1- /**
2- * OWASP Enterprise Security API (ESAPI)
3- *
4- * This file is part of the Open Web Application Security Project (OWASP)
5- * Enterprise Security API (ESAPI) project. For details, please see
6- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
7- *
8- * Copyright (c) 2007 - The OWASP Foundation
9- *
10- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
11- * LICENSE before you use, modify, and/or redistribute this software.
12- *
13- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
14- * @created 2007
15- */
16- package org .owasp .esapi .codecs ;
17-
18-
19- /**
20- * Implementation of the Codec interface for '^' encoding from Windows command shell.
21- *
22- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
23- * href="http://www.aspectsecurity.com">Aspect Security</a>
24- * @since June 1, 2007
25- * @see org.owasp.esapi.Encoder
26- */
27- public class WindowsCodec extends Codec {
28-
29-
30- /**
31- * {@inheritDoc}
32- *
33- * Returns Windows shell encoded character (which is ^)
34- *
35- * @param immune
36- */
37- public String encodeCharacter ( char [] immune , Character c ) {
38- char ch = c .charValue ();
39-
40- // check for immune characters
41- if ( containsCharacter ( ch , immune ) ) {
42- return "" +ch ;
43- }
44-
45- // check for alphanumeric characters
46- String hex = Codec .getHexForNonAlphanumeric ( ch );
47- if ( hex == null ) {
48- return "" +ch ;
49- }
50-
51- return "^" + c ;
52- }
53-
54-
55- /**
56- * {@inheritDoc}
57- *
58- * Returns the decoded version of the character starting at index, or
59- * null if no decoding is possible.
60- * <p>
61- * Formats all are legal both upper/lower case:
62- * ^x - all special characters
63- */
64- public Character decodeCharacter ( PushbackString input ) {
65- input .mark ();
66- Character first = input .next ();
67- if ( first == null ) {
68- input .reset ();
69- return null ;
70- }
71-
72- // if this is not an encoded character, return null
73- if ( first .charValue () != '^' ) {
74- input .reset ();
75- return null ;
76- }
77-
78- Character second = input .next ();
79- return second ;
80- }
81-
1+ /**
2+ * OWASP Enterprise Security API (ESAPI)
3+ *
4+ * This file is part of the Open Web Application Security Project (OWASP)
5+ * Enterprise Security API (ESAPI) project. For details, please see
6+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
7+ *
8+ * Copyright (c) 2007 - The OWASP Foundation
9+ *
10+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
11+ * LICENSE before you use, modify, and/or redistribute this software.
12+ *
13+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
14+ * @created 2007
15+ */
16+ package org .owasp .esapi .codecs ;
17+
18+
19+ /**
20+ * Implementation of the Codec interface for '^' encoding from Windows command shell.
21+ *
22+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
23+ * href="http://www.aspectsecurity.com">Aspect Security</a>
24+ * @since June 1, 2007
25+ * @see org.owasp.esapi.Encoder
26+ */
27+ public class WindowsCodec extends Codec {
28+
29+
30+ /**
31+ * {@inheritDoc}
32+ *
33+ * Returns Windows shell encoded character (which is ^)
34+ *
35+ * @param immune
36+ */
37+ public String encodeCharacter ( char [] immune , Character c ) {
38+ char ch = c .charValue ();
39+
40+ // check for immune characters
41+ if ( containsCharacter ( ch , immune ) ) {
42+ return "" +ch ;
43+ }
44+
45+ // check for alphanumeric characters
46+ String hex = Codec .getHexForNonAlphanumeric ( ch );
47+ if ( hex == null ) {
48+ return "" +ch ;
49+ }
50+
51+ return "^" + c ;
52+ }
53+
54+
55+ /**
56+ * {@inheritDoc}
57+ *
58+ * Returns the decoded version of the character starting at index, or
59+ * null if no decoding is possible.
60+ * <p>
61+ * Formats all are legal both upper/lower case:
62+ * ^x - all special characters
63+ */
64+ public Character decodeCharacter ( PushbackString input ) {
65+ input .mark ();
66+ Character first = input .next ();
67+ if ( first == null ) {
68+ input .reset ();
69+ return null ;
70+ }
71+
72+ // if this is not an encoded character, return null
73+ if ( first .charValue () != '^' ) {
74+ input .reset ();
75+ return null ;
76+ }
77+
78+ Character second = input .next ();
79+ return second ;
80+ }
81+
8282}
0 commit comments