Class AbstractCodec<T>

  • Type Parameters:
    T -
    All Implemented Interfaces:
    Codec<T>
    Direct Known Subclasses:
    AbstractCharacterCodec, AbstractIntegerCodec

    public abstract class AbstractCodec<T>
    extends java.lang.Object
    implements Codec<T>
    The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding and canonicalization. The design of these codecs allows for character-by-character decoding, which is necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques used by attackers to bypass validation and bury encoded attacks in data.
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
    See Also:
    Encoder
    • Constructor Summary

      Constructors 
      Constructor Description
      AbstractCodec()
      Default constructor
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean containsCharacter​(char c, char[] array)
      Utility to search a char[] for a specific char.
      T decodeCharacter​(PushbackSequence<T> input)
      Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
      java.lang.String encode​(char[] immune, java.lang.String input)
      WARNING!! Character based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them to chars.
      java.lang.String encodeCharacter​(char[] immune, char c)  
      java.lang.String encodeCharacter​(char[] immune, int codePoint)
      Default codepoint implementation that should be overridden in specific codecs.
      java.lang.String encodeCharacter​(char[] immune, java.lang.Character c)
      WARNING!!!! Passing a standard char to this method will resolve to the
      java.lang.String getHexForNonAlphanumeric​(char c)
      Lookup the hex value of any character that is not alphanumeric.
      java.lang.String getHexForNonAlphanumeric​(int c)
      Lookup the hex value of any character that is not alphanumeric.
      java.lang.String toHex​(char c)  
      java.lang.String toHex​(int c)  
      java.lang.String toOctal​(char c)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
      • Methods inherited from interface org.owasp.esapi.codecs.Codec

        decode
    • Constructor Detail

      • AbstractCodec

        public AbstractCodec()
        Default constructor
    • Method Detail

      • encode

        public java.lang.String encode​(char[] immune,
                                       java.lang.String input)
        WARNING!! Character based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them to chars.

        If you are implementing an Integer based codec, these will be silently discarded based on the return from Character.isValidCodePoint( int ). This is the preferred behavior moving forward. Encode a String so that it can be safely used in a specific context.
        Specified by:
        encode in interface Codec<T>
        input - the String to encode
        Returns:
        the encoded String
      • encodeCharacter

        public java.lang.String encodeCharacter​(char[] immune,
                                                java.lang.Character c)
        WARNING!!!! Passing a standard char to this method will resolve to the
        Specified by:
        encodeCharacter in interface Codec<T>
        Parameters:
        immune - array of chars to NOT encode. Use with caution.
        c - the Character to encode
        Returns:
        the encoded Character
        See Also:
        method instead of this one!!! YOU HAVE BEEN WARNED!!!!
      • encodeCharacter

        public java.lang.String encodeCharacter​(char[] immune,
                                                char c)
      • encodeCharacter

        public java.lang.String encodeCharacter​(char[] immune,
                                                int codePoint)
        Description copied from interface: Codec
        Default codepoint implementation that should be overridden in specific codecs.
        Specified by:
        encodeCharacter in interface Codec<T>
        codePoint - the integer to encode
        Returns:
        the encoded Character
      • decodeCharacter

        public T decodeCharacter​(PushbackSequence<T> input)
        Description copied from interface: Codec
        Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString.
        Specified by:
        decodeCharacter in interface Codec<T>
        Parameters:
        input - the Character to decode
        Returns:
        the decoded Character
      • getHexForNonAlphanumeric

        public java.lang.String getHexForNonAlphanumeric​(char c)
        Lookup the hex value of any character that is not alphanumeric.
        Specified by:
        getHexForNonAlphanumeric in interface Codec<T>
        Parameters:
        c - The character to lookup.
        Returns:
        return null if alphanumeric or the character code in hex.
      • getHexForNonAlphanumeric

        public java.lang.String getHexForNonAlphanumeric​(int c)
        Lookup the hex value of any character that is not alphanumeric.
        Specified by:
        getHexForNonAlphanumeric in interface Codec<T>
        Parameters:
        c - The character to lookup.
        Returns:
        return null if alphanumeric or the character code in hex.
      • toOctal

        public java.lang.String toOctal​(char c)
        Specified by:
        toOctal in interface Codec<T>
      • toHex

        public java.lang.String toHex​(char c)
        Specified by:
        toHex in interface Codec<T>
      • toHex

        public java.lang.String toHex​(int c)
        Specified by:
        toHex in interface Codec<T>
      • containsCharacter

        public boolean containsCharacter​(char c,
                                         char[] array)
        Utility to search a char[] for a specific char.
        Specified by:
        containsCharacter in interface Codec<T>
        Returns:
        True if the supplied array contains the specified character. False otherwise.