec, these will be silently discarded based on the return from Character.isValidCodePoint( int ). This is the preferred behavior moving forward. Encode a String so that it can be safely used in a specific context.

Specified by:

encode in interface Codec<T>

input - the String to encode

Returns:

the encoded String

encodeCharacter

public java.lang.String encodeCharacter(char[] immune,
                                        java.lang.Character c)

WARNING!!!! Passing a standard char to this method will resolve to the

Specified by:

encodeCharacter in interface Codec<T>

Parameters:

immune - array of chars to NOT encode. Use with caution.

c - the Character to encode

Returns:

the encoded Character

See Also:

method instead of this one!!! YOU HAVE BEEN WARNED!!!!

encodeCharacter

public java.lang.String encodeCharacter(char[] immune,
                                        char c)

encodeCharacter

public java.lang.String encodeCharacter(char[] immune,
                                        int codePoint)

Description copied from interface: Codec

Default codepoint implementation that should be overridden in specific codecs.

Specified by:

encodeCharacter in interface Codec<T>

codePoint - the integer to encode

Returns:

the encoded Character

decodeCharacter

public T decodeCharacter(PushbackSequence<T> input)

Description copied from interface: Codec

Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString.

Specified by:

decodeCharacter in interface Codec<T>

Parameters:

input - the Character to decode

Returns:

the decoded Character

getHexForNonAlphanumeric

public java.lang.String getHexForNonAlphanumeric(char c)

Lookup the hex value of any character that is not alphanumeric.

Specified by:

getHexForNonAlphanumeric in interface Codec<T>

Parameters:

c - The character to lookup.

Returns:

return null if alphanumeric or the character code in hex.

getHexForNonAlphanumeric

public java.lang.String getHexForNonAlphanumeric(int c)

Lookup the hex value of any character that is not alphanumeric.

Specified by:

getHexForNonAlphanumeric in interface Codec<T>

Parameters:

c - The character to lookup.

Returns:

return null if alphanumeric or the character code in hex.

toOctal

public java.lang.String toOctal(char c)

Specified by:

toOctal in interface Codec<T>

toHex

public java.lang.String toHex(char c)

Specified by:

toHex in interface Codec<T>

toHex

public java.lang.String toHex(int c)

Specified by:

toHex in interface Codec<T>

containsCharacter

public boolean containsCharacter(char c,
                                 char[] array)

Utility to search a char[] for a specific char.

Specified by:

containsCharacter in interface Codec<T>

Returns:

True if the supplied array contains the specified character. False otherwise.