Package org.owasp.esapi

Examples of org.owasp.esapi.Encoder

123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
    protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
        log.debug("Invoking velocity template to create POST body");

        try {
            VelocityContext context = new VelocityContext();
            Encoder esapiEncoder = ESAPI.encoder();

            String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
            log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
            context.put("action", encodedEndpointURL);
            context.put("binding", getBindingURI());

            log.debug("Marshalling and Base64 encoding SAML message");
            String messageXML = XMLHelper.nodeToString(marshallMessage(messageContext.getOutboundSAMLMessage()));
            String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
            context.put("SAMLResponse", encodedMessage);

            if (messageContext.getRelayState() != null) {
                String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(messageContext.getRelayState());
                log.debug("Setting TARGET parameter to: '{}', encoded as '{}'", messageContext.getRelayState(), encodedRelayState);
                context.put("TARGET", encodedRelayState);
            }

            HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
            throws MessageEncodingException {
        log.debug("Performing HTTP POST SAML 2 artifact encoding");

        log.debug("Creating velocity context");
        VelocityContext context = new VelocityContext();
        Encoder esapiEncoder = ESAPI.encoder();
        String endpointURL = getEndpointURL(artifactContext).toString();
        String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
        log.debug("Setting action parameter to: '{}', encoded as '{}'", endpointURL, encodedEndpointURL);
        context.put("action", encodedEndpointURL);
        context.put("SAMLArt", buildArtifact(artifactContext).base64Encode());
        context.put("binding", getBindingURI());

        if (checkRelayState(artifactContext.getRelayState())) {
            String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(artifactContext.getRelayState());
            log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", artifactContext.getRelayState(), encodedRelayState);
            context.put("RelayState", encodedRelayState);
        }

        try {
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
     * @throws MessageEncodingException thrown if there is a problem encoding the message
     */
    protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext,
            String endpointURL) throws MessageEncodingException {
       
        Encoder esapiEncoder = ESAPI.encoder();

        String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
        log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
        velocityContext.put("action", encodedEndpointURL);
        velocityContext.put("binding", getBindingURI());

        log.debug("Marshalling and Base64 encoding SAML message");
        if (messageContext.getOutboundSAMLMessage().getDOM() == null) {
            marshallMessage(messageContext.getOutboundSAMLMessage());
        }
        try {
            String messageXML = XMLHelper.nodeToString(messageContext.getOutboundSAMLMessage().getDOM());
            String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
            if (messageContext.getOutboundSAMLMessage() instanceof RequestAbstractType) {
                velocityContext.put("SAMLRequest", encodedMessage);
            } else if (messageContext.getOutboundSAMLMessage() instanceof StatusResponseType) {
                velocityContext.put("SAMLResponse", encodedMessage);
            } else {
                throw new MessageEncodingException(
                        "SAML message is neither a SAML RequestAbstractType or StatusResponseType");
            }
        } catch (UnsupportedEncodingException e) {
            log.error("UTF-8 encoding is not supported, this VM is not Java compliant.");
            throw new MessageEncodingException("Unable to encode message, UTF-8 encoding is not supported");
        }

        String relayState = messageContext.getRelayState();
        if (checkRelayState(relayState)) {
            String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(relayState);
            log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", relayState, encodedRelayState);
            velocityContext.put("RelayState", encodedRelayState);
        }
    }
View Full Code Here
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
    protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
        log.debug("Invoking velocity template to create POST body");

        try {
            VelocityContext context = new VelocityContext();
            Encoder esapiEncoder = ESAPI.encoder();

            String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
            log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
            context.put("action", encodedEndpointURL);

            log.debug("Marshalling and Base64 encoding SAML message");
            String messageXML = XMLHelper.nodeToString(marshallMessage(messageContext.getOutboundSAMLMessage()));
            String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
            context.put("SAMLResponse", encodedMessage);

            if (messageContext.getRelayState() != null) {
                String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(messageContext.getRelayState());
                log.debug("Setting TARGET parameter to: '{}', encoded as '{}'", messageContext.getRelayState(), encodedRelayState);
                context.put("TARGET", encodedRelayState);
            }

            HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
            throws MessageEncodingException {
        log.debug("Performing HTTP POST SAML 2 artifact encoding");

        log.debug("Creating velocity context");
        VelocityContext context = new VelocityContext();
        Encoder esapiEncoder = ESAPI.encoder();
        String endpointURL = getEndpointURL(artifactContext).toString();
        String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
        log.debug("Setting action parameter to: '{}', encoded as '{}'", endpointURL, encodedEndpointURL);
        context.put("action", encodedEndpointURL);
        context.put("SAMLArt", buildArtifact(artifactContext).base64Encode());

        if (checkRelayState(artifactContext.getRelayState())) {
            String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(artifactContext.getRelayState());
            log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", artifactContext.getRelayState(), encodedRelayState);
            context.put("RelayState", encodedRelayState);
        }

        try {
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
     * @throws MessageEncodingException thrown if there is a problem encoding the message
     */
    protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext,
            String endpointURL) throws MessageEncodingException {
       
