Package org.owasp.esapi.codecs
Class Codec
- java.lang.Object
-
- org.owasp.esapi.codecs.Codec
-
- Direct Known Subclasses:
CSSCodec
,DB2Codec
,HTMLEntityCodec
,JavaScriptCodec
,MySQLCodec
,OracleCodec
,PercentCodec
,UnixCodec
,VBScriptCodec
,WindowsCodec
,XMLEntityCodec
public abstract class Codec extends java.lang.Object
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding and canonicalization. The design of these codecs allows for character-by-character decoding, which is necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques used by attackers to bypass validation and bury encoded attacks in data.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
Encoder
-
-
Constructor Summary
Constructors Constructor Description Codec()
Default constructor
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static boolean
containsCharacter(char c, char[] array)
Utility to search a char[] for a specific char.java.lang.String
decode(java.lang.String input)
Decode a String that was encoded using the encode method in this Classjava.lang.Character
decodeCharacter(PushbackString input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.java.lang.String
encode(char[] immune, java.lang.String input)
Encode a String so that it can be safely used in a specific context.java.lang.String
encodeCharacter(char[] immune, java.lang.Character c)
Default implementation that should be overridden in specific codecs.static java.lang.String
getHexForNonAlphanumeric(char c)
Lookup the hex value of any character that is not alphanumeric.static java.lang.String
toHex(char c)
static java.lang.String
toOctal(char c)
-
-
-
Method Detail
-
encode
public java.lang.String encode(char[] immune, java.lang.String input)
Encode a String so that it can be safely used in a specific context.- Parameters:
immune
-input
- the String to encode- Returns:
- the encoded String
-
encodeCharacter
public java.lang.String encodeCharacter(char[] immune, java.lang.Character c)
Default implementation that should be overridden in specific codecs.- Parameters:
immune
-c
- the Character to encode- Returns:
- the encoded Character
-
decode
public java.lang.String decode(java.lang.String input)
Decode a String that was encoded using the encode method in this Class- Parameters:
input
- the String to decode- Returns:
- the decoded String
-
decodeCharacter
public java.lang.Character decodeCharacter(PushbackString input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString. If the current character is not encoded, this method MUST reset the PushbackString.- Parameters:
input
- the Character to decode- Returns:
- the decoded Character
-
getHexForNonAlphanumeric
public static java.lang.String getHexForNonAlphanumeric(char c)
Lookup the hex value of any character that is not alphanumeric.- Parameters:
c
- The character to lookup.- Returns:
- , return null if alphanumeric or the character code in hex.
-
toOctal
public static java.lang.String toOctal(char c)
-
toHex
public static java.lang.String toHex(char c)
-
containsCharacter
public static boolean containsCharacter(char c, char[] array)
Utility to search a char[] for a specific char.- Parameters:
c
-array
-- Returns:
-
-