ISE-ComProg-After-Midterm/screwdriver-3.5.6/box/snippets/java/HttpRequestWrapper.java

package +zoccolo+.web.servlet;

import +zoccolo+.web.listener.AntiSamyListener;

import +zoccolo+.web.sanitizer.XssSanitizer;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;

public class HttpRequestWrapper extends HttpServletRequestWrapper {	
	
	private XssSanitizer sanitizer;
	
	public HttpRequestWrapper(HttpServletRequest servletRequest) {
		super(servletRequest);
		this.sanitizer = (XssSanitizer)
			this.getSession().getServletContext().
				getAttribute(AntiSamyListener.ANTISAMY_SANITIZER);
		if(this.sanitizer == null)
			throw new RuntimeException("Antisamy is not bound in ServletContext");
	}
	
	@Override
	public String[] getParameterValues(String parameter) {
		String[] retVal = null;
		String[] values = super.getParameterValues(parameter);
		if(values != null)
		{		
			retVal = new String[values.length];
			for(int i = 0; i < values.length; i++)
			{
				if(values[i] != null)					
					retVal[i] = this.cleanXss(values[i]);					
				else
					retVal[i] = values[i];
			}			
		}		
		return retVal;
	}
	
	@Override
	public String getParameter(String parameter) {	
		String paramValue = super.getParameter(parameter);
		if(paramValue != null)
			return this.cleanXss(paramValue);
		else
			return null;
	}
	
	@Override
	public String getHeader(String name) {		
		String value = super.getHeader(name);
		if(value != null)
			return this.cleanXss(value);
		else		
			return null;
	}
	
	private String cleanXss(String parameterValue){
		String retVal = null;		
		if(parameterValue != null) {
			try 
			{
				CleanResults cr = this.sanitizer.scan(parameterValue);
				retVal = cr.getCleanHTML();
			} 
			catch (ScanException e) 
			{			
				throw new RuntimeException("ScanException: "+e.getMessage());
			} 
			catch (PolicyException e) 
			{			
				throw new RuntimeException("ScanException: "+e.getMessage());
			}		
		}		
		return retVal;
	}
	/* screwdriver_knife */
}
Add Source Code Linter Pipeline 2020-10-29 09:38:56 +00:00			`package +zoccolo+.web.servlet;`

			`import +zoccolo+.web.listener.AntiSamyListener;`

			`import +zoccolo+.web.sanitizer.XssSanitizer;`

			`import javax.servlet.http.HttpServletRequest;`
			`import javax.servlet.http.HttpServletRequestWrapper;`

			`import org.owasp.validator.html.CleanResults;`
			`import org.owasp.validator.html.PolicyException;`
			`import org.owasp.validator.html.ScanException;`

			`public class HttpRequestWrapper extends HttpServletRequestWrapper {`

			`private XssSanitizer sanitizer;`

			`public HttpRequestWrapper(HttpServletRequest servletRequest) {`
			`super(servletRequest);`
			`this.sanitizer = (XssSanitizer)`
			`this.getSession().getServletContext().`
			`getAttribute(AntiSamyListener.ANTISAMY_SANITIZER);`
			`if(this.sanitizer == null)`
			`throw new RuntimeException("Antisamy is not bound in ServletContext");`
			`}`

			`@Override`
			`public String[] getParameterValues(String parameter) {`
			`String[] retVal = null;`
			`String[] values = super.getParameterValues(parameter);`
			`if(values != null)`
			`{`
			`retVal = new String[values.length];`
			`for(int i = 0; i < values.length; i++)`
			`{`
			`if(values[i] != null)`
			`retVal[i] = this.cleanXss(values[i]);`
			`else`
			`retVal[i] = values[i];`
			`}`
			`}`
			`return retVal;`
			`}`

			`@Override`
			`public String getParameter(String parameter) {`
			`String paramValue = super.getParameter(parameter);`
			`if(paramValue != null)`
			`return this.cleanXss(paramValue);`
			`else`
			`return null;`
			`}`

			`@Override`
			`public String getHeader(String name) {`
			`String value = super.getHeader(name);`
			`if(value != null)`
			`return this.cleanXss(value);`
			`else`
			`return null;`
			`}`

			`private String cleanXss(String parameterValue){`
			`String retVal = null;`
			`if(parameterValue != null) {`
			`try`
			`{`
			`CleanResults cr = this.sanitizer.scan(parameterValue);`
			`retVal = cr.getCleanHTML();`
			`}`
			`catch (ScanException e)`
			`{`
			`throw new RuntimeException("ScanException: "+e.getMessage());`
			`}`
			`catch (PolicyException e)`
			`{`
			`throw new RuntimeException("ScanException: "+e.getMessage());`
			`}`
			`}`
			`return retVal;`
			`}`
			`/* screwdriver_knife */`
			`}`