source: main/trunk/greenstone2/runtime-src/src/recpt/securitytools.h@ 28899

Last change on this file since 28899 was 28899, checked in by ak19, 7 years ago

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File size: 1.8 KB
Line 
1#ifndef SECURITYTOOLS_H
2#define SECURITYTOOLS_H
3
4#include "text_t.h"
5
6// enums start numbering at 0 unless otherwise specified
7enum SQLMode { STANDARD, ANSI }; // public static enum Mode { ANSI(1),STANDARD(0); ...}
8
9
10// two bytes
11static const text_t REPLACEMENT_HEX = "fffd";
12//static const unsigned short REPLACEMENT_CHAR = '\ufffd';
13static const text_t IMMUNE_CSS = "";
14static const text_t IMMUNE_HTML = ",.-_ ";
15static const text_t IMMUNE_HTMLATTR = ",.-_";
16static const text_t IMMUNE_JAVASCRIPT = ",._";
17static const text_t IMMUNE_URL = "*.-_"; // See http://docs.oracle.com/javase/6/docs/api/java/net/URLEncoder.html
18static const text_t IMMUNE_SQL = " ";
19
20
21// a very simple version of esapi's Validator.isValidInput()
22bool isValidURLProtocol(const text_t& url);
23
24// String conversion
25text_t encodeForHTML(const text_t& input, const text_t& immuneChars=IMMUNE_HTML);
26text_t encodeForURL(const text_t& input, const text_t& immuneChars=IMMUNE_URL);
27text_t encodeForJavascript(const text_t& input, const text_t& immuneChars=IMMUNE_JAVASCRIPT, bool dmsafe=true);
28text_t encodeForHTMLAttr(const text_t& input, const text_t& immuneChars=IMMUNE_HTMLATTR);
29text_t encodeForCSS(const text_t& input, const text_t& immuneChars=IMMUNE_CSS);
30// C++ port of OWASP-ESAPI for MySQL, not sure if this is is the same for SQLite
31text_t encodeForSQL(const text_t& input, const text_t& immuneChars=IMMUNE_SQL, const SQLMode mode=STANDARD);
32
33// Character conversions
34text_t encodeForHTML(const text_t& immuneChars, const unsigned short input);
35text_t encodeForURL(const text_t& immuneChars, const unsigned short input);
36text_t encodeForJavascript(const text_t& immuneChars, const unsigned short input, bool dmsafe);
37text_t encodeForCSS(const text_t& immuneChars, const unsigned short input);
38text_t encodeForSQL(const text_t& immuneChars, const unsigned short input, const SQLMode mode);
39
40
41#endif
Note: See TracBrowser for help on using the repository browser.