public final class SecurityUtil extends Object
Modifier and Type | Field and Description |
---|---|
static String |
PROPERTY_REDIRECT_URL_SAFE_PATTERNS |
Modifier and Type | Method and Description |
---|---|
static boolean |
containsCleanParameters(javax.servlet.http.HttpServletRequest request)
Scan request parameters to see if there no malicious code.
|
static boolean |
containsCleanParameters(javax.servlet.http.HttpServletRequest request,
String strXssCharacters)
Scan request parameters to see if there no malicious code.
|
static boolean |
containsPathManipulationChars(javax.servlet.http.HttpServletRequest request,
String strValue)
Check if the value contains characters used for Path Manipulation
|
static boolean |
containsXmlExternalEntityInjectionTerms(String strValue)
Check if the value contains terms used for XML External Entity Injection
|
static boolean |
containsXssCharacters(javax.servlet.http.HttpServletRequest request,
String strString)
Checks if a String contains characters that could be used for a cross-site scripting attack.
|
static boolean |
containsXssCharacters(javax.servlet.http.HttpServletRequest request,
String strValue,
String strXssCharacters)
Checks if a String contains characters that could be used for a cross-site scripting attack.
|
static String |
dumpRequest(javax.servlet.http.HttpServletRequest request)
Dump all request info
|
static String |
getRealIp(javax.servlet.http.HttpServletRequest request)
Get the IP of the user from a request.
|
static boolean |
isInternalRedirectUrlSafe(String strUrl,
javax.servlet.http.HttpServletRequest request)
Validate a forward URL to avoid open redirect with url safe patterns found in properties
|
static boolean |
isInternalRedirectUrlSafe(String strUrl,
javax.servlet.http.HttpServletRequest request,
String strAntPathMatcherPatterns)
Validate an internal redirect URL to avoid internal open redirect.
|
static String |
logForgingProtect(String strUserInputData)
Identify user data saved in log files to prevent Log Forging attacks
|
public static final String PROPERTY_REDIRECT_URL_SAFE_PATTERNS
public static boolean containsCleanParameters(javax.servlet.http.HttpServletRequest request)
request
- The HTTP requestpublic static boolean containsCleanParameters(javax.servlet.http.HttpServletRequest request, String strXssCharacters)
request
- The HTTP requeststrXssCharacters
- a String wich contain a list of Xss characters to check in strValuepublic static boolean containsXssCharacters(javax.servlet.http.HttpServletRequest request, String strString)
request
- The HTTP requeststrString
- a character Stringpublic static boolean containsXssCharacters(javax.servlet.http.HttpServletRequest request, String strValue, String strXssCharacters)
request
- The HTTP requeststrValue
- a character StringstrXssCharacters
- a String wich contain a list of Xss characters to check in strValuepublic static boolean containsXmlExternalEntityInjectionTerms(String strValue)
strValue
- The valuepublic static boolean containsPathManipulationChars(javax.servlet.http.HttpServletRequest request, String strValue)
request
- The Http requeststrValue
- The valuepublic static String dumpRequest(javax.servlet.http.HttpServletRequest request)
request
- The HTTP requestpublic static String getRealIp(javax.servlet.http.HttpServletRequest request)
request
- The requestpublic static boolean isInternalRedirectUrlSafe(String strUrl, javax.servlet.http.HttpServletRequest request)
strUrl
- request
- isInternalRedirectUrlSafe(java.lang.String, javax.servlet.http.HttpServletRequest, java.lang.String)
public static boolean isInternalRedirectUrlSafe(String strUrl, javax.servlet.http.HttpServletRequest request, String strAntPathMatcherPatterns)
strUrl
- the Url to validaterequest
- the current request (containing the baseUrl)strAntPathMatcherPatterns
- a comma separated list of AntPathMatcher patterns, as "http://**.lutece.com,https://**.lutece.com"Copyright © 2020 City of Paris. All rights reserved.