This project has retired. For details please refer to its
Attic page.
XssFilter xref
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.chukwa.util;
20
21 import java.util.Enumeration;
22 import java.util.regex.Pattern;
23 import java.util.regex.Matcher;
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpSession;
26 import org.apache.commons.logging.Log;
27 import org.apache.commons.logging.LogFactory;
28
29 import com.josephoconnell.html.HTMLInputFilter;
30
31 public class XssFilter {
32 private HttpServletRequest request = null;
33 private static Log log = LogFactory.getLog(XssFilter.class);
34 private HttpSession session = null;
35
36 public XssFilter() {
37 }
38
39 public XssFilter(HttpServletRequest request) {
40 this.request = request;
41 try {
42 this.session = request.getSession();
43 for (Enumeration e = request.getParameterNames() ; e.hasMoreElements() ;) {
44 Pattern p = Pattern.compile("_session\\.(.*)");
45 String name = (String) e.nextElement();
46 Matcher matcher = p.matcher(name);
47 if(matcher.find()) {
48 String realName = matcher.group(1);
49 if(session!=null) {
50 session.setAttribute(realName,filter(request.getParameter(name)));
51 }
52 }
53 }
54 } catch(NullPointerException ex) {
55
56 log.debug(ExceptionUtil.getStackTrace(ex));
57 }
58 }
59
60 public String getParameter(String key) {
61 String value=null;
62 try {
63 value=this.request.getParameter(key);
64 } catch (Exception e) {
65 log.info("XssFilter.getParameter: Cannot get parameter for: "+key);
66 }
67 return filter(value);
68 }
69
70 public String[] getParameterValues(String key) {
71 String[] values=null;
72 try {
73 values = this.request.getParameterValues(key);
74 if(values!=null) {
75 for(int i=0;i<values.length;i++) {
76 values[i] = filter(values[i]);
77 }
78 }
79 } catch (Exception e) {
80 log.info("XssFilter.getParameterValues: cannot get parameter for: "+key);
81 }
82 return values;
83 }
84
85 public static String filter( String input ) {
86 if(input==null) {
87 return null;
88 }
89 String clean = new HTMLInputFilter().filter( input.replaceAll("\"", "%22").replaceAll("\'","%27"));
90 return clean.replaceAll("<", "%3C").replaceAll(">", "%3E");
91 }
92 }