Switch from StringBuffer to StringBuilder for performance in threadsafe locations

planetlevel · planetlevel · commit aff0095e8dcd · 2009-07-06T03:21:40.000Z
Commit change from old GUID generation algorithm to Java 5 UUID
diff --git a/src/main/java/org/owasp/esapi/StringUtilities.java b/src/main/java/org/owasp/esapi/StringUtilities.java
@@ -39,7 +39,7 @@ public static String replaceLinearWhiteSpace( String input ) {
 	 * @return the stripped value
 	 */
 	public static String stripControls( String input ) {
-		StringBuffer sb = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		for ( int i=0; i<input.length(); i++ ) {
 			char c = input.charAt( i );
 			if ( c > 0x20 && c < 0x7f ) {
@@ -60,7 +60,7 @@ public static String stripControls( String input ) {
      * @return the char[]
      */
     public static char[] union(char[] c1, char[] c2) {
-        StringBuffer sb = new StringBuffer();
+    	StringBuilder sb = new StringBuilder();
         for (int i = 0; i < c1.length; i++) {
             if (!contains(sb, c1[i]))
                 sb.append(c1[i]);
@@ -77,12 +77,12 @@ public static char[] union(char[] c1, char[] c2) {
 
 
 	/**
-     * Returns true if the character is contained in the provided StringBuffer.
+     * Returns true if the character is contained in the provided StringBuilder.
      * @param input 
      * @param c 
      * @return
      */
-    public static boolean contains(StringBuffer input, char c) {
+    public static boolean contains(StringBuilder input, char c) {
         for (int i = 0; i < input.length(); i++) {
             if (input.charAt(i) == c)
                 return true;
diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -83,7 +83,7 @@ public Character decodeCharacter(PushbackString input) {
         // look for \HHH format
         if (input.isHexDigit(second)) {
             // Search for up to 6 hex digits following until a space
-            StringBuffer sb = new StringBuffer();
+        	StringBuilder sb = new StringBuilder();
             sb.append(second);
             for (int i = 0; i < 5; i++) {
                 Character c = input.next();
diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -63,7 +63,7 @@ public Codec() {
 	 * @return the encoded String
 	 */
     public String encode(char[] immune, String input) {
-        StringBuffer sb = new StringBuffer();
+        StringBuilder sb = new StringBuilder();
         for (int i = 0; i < input.length(); i++) {
             char c = input.charAt(i);
             sb.append(encodeCharacter(immune, new Character(c)));
@@ -99,7 +99,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 *		the decoded String
 	 */
     public String decode(String input) {
-        StringBuffer sb = new StringBuffer();
+        StringBuilder sb = new StringBuilder();
         PushbackString pbs = new PushbackString(input);
         while (pbs.hasNext()) {
             Character c = decodeCharacter(pbs);
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -152,7 +152,7 @@ private Character getNumericEntity( PushbackString input ) {
 	 * @throws NumberFormatException
 	 */
 	private Character parseNumber( PushbackString input ) {
-		StringBuffer sb = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		while( input.hasNext() ) {
 			Character c = input.peek();
 			
@@ -192,7 +192,7 @@ private Character parseNumber( PushbackString input ) {
 	 * @throws NumberFormatException
 	 */
 	private Character parseHex( PushbackString input ) {
-		StringBuffer sb = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		while( input.hasNext() ) {
 			Character c = input.peek();
 			