        Encoder esapiEncoder = ESAPI.encoder();

        String encodedEndpointURL = esapiEncoder.encodeForHTMLAttribute(endpointURL);
        log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
        velocityContext.put("action", encodedEndpointURL);

        log.debug("Marshalling and Base64 encoding SAML message");
        if (messageContext.getOutboundSAMLMessage().getDOM() == null) {
            marshallMessage(messageContext.getOutboundSAMLMessage());
        }
        try {
            String messageXML = XMLHelper.nodeToString(messageContext.getOutboundSAMLMessage().getDOM());
            String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
            if (messageContext.getOutboundSAMLMessage() instanceof RequestAbstractType) {
                velocityContext.put("SAMLRequest", encodedMessage);
            } else if (messageContext.getOutboundSAMLMessage() instanceof StatusResponseType) {
                velocityContext.put("SAMLResponse", encodedMessage);
            } else {
                throw new MessageEncodingException(
                        "SAML message is neither a SAML RequestAbstractType or StatusResponseType");
            }
        } catch (UnsupportedEncodingException e) {
            log.error("UTF-8 encoding is not supported, this VM is not Java compliant.");
            throw new MessageEncodingException("Unable to encode message, UTF-8 encoding is not supported");
        }

        String relayState = messageContext.getRelayState();
        if (checkRelayState(relayState)) {
            String encodedRelayState = esapiEncoder.encodeForHTMLAttribute(relayState);
            log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", relayState, encodedRelayState);
            velocityContext.put("RelayState", encodedRelayState);
        }
    }
View Full Code Here
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
    datasourcesXML.append( "<ProviderName>PentahoXMLA</ProviderName>\n" ); //$NON-NLS-1$
    datasourcesXML.append( "<ProviderType>MDP</ProviderType>\n" ); //$NON-NLS-1$
    datasourcesXML.append( "<AuthenticationMode>Unauthenticated</AuthenticationMode>\n" ); //$NON-NLS-1$
    datasourcesXML.append( "<Catalogs>\n" ); //$NON-NLS-1$

    Encoder encoder = ESAPI.encoder();

    // Creates <Catalogs> from the "/etc/mondrian/<catalog>/metadata" nodes.
    /*
     * IPentahoSession pentahoSession = PentahoSessionHolder.getSession(); String tenantEtcFolder = null;
     * if(pentahoSession != null) { String tenantId = (String)
     * pentahoSession.getAttribute(IPentahoSession.TENANT_ID_KEY); tenantEtcFolder =
     * ServerRepositoryPaths.getTenantEtcFolderPath(tenantId); } else { tenantEtcFolder =
     * ServerRepositoryPaths.getTenantEtcFolderPath(); }
     */

    String etcMondrian =
      ClientRepositoryPaths.getEtcFolderPath() + RepositoryFile.SEPARATOR + MONDRIAN_DATASOURCE_FOLDER;

    RepositoryFile etcMondrianFolder = unifiedRepository.getFile( etcMondrian );
    if ( etcMondrianFolder != null ) {
      List<RepositoryFile> mondrianCatalogs = unifiedRepository.getChildren( etcMondrianFolder.getId() );

      for ( RepositoryFile catalog : mondrianCatalogs ) {

        String catalogName = catalog.getName();
        RepositoryFile metadata =
          unifiedRepository.getFile( etcMondrian + RepositoryFile.SEPARATOR + catalogName + RepositoryFile.SEPARATOR
            + "metadata" ); //$NON-NLS-1$

        if ( metadata != null ) {
          DataNode metadataNode =
            unifiedRepository.getDataForRead( metadata.getId(), NodeRepositoryFileData.class ).getNode();
          String datasourceInfo = metadataNode.getProperty( "datasourceInfo" ).getString(); //$NON-NLS-1$
          String definition = metadataNode.getProperty( "definition" ).getString(); //$NON-NLS-1$

