Package org.owasp.esapi.codecs
Interface Codec<T>
-
- All Known Implementing Classes:
AbstractCharacterCodec
,AbstractCodec
,AbstractIntegerCodec
,CSSCodec
,DB2Codec
,HTMLEntityCodec
,JavaScriptCodec
,LegacyHTMLEntityCodec
,MySQLCodec
,OracleCodec
,PercentCodec
,UnixCodec
,VBScriptCodec
,WindowsCodec
,XMLEntityCodec
public interface Codec<T>
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding and canonicalization. The design of these codecs allows for character-by-character decoding, which is necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques used by attackers to bypass validation and bury encoded attacks in data.- Since:
- June 1, 2007, June 1, 2017
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security, Matt Seil (mseil .at. owasp.org)
- See Also:
Encoder
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
containsCharacter(char c, char[] array)
Utility to search a char[] for a specific char.java.lang.String
decode(java.lang.String input)
Decode a String that was encoded using the encode method in this ClassT
decodeCharacter(PushbackSequence<T> input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.java.lang.String
encode(char[] immune, java.lang.String input)
Encode a String so that it can be safely used in a specific context.java.lang.String
encodeCharacter(char[] immune, int codePoint)
Default codepoint implementation that should be overridden in specific codecs.java.lang.String
encodeCharacter(char[] immune, java.lang.Character c)
Default implementation that should be overridden in specific codecs.java.lang.String
getHexForNonAlphanumeric(char c)
Lookup the hex value of any character that is not alphanumeric.java.lang.String
getHexForNonAlphanumeric(int c)
Lookup the hex value of any character that is not alphanumeric.java.lang.String
toHex(char c)
java.lang.String
toHex(int c)
java.lang.String
toOctal(char c)
-
-
-
Method Detail
-
encode
java.lang.String encode(char[] immune, java.lang.String input)
Encode a String so that it can be safely used in a specific context.- Parameters:
immune
-input
- the String to encode- Returns:
- the encoded String
-
encodeCharacter
java.lang.String encodeCharacter(char[] immune, java.lang.Character c)
Default implementation that should be overridden in specific codecs.- Parameters:
immune
- array of chars to NOT encode. Use with caution.c
- the Character to encode- Returns:
- the encoded Character
-
encodeCharacter
java.lang.String encodeCharacter(char[] immune, int codePoint)
Default codepoint implementation that should be overridden in specific codecs.- Parameters:
immune
-codePoint
- the integer to encode- Returns:
- the encoded Character
-
decode
java.lang.String decode(java.lang.String input)
Decode a String that was encoded using the encode method in this Class- Parameters:
input
- the String to decode- Returns:
- the decoded String
-
decodeCharacter
T decodeCharacter(PushbackSequence<T> input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString.- Parameters:
input
- the Character to decode- Returns:
- the decoded Character
-
getHexForNonAlphanumeric
java.lang.String getHexForNonAlphanumeric(char c)
Lookup the hex value of any character that is not alphanumeric.- Parameters:
c
- The character to lookup.- Returns:
- return null if alphanumeric or the character code in hex.
-
getHexForNonAlphanumeric
java.lang.String getHexForNonAlphanumeric(int c)
Lookup the hex value of any character that is not alphanumeric.- Parameters:
c
- The character to lookup.- Returns:
- return null if alphanumeric or the character code in hex.
-
toOctal
java.lang.String toOctal(char c)
-
toHex
java.lang.String toHex(char c)
-
toHex
java.lang.String toHex(int c)
-
containsCharacter
boolean containsCharacter(char c, char[] array)
Utility to search a char[] for a specific char.- Parameters:
c
-array
-- Returns:
- True if the supplied array contains the specified character. False otherwise.
-
-