source: main/trunk/greenstone2/runtime-src/src/recpt/securitytools.h@ 28899

Last change on this file since 28899 was 28899, checked in by ak19, 10 years ago

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.
File size: 1.8 KB
Line 
1#ifndef SECURITYTOOLS_H
2#define SECURITYTOOLS_H
3
4#include "text_t.h"
5
6// enums start numbering at 0 unless otherwise specified
7enum SQLMode { STANDARD, ANSI }; // public static enum Mode { ANSI(1),STANDARD(0); ...}
8
9
10// two bytes
11static const text_t REPLACEMENT_HEX = "fffd";
12//static const unsigned short REPLACEMENT_CHAR = '\ufffd';
13static const text_t IMMUNE_CSS = "";
14static const text_t IMMUNE_HTML = ",.-_ ";
15static const text_t IMMUNE_HTMLATTR = ",.-_";
16static const text_t IMMUNE_JAVASCRIPT = ",._";
17static const text_t IMMUNE_URL = "*.-_"; // See http://docs.oracle.com/javase/6/docs/api/java/net/URLEncoder.html
18static const text_t IMMUNE_SQL = " ";
19
20
21// a very simple version of esapi's Validator.isValidInput()
22bool isValidURLProtocol(const text_t& url);
23
24// String conversion
25text_t encodeForHTML(const text_t& input, const text_t& immuneChars=IMMUNE_HTML);
26text_t encodeForURL(const text_t& input, const text_t& immuneChars=IMMUNE_URL);
27text_t encodeForJavascript(const text_t& input, const text_t& immuneChars=IMMUNE_JAVASCRIPT, bool dmsafe=true);
28text_t encodeForHTMLAttr(const text_t& input, const text_t& immuneChars=IMMUNE_HTMLATTR);
29text_t encodeForCSS(const text_t& input, const text_t& immuneChars=IMMUNE_CSS);
30// C++ port of OWASP-ESAPI for MySQL, not sure if this is is the same for SQLite
31text_t encodeForSQL(const text_t& input, const text_t& immuneChars=IMMUNE_SQL, const SQLMode mode=STANDARD);
32
33// Character conversions
34text_t encodeForHTML(const text_t& immuneChars, const unsigned short input);
35text_t encodeForURL(const text_t& immuneChars, const unsigned short input);
36text_t encodeForJavascript(const text_t& immuneChars, const unsigned short input, bool dmsafe);
37text_t encodeForCSS(const text_t& immuneChars, const unsigned short input);
38text_t encodeForSQL(const text_t& immuneChars, const unsigned short input, const SQLMode mode);
39
40
41#endif
Note: See TracBrowser for help on using the repository browser.