          datasourcesXML.append( "<Catalog name=\"" + encoder.encodeForXML( catalogName ) + "\">\n" ); //$NON-NLS-1$ //$NON-NLS-2$
          datasourcesXML
            .append( "<DataSourceInfo>" + encoder.encodeForXML( datasourceInfo ) + "</DataSourceInfo>\n" ); //$NON-NLS-1$ //$NON-NLS-2$
          datasourcesXML.append( "<Definition>" + encoder.encodeForXML( definition ) + "</Definition>\n" ); //$NON-NLS-1$ //$NON-NLS-2$
          datasourcesXML.append( "</Catalog>\n" ); //$NON-NLS-1$
        } else {
          logger
            .warn( Messages.getInstance().getString( "MondrianCatalogHelper.WARN_META_DATA_IS_NULL" ) ); //$NON-NLS-1$
        }
View Full Code Here
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
  private void printResourcesForContext( String contextName, OutputStream out, HttpServletRequest request,
      boolean printCssOnly ) throws IOException {

    IPluginManager pluginManager = PentahoSystem.get( IPluginManager.class );
    Encoder encoder = ESAPI.encoder();

    HttpServletRequest req = ( (HttpServletRequest) request );
    String reqStr = "";
    Map paramMap = req.getParameterMap();

    // Fix for BISERVER-7613, BISERVER-7614, BISERVER-7615
    // Make sure that parameters in the URL are encoded for Javascript safety since they'll be
    // added to Javascript fragments that get executed.
    if ( paramMap.size() > 0 ) {
      StringBuilder sb = new StringBuilder();
      Map.Entry<String, String[]> me = null;
      char sep = '?'; // first separator is '?'
      Iterator<Map.Entry<String, String[]>> it = paramMap.entrySet().iterator();
      int i;
      while ( it.hasNext() ) {
        me = it.next();
        for ( i = 0; i < me.getValue().length; i++ ) {
          sb.append( sep ).append( encoder.encodeForJavaScript( me.getKey().toString() ) ).append( "=" ).append(
            encoder.encodeForJavaScript( me.getValue()[ i ] ) );
        }
        if ( sep == '?' ) {
          sep = '&'; // change the separator
        }
      }
      reqStr = sb.toString(); // get the request string.
    }

    List<String> externalResources = pluginManager.getExternalResourcesForContext( contextName );
    out.write( ( "<!-- Injecting web resources defined in by plugins as external-resources for: "
      + encoder.encodeForHTML(
          contextName ) + "-->\n" ).getBytes() ); //$NON-NLS-1$ //$NON-NLS-2$
    if ( externalResources != null ) {

      for ( String res : externalResources ) {
        if ( res == null ) {
View Full Code Here
25
26
27
28
29
30
31
32
33
34
35
36
37
  public static String decode(String item, short decFrom) throws PageException  {
   
    PrintStream out = System.out;
    try {
       System.setOut(new PrintStream(DevNullOutputStream.DEV_NULL_OUTPUT_STREAM));
       Encoder encoder = ESAPI.encoder();
       switch(decFrom){
       case DEC_URL:return encoder.decodeFromURL(item);
       }
       throw new ApplicationException("invalid target decoding defintion");
    }
    catch(EncodingException ee){
      throw Caster.toPageException(ee);
View Full Code Here
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
  public static String encode(String item, short encFor) throws PageException  {
   
    PrintStream out = System.out;
    try {
       System.setOut(new PrintStream(DevNullOutputStream.DEV_NULL_OUTPUT_STREAM));
       Encoder encoder = ESAPI.encoder();
       switch(encFor){
       //case ENC_CSS:return encoder.encodeForBase64(item);
       case ENC_CSS:return encoder.encodeForCSS(item);
       case ENC_DN:return encoder.encodeForDN(item);
       case ENC_HTML:return encoder.encodeForHTML(item);
       case ENC_HTML_ATTR:return encoder.encodeForHTMLAttribute(item);
       case ENC_JAVA_SCRIPT:return encoder.encodeForJavaScript(item);
       case ENC_LDAP:return encoder.encodeForLDAP(item);
       //case ENC_CSS:return encoder.encodeForOS(arg0, arg1)(item);
       //case ENC_CSS:return encoder.encodeForSQL(arg0, arg1)CSS(item);
       case ENC_URL:return encoder.encodeForURL(item);
       case ENC_VB_SCRIPT:return encoder.encodeForVBScript(item);
       case ENC_XML:return encoder.encodeForXML(item);
       case ENC_XML_ATTR:return encoder.encodeForXMLAttribute(item);
       case ENC_XPATH:return encoder.encodeForXPath(item);
       }
       throw new ApplicationException("invalid target encoding defintion");
    }
    catch(EncodingException ee){
      throw Caster.toPageException(ee);
View Full Code Here
TOP

Related Classes of org.owasp.esapi.Encoder

  • org.opensaml.saml1.binding.encoding.HTTPPