Codec (ESAPI 2.0 2.0

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.codecs
Class Codec

java.lang.Object
  org.owasp.esapi.codecs.Codec

Direct Known Subclasses:: CSSCodec, DB2Codec, HTMLEntityCodec, JavaScriptCodec, MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec, WindowsCodec, XMLEntityCodec

public abstract class Codec
extends java.lang.Object
extends java.lang.Object

The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding and canonicalization. The design of these codecs allows for character-by-character decoding, which is necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques used by attackers to bypass validation and bury encoded attacks in data.

Since:: June 1, 2007
Author:: Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
See Also:: Encoder

Constructor Summary
`Codec()` Default constructor

Method Summary
`static boolean`	`containsCharacter(char c, char[] array)` Utility to search a char[] for a specific char.
`java.lang.String`	`decode(java.lang.String input)` Decode a String that was encoded using the encode method in this Class
`java.lang.Character`	`decodeCharacter(PushbackString input)` Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
`java.lang.String`	`encode(char[] immune, java.lang.String input)` Encode a String so that it can be safely used in a specific context.
`java.lang.String`	`encodeCharacter(char[] immune, java.lang.Character c)` Default implementation that should be overridden in specific codecs.
`static java.lang.String`	`getHexForNonAlphanumeric(char c)` Lookup the hex value of any character that is not alphanumeric.
`static java.lang.String`	`toHex(char c)`
`static java.lang.String`	`toOctal(char c)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

Codec

public Codec()

Default constructor

Method Detail

encode

public java.lang.String encode(char[] immune,
                               java.lang.String input)

Encode a String so that it can be safely used in a specific context.

Parameters:: immune -; input - the String to encode
Returns:: the encoded String

encodeCharacter

public java.lang.String encodeCharacter(char[] immune,
                                        java.lang.Character c)

Default implementation that should be overridden in specific codecs.

Parameters:: immune -; c - the Character to encode
Returns:: the encoded Character

decode

public java.lang.String decode(java.lang.String input)

Decode a String that was encoded using the encode method in this Class

Parameters:: input - the String to decode
Returns:: the decoded String

decodeCharacter

public java.lang.Character decodeCharacter(PushbackString input)

Returns the decoded version of the next character from the input string and advances the current character in the PushbackString. If the current character is not encoded, this method MUST reset the PushbackString.

Parameters:: input - the Character to decode
Returns:: the decoded Character

getHexForNonAlphanumeric

public static java.lang.String getHexForNonAlphanumeric(char c)

Lookup the hex value of any character that is not alphanumeric.

Parameters:: c - The character to lookup.

toOctal

public static java.lang.String toOctal(char c)

toHex

public static java.lang.String toHex(char c)

containsCharacter

public static boolean containsCharacter(char c,
                                        char[] array)

Utility to search a char[] for a specific char.

Parameters:: c -; array -
Returns: