source: main/trunk/greenstone2/runtime-src/packages/security/gs-code-changes/esapitools.cpp@ 28886

Last change on this file since 28886 was 28886, checked in by ak19, 10 years ago

Additions to the OWASP-for-C++ security package, even though we are no longer using this now. Adding Dr Bainbridge's new files esapitools.cpp and .h, in case we use this in future, along with its Makefile.in. Adding configure files to enable/disable the security package. (The Makefile in runtime-src/packages is not yet complete.)
File size: 4.5 KB
Line 
1
2#include "esapitools.h"
3
4#include "gsdlunicode.h"
5
6#include "EsapiCommon.h"
7#include "EncoderConstants.h"
8#include "reference/DefaultEncoder.h"
9
10#include "codecs/Codec.h"
11#include "codecs/UnixCodec.h"
12#include "codecs/WindowsCodec.h"
13#include "codecs/HTMLEntityCodec.h"
14
15#include "util/TextConvert.h"
16#include "crypto/CryptoppCommon.h"
17
18#include "errors/NullPointerException.h"
19#include "errors/UnsupportedOperationException.h"
20
21
22esapi::NarrowString text_t_to_esapi_narrow_string(text_t& in)
23{
24 text_t in_short_padded_utf8 = to_utf8(in.begin(),in.end());
25 char* in_utf8 = in_short_padded_utf8.getcstr(); // MSB of each array position in the text_t will be 0
26 esapi::NarrowString out_nstring(in_utf8); // NarrowString is typedef for std::string
27
28 delete [] in_utf8;
29
30 return out_nstring;
31}
32
33
34
35esapi::WideString text_t_to_esapi_wide_string(text_t& in)
36{
37 text_t in_short_padded_utf8 = to_utf8(in.begin(),in.end());
38 char* in_utf8 = in_short_padded_utf8.getcstr(); // MSB of each array position in the text_t will be 0
39 esapi::NarrowString* in_nstring = new esapi::NarrowString(in_utf8); // NarrowString is typedef for std::string
40
41 esapi::WideString out_wstring = TextConvert::NarrowToWide(*in_nstring); // esapi::WideString is typedef for std::wstring
42
43 delete [] in_utf8;
44 delete in_nstring;
45
46 return out_wstring;
47
48}
49
50
51text_t esapi_narrow_string_to_text_t(esapi::NarrowString& in)
52{
53 const char* in_cstr = in.c_str();
54
55 text_t out_text_t(in_cstr);
56
57 return out_text_t;
58}
59
60text_t esapi_wide_string_to_text_t(esapi::WideString& in)
61{
62
63 esapi::NarrowString in_nstring = TextConvert::WideToNarrow(in); // esapi::NarrowString is typedef for std::string
64 const char* in_cstr = in_nstring.c_str();
65
66 text_t out_text_t(in_cstr);
67
68 return out_text_t;
69}
70
71
72
73static esapi::StringArray Make_HTML_Vector()
74 {
75 esapi::StringArray sa;
76 sa.push_back(","); sa.push_back(".");
77 sa.push_back("-"); sa.push_back("_");
78 sa.push_back(" ");
79 return sa;
80 }
81
82 static esapi::StringArray Make_HTMLATTR_Vector()
83 {
84 esapi::StringArray sa;
85 sa.push_back(","); sa.push_back(".");
86 sa.push_back("-"); sa.push_back("_");
87 return sa;
88 }
89
90 static esapi::StringArray Make_CSS_Vector()
91 {
92 esapi::StringArray sa;
93 sa.push_back("");
94 return sa;
95 }
96
97 static esapi::StringArray Make_JAVASCRIPT_Vector()
98 {
99 esapi::StringArray sa;
100 sa.push_back(","); sa.push_back(".");
101 sa.push_back("_");
102 return sa;
103 }
104
105 static esapi::StringArray Make_VBSCRIPT_Vector()
106 {
107 esapi::StringArray sa;
108 sa.push_back(","); sa.push_back(".");
109 sa.push_back("_");
110 return sa;
111 }
112
113 static esapi::StringArray Make_XML_Vector()
114 {
115 esapi::StringArray sa;
116 sa.push_back(","); sa.push_back(".");
117 sa.push_back("-"); sa.push_back("_");
118 sa.push_back(" ");
119 return sa;
120 }
121
122 static esapi::StringArray Make_SQL_Vector()
123 {
124 esapi::StringArray sa;
125 sa.push_back(" ");
126 return sa;
127 }
128
129 static esapi::StringArray Make_OS_Vector()
130 {
131 esapi::StringArray sa;
132 sa.push_back("-");
133 return sa;
134 }
135
136 static esapi::StringArray Make_XMLATTR_Vector()
137 {
138 esapi::StringArray sa;
139 sa.push_back(","); sa.push_back(".");
140 sa.push_back("-"); sa.push_back("_");
141 return sa;
142 }
143
144 static esapi::StringArray Make_XPATH_Vector()
145 {
146 esapi::StringArray sa;
147 sa.push_back(","); sa.push_back(".");
148 sa.push_back("-"); sa.push_back("_");
149 sa.push_back(" ");
150 return sa;
151 }
152
153static const esapi::StringArray IMMUNE_HTML = Make_HTML_Vector();
154static const esapi::StringArray IMMUNE_HTMLATTR = Make_HTMLATTR_Vector();
155static const esapi::StringArray IMMUNE_CSS = Make_CSS_Vector();
156static const esapi::StringArray IMMUNE_JAVASCRIPT = Make_JAVASCRIPT_Vector();
157static const esapi::StringArray IMMUNE_VBSCRIPT = Make_VBSCRIPT_Vector();
158static const esapi::StringArray IMMUNE_XML = Make_XML_Vector();
159static const esapi::StringArray IMMUNE_SQL = Make_SQL_Vector();
160static const esapi::StringArray IMMUNE_OS = Make_OS_Vector();
161static const esapi::StringArray IMMUNE_XMLATTR = Make_XMLATTR_Vector();
162static const esapi::StringArray IMMUNE_XPATH = Make_XPATH_Vector();
163
164//static esapi::LDAPCodec ldapCodec;
165static esapi::HTMLEntityCodec htmlCodec;
166/*static esapi::XMLEntityCodec xmlCodec;
167static esapi::PercentCodec percentCodec;
168static esapi::JavaScriptCodec javaScriptCodec;
169static esapi::VBScriptCodec vbScriptCodec;
170static esapi::CSSCodec cssCodec;
171*/
172esapi::NarrowString encodeForHTML(const esapi::NarrowString & input) {
173 return htmlCodec.encode( IMMUNE_HTML, input);
174}
Note: See TracBrowser for help on using the repository browser.