@@ -242,7 +242,7 @@ private Character parseHex( PushbackString input ) {
 	 */
 	private Character getNamedEntity( PushbackString input ) {
 		// search through the rest of the string up to 6 characters
-		StringBuffer possible = new StringBuffer();
+		StringBuilder possible = new StringBuilder();
 		int len = Math.min( input.remainder().length(), 7 );
 		for ( int i=0; i<len; i++ ) {
 			possible.append( Character.toLowerCase(input.next().charValue()) );
diff --git a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
@@ -133,7 +133,7 @@ public Character decodeCharacter( PushbackString input ) {
 		// look for \\xXX format
 		} else if ( Character.toLowerCase( second.charValue() ) == 'x' ) {
 			// Search for exactly 2 hex digits following
-			StringBuffer sb = new StringBuffer();
+			StringBuilder sb = new StringBuilder();
 			for ( int i=0; i<2; i++ ) {
 				Character c = input.nextHex();
 				if ( c != null ) sb.append( c );
@@ -157,7 +157,7 @@ public Character decodeCharacter( PushbackString input ) {
 		// look for \\uXXXX format
 		} else if ( Character.toLowerCase( second.charValue() ) == 'u') {
 			// Search for exactly 4 hex digits following
-			StringBuffer sb = new StringBuffer();
+			StringBuilder sb = new StringBuilder();
 			for ( int i=0; i<4; i++ ) {
 				Character c = input.nextHex();
 				if ( c != null ) sb.append( c );
@@ -180,7 +180,7 @@ public Character decodeCharacter( PushbackString input ) {
 			
 		// look for one, two, or three octal digits
 		} else if ( input.isOctalDigit( second.charValue() ) ) {
-            StringBuffer sb = new StringBuffer();
+			StringBuilder sb = new StringBuilder();
             // get digit 1
             sb.append(second);
             
diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -78,7 +78,7 @@ public Character decodeCharacter( PushbackString input ) {
 		}
 				
 		// Search for exactly 2 hex digits following
-		StringBuffer sb = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		for ( int i=0; i<2; i++ ) {
 			Character c = input.nextHex();
 			if ( c != null ) sb.append( c );
diff --git a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
@@ -37,7 +37,7 @@ public class VBScriptCodec extends Codec {
 	 * @return the encoded String
 	 */
     public String encode(char[] immune, String input) {
-		StringBuffer sb = new StringBuffer();
+    	StringBuilder sb = new StringBuilder();
 		boolean encoding = false;
 		boolean inquotes = false;
 		for ( int i=0; i<input.length(); i++ ) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -265,7 +265,7 @@ public String encodeForLDAP(String input) {
 	    	return null;	
 	    }
 		// TODO: replace with LDAP codec
-		StringBuffer sb = new StringBuffer();
+	    StringBuilder sb = new StringBuilder();
 		for (int i = 0; i < input.length(); i++) {
 			char c = input.charAt(i);
 			switch (c) {
@@ -299,7 +299,7 @@ public String encodeForDN(String input) {
 	    	return null;	
 	    }
 		// TODO: replace with DN codec
-		StringBuffer sb = new StringBuffer();
+	    StringBuilder sb = new StringBuilder();
 		if ((input.length() > 0) && ((input.charAt(0) == ' ') || (input.charAt(0) == '#'))) {
 			sb.append('\\'); // add the leading backslash if needed
 		}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
@@ -157,7 +157,7 @@ public String executeSystemCommand(File executable, List params, File workdir, C
     private String readStream( InputStream is ) throws IOException {
 	    InputStreamReader isr = new InputStreamReader(is);
 	    BufferedReader br = new BufferedReader(isr);
-	    StringBuffer sb = new StringBuffer();
+	    StringBuilder sb = new StringBuilder();
 	    String line;
 	    while ((line = br.readLine()) != null) {
 	        sb.append(line + "\n");
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -425,7 +425,7 @@ public String encryptQueryString(String query) throws EncryptionException {
      * @throws EncryptionException
      */
     public void encryptStateInCookie(HttpServletResponse response, Map cleartext) throws EncryptionException {
-    	StringBuffer sb = new StringBuffer();    	
+    	StringBuilder sb = new StringBuilder();    	
     	Iterator i = cleartext.entrySet().iterator();
     	while ( i.hasNext() ) {
     		try {
@@ -752,7 +752,7 @@ public void logHTTPRequest(HttpServletRequest request, Logger logger) {
      * @param request
      */
     public void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate) {
-        StringBuffer params = new StringBuffer();
+    	StringBuilder params = new StringBuilder();
         Iterator i = request.getParameterMap().keySet().iterator();
         while (i.hasNext()) {
             String key = (String) i.next();
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
@@ -60,7 +60,7 @@ public DefaultRandomizer() {
 	 * {@inheritDoc}
 	 */
     public String getRandomString(int length, char[] characterSet) {
-        StringBuffer sb = new StringBuffer();
+    	StringBuilder sb = new StringBuilder();
         for (int loop = 0; loop < length; loop++) {
             int index = secureRandom.nextInt(characterSet.length);
             sb.append(characterSet[index]);
@@ -109,57 +109,9 @@ public String getRandomFilename(String extension) {
     
