T
- public abstract class AbstractCodec<T> extends Object implements Codec<T>
Coded
interface defines a set of methods for encoding and decoding application level encoding schemes,
such as HTML entity encoding and percent encoding (aka URL encoding). Coded
s are used in output encoding
and canonicalization. The design of these codecs allows for character-by-character decoding, which is
necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques
used by attackers to bypass validation and bury encoded attacks in data.
Be sure to see the several WARNINGs associated with the detailed method descriptions. You will not find that in the "Method Summary" section of the javadoc because that only shows the intial sentence.
Encoder
Constructor and Description |
---|
AbstractCodec()
Default constructor
|
Modifier and Type | Method and Description |
---|---|
boolean |
containsCharacter(char c,
char[] array)
Utility to search a char[] for a specific char.
|
T |
decodeCharacter(PushbackSequence<T> input)
Returns the decoded version of the next character from the input string and advances the
current character in the
PushbackSequence . |
String |
encode(char[] immune,
String input)
Encode a String so that it can be safely used in a specific context.
|
String |
encodeCharacter(char[] immune,
char c)
To prevent accidental footgun usage and calling
encodeCharacter( char[], int) when called with char and
char is first silently converted to int and then the
unexpected method is called. |
String |
encodeCharacter(char[] immune,
Character c)
Default implementation that should be overridden in specific codecs.
|
String |
encodeCharacter(char[] immune,
int codePoint)
Default codepoint implementation that should be overridden in specific codecs.
|
String |
getHexForNonAlphanumeric(char c)
Lookup the hex value of any character that is not alphanumeric.
|
String |
getHexForNonAlphanumeric(int c)
Lookup the hex value of any character that is not alphanumeric.
|
String |
toHex(char c)
Convert the
char parameter to its hexadecimal representation. |
String |
toHex(int c)
Convert the
int parameter to its hexadecimal representation. |
String |
toOctal(char c)
Convert the
char parameter to its octal representation. |
public String encode(char[] immune, String input)
WARNING!! Character
based Codec
s will silently transform code points that are not
legal UTF code points into garbage data as they will cast them to char
s.
Also, if you are implementing an Integer
based codec, these will be silently discarded
based on the return from Character.isValidCodePoint( int )
. This is the preferred
behavior moving forward.
public String encodeCharacter(char[] immune, Character c)
WARNING!!!! Passing a standard char
rather than Character
to this method will resolve to the
encodeCharacter( char[], char )
method, which will throw an IllegalArgumentException
instead.
YOU HAVE BEEN WARNED!!!!
encodeCharacter
in interface Codec<T>
immune
- array of chars to NOT encode. Use with caution.c
- the Character to encodepublic String encodeCharacter(char[] immune, char c)
encodeCharacter( char[], int)
when called with char
and
char
is first silently converted to int
and then the
unexpected method is called.IllegalArgumentException
- to indicate that you called the incorrect method.public String encodeCharacter(char[] immune, int codePoint)
Codec
encodeCharacter
in interface Codec<T>
codePoint
- the integer to encodepublic T decodeCharacter(PushbackSequence<T> input)
Codec
PushbackSequence
. If the current character is not encoded, this
method MUST reset the PushbackString
.decodeCharacter
in interface Codec<T>
input
- the Character to decodepublic String getHexForNonAlphanumeric(char c)
getHexForNonAlphanumeric
in interface Codec<T>
c
- The character to lookup.public String getHexForNonAlphanumeric(int c)
getHexForNonAlphanumeric
in interface Codec<T>
c
- The character to lookup.public String toOctal(char c)
Codec
char
parameter to its octal representation.public String toHex(char c)
Codec
char
parameter to its hexadecimal representation.public String toHex(int c)
Codec
int
parameter to its hexadecimal representation.public boolean containsCharacter(char c, char[] array)
containsCharacter
in interface Codec<T>
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.