- changed usage to InterceptingHTTPServletRequest in rules

arshan.dabirsiaghi@gmail.com · arshan.dabirsiaghi@gmail.com · commit 4ce3e9684e64 · 2009-02-13T20:01:15.000Z
- changed name of outbound content detection and virtual patch classes to be more intuitive
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/AuthenticatedRule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/AuthenticatedRule.java
@@ -4,6 +4,8 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletRequest;
+
 public class AuthenticatedRule extends Rule {
 
 	private String sessionAttribute;
@@ -12,7 +14,7 @@ public AuthenticatedRule(String sessionAttribute) {
 		this.sessionAttribute = sessionAttribute;
 	}
 
-	public boolean check(HttpServletRequest request,
+	public boolean check(InterceptingHTTPServletRequest request,
 			HttpServletResponse response) {
 
 		HttpSession session = request.getSession();
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/DetectOutboundContentRule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/DetectOutboundContentRule.java
@@ -6,13 +6,14 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletRequest;
 import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletResponse;
 
-public class DetectContentRule extends Rule {
+public class DetectOutboundContentRule extends Rule {
 
 	private List<Pattern> patterns;
 
-	public boolean check(HttpServletRequest request,
+	public boolean check(InterceptingHTTPServletRequest request,
 			HttpServletResponse response) {
 
 		byte[] bytes = ((InterceptingHTTPServletResponse)response).getInterceptingServletOutputStream().getResponseBytes();
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/GeneralAttackSignatureRule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/GeneralAttackSignatureRule.java
@@ -6,6 +6,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletRequest;
+
 public class GeneralAttackSignatureRule extends Rule {
 
 	private Pattern signature;
@@ -14,14 +16,14 @@ public GeneralAttackSignatureRule(Pattern signature) {
 		this.signature = signature;
 	}
 
-	public boolean check(HttpServletRequest request,
+	public boolean check(InterceptingHTTPServletRequest request,
 			HttpServletResponse response) {
 
 		Enumeration e = request.getParameterNames();
 
 		while(e.hasMoreElements()) {
 			String param = (String)e.nextElement();
-			if ( signature.matcher(request.getParameter(param)).matches() ) {
+			if ( signature.matcher(request.getDictionaryParameter(param)).matches() ) {
 				return false;
 			}
 		}
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/IPRule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/IPRule.java
@@ -5,6 +5,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletRequest;
+
 public class IPRule extends Rule {
 
 	private Pattern ip;
@@ -15,7 +17,7 @@ public IPRule(Pattern ip, Pattern pathPattern) {
 		this.pathPattern = pathPattern;
 	}
 
-	public boolean check(HttpServletRequest request,
+	public boolean check(InterceptingHTTPServletRequest request,
 			HttpServletResponse response) {
 
 		if ( pathPattern.matcher(request.getPathInfo()).matches() ) {
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/ReplaceContentRule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/ReplaceContentRule.java
@@ -3,10 +3,12 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletRequest;
+
 public class ReplaceContentRule extends Rule {
 
 	@Override
-	public boolean check(HttpServletRequest request,
+	public boolean check(InterceptingHTTPServletRequest request,
 			HttpServletResponse response) {
 		// TODO Auto-generated method stub
 		return false;
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/Rule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/Rule.java
@@ -3,10 +3,12 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletRequest;
+
 public abstract class Rule {
 
 	public abstract boolean check(
-			HttpServletRequest request,
+			InterceptingHTTPServletRequest request,
 			HttpServletResponse response);
 
 	private int guid;
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/SimpleVirtualPatchRule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/SimpleVirtualPatchRule.java
@@ -6,21 +6,23 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-public class VirtualPatchRule extends Rule {
+import org.owasp.esapi.filters.waf.internal.InterceptingHTTPServletRequest;
+
+public class SimpleVirtualPatchRule extends Rule {
 
 	private Pattern path;
 	private Pattern parameters;
 	private Pattern exceptions;
 	private Pattern signature;
 
-	public VirtualPatchRule(Pattern path, Pattern parameters, Pattern exceptions, Pattern signature) {
+	public SimpleVirtualPatchRule(Pattern path, Pattern parameters, Pattern exceptions, Pattern signature) {
 		this.path = path;
 		this.parameters = parameters;
 		this.exceptions = exceptions;
 		this.signature = signature;
 	}
 
-	public boolean check(HttpServletRequest request,
+	public boolean check(InterceptingHTTPServletRequest request,
 			HttpServletResponse response) {
 
 		if ( path.matcher(request.getRequestURI()).matches() ) {
@@ -35,7 +37,7 @@ public boolean check(HttpServletRequest request,
 				String param = (String)e.nextElement();
 				if ( parameters.matcher(param).matches() ) {
 					if ( exceptions == null || ! exceptions.matcher(param).matches() ) {
-						if ( signature.matcher(request.getParameter(param)).matches() ) {
+						if ( signature.matcher(request.getDictionaryParameter(param)).matches() ) {
 							return false;
 						}
 					}