     /**
 	 * {@inheritDoc}
-	 * 
-	 * This implementation is for Java 1.4, possibly replaced
-	 * by the java.util.UUID class in Java 1.5+
 	 */
-    public String getRandomGUID() throws EncryptionException {    	
-        // create random string to seed the GUID
-        StringBuffer sb = new StringBuffer();
-        try {
-            sb.append(InetAddress.getLocalHost().toString());
-        } catch (UnknownHostException e) {
-            sb.append("0.0.0.0");
-        }
-        sb.append(":");
-        sb.append(Long.toString(System.currentTimeMillis()));
-        sb.append(":");
-        sb.append(this.getRandomString(20, DefaultEncoder.CHAR_ALPHANUMERICS));
-
-        // hash the random string to get some random bytes
-        String hash = ESAPI.encryptor().hash(sb.toString(), "salt");
-        byte[] array = null;
-        try {
-            array = ESAPI.encoder().decodeFromBase64(hash);
-        } catch (IOException e) {
-            throw new EncryptionException("GUID creation error", "Problem decoding hash while creating GUID: " + hash);
-        }
-        if ( array == null || array.length == 0) throw new EncryptionException( "GUID creation error", "Entropy array was null or zero length" );
-        
-        // convert to printable hexadecimal characters 
-        StringBuffer hex = new StringBuffer();
-        for (int j = 0; j < array.length; ++j) {
-            int b = array[j] & 0xFF;
-            if (b < 0x10) {
-                hex.append('0');
-            }
-            hex.append(Integer.toHexString(b));
-        }
-        String raw = hex.toString().toUpperCase();
-        if ( raw.length() < 20) throw new EncryptionException( "GUID creation error", "Entropy string too short" );
-
-        // convert to standard GUID format
-        StringBuffer result = new StringBuffer();
-        result.append(raw.substring(0, 8));
-        result.append("-");
-        result.append(raw.substring(8, 12));
-        result.append("-");
-        result.append(raw.substring(12, 16));
-        result.append("-");
-        result.append(raw.substring(16, 20));
-        result.append("-");
-        result.append(raw.substring(20));
-        return result.toString();
+    public String getRandomGUID() throws EncryptionException {
+    	return UUID.randomUUID().toString();
     }
-
+    	
 }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -961,7 +961,7 @@ public String safeReadLine(InputStream in, int max) throws ValidationException {
 			throw new ValidationAvailabilityException( "Invalid input", "Invalid readline. Must read a positive number of bytes from the stream");
 		}
 
-		StringBuffer sb = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		int count = 0;
 		int c;
 
diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -756,7 +756,7 @@ protected synchronized void saveUsers(PrintWriter writer) {
 	 * 		a line containing properly formatted information to save regarding the user
 	 */
 	private String save(DefaultUser user) {
-		StringBuffer sb = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		sb.append( user.getAccountId() );
 		sb.append( " | " );
 		sb.append( user.getAccountName() );
@@ -795,7 +795,7 @@ private String save(DefaultUser user) {
 	 * 		a comma separated list containing the values in c
 	 */
 	private String dump( Collection c ) {
-		StringBuffer sb = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		Iterator i = c.iterator();
 		while ( i.hasNext() ) {
 			String s = (String)i.next();
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
@@ -169,18 +169,18 @@ public void lock() {
 	}
 	
 	public String toString() {
-		StringBuffer stringBuffer = new StringBuffer();
+		StringBuilder sb = new StringBuilder();
 		Iterator keys = policyProperties.getMap().keySet().iterator();
 		String currentKey;
 		while(keys.hasNext()) {
 			currentKey = (String)keys.next();
-			stringBuffer.append(currentKey);
-			stringBuffer.append("=");
-			stringBuffer.append(policyProperties.get(currentKey));
+			sb.append(currentKey);
+			sb.append("=");
+			sb.append(policyProperties.get(currentKey));
 			if(keys.hasNext()) {
-				stringBuffer.append(",");
+				sb.append(",");
 			}
 		}
-		return stringBuffer.toString();
+		return sb.toString();
 	}
 }
diff --git a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
@@ -136,7 +136,7 @@ public boolean isValid( String context, String input ) {
 	 * @see org.owasp.esapi.reference.validation.IValidationRule#whitelist(java.lang.String, char[])
 	 */
 	public String whitelist( String input, char[] list ) {
-		StringBuffer stripped = new StringBuffer();
+		StringBuilder stripped = new StringBuilder();
 		char c;
 		for (int i = 0; i < input.length(); i++) {
 			c = input.charAt(i);
diff --git a/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java
@@ -68,7 +68,7 @@ public Object getValid( String context, String input ) throws ValidationExceptio
 	    String canonical = (String)ccrule.getValid( context, input );
 
 		// perform Luhn algorithm checking
-		StringBuffer digitsOnly = new StringBuffer();
+	    StringBuilder digitsOnly = new StringBuilder();
 		char c;
 		for (int i = 0; i < canonical.length(); i++) {
 			c = canonical.charAt(i);
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
@@ -142,7 +142,7 @@ public void applySecureFlagToSessionCookie() {
 	}
 
 	public String toString() {
-		StringBuffer sb = new StringBuffer( "WAF Configuration\n" );
+		StringBuilder sb = new StringBuilder( "WAF Configuration\n" );
 		sb.append( "Before body rules:\n" );
 		for ( Rule rule : beforeBodyRules ) sb.append( "  " + rule.toString() + "\n" );
 		sb.append( "After body rules:\n" );

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ public Character decodeCharacter( PushbackString input ) {`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`// Search for exactly 2 hex digits following`
`81`		`- StringBuffer sb = new StringBuffer();`
	`81`	`+ StringBuilder sb = new StringBuilder();`
`82`	`82`	`for ( int i=0; i<2; i++ ) {`
`83`	`83`	`Character c = input.nextHex();`
`84`	`84`	`if ( c != null ) sb.append( c );`
Original file line number	Diff line number	Diff line change
`@@ -265,7 +265,7 @@ public String encodeForLDAP(String input) {`
`265`	`265`	`return null;`
`266`	`266`	`}`
`267`	`267`	`// TODO: replace with LDAP codec`
`268`		`- StringBuffer sb = new StringBuffer();`
	`268`	`+ StringBuilder sb = new StringBuilder();`
`269`	`269`	`for (int i = 0; i < input.length(); i++) {`
`270`	`270`	`char c = input.charAt(i);`
`271`	`271`	`switch (c) {`
`@@ -299,7 +299,7 @@ public String encodeForDN(String input) {`
`299`	`299`	`return null;`
`300`	`300`	`}`
`301`	`301`	`// TODO: replace with DN codec`
`302`		`- StringBuffer sb = new StringBuffer();`
	`302`	`+ StringBuilder sb = new StringBuilder();`
`303`	`303`	`if ((input.length() > 0) && ((input.charAt(0) == ' ') \|\| (input.charAt(0) == '#'))) {`
`304`	`304`	`sb.append('\\'); // add the leading backslash if needed`
`305`	`305`	`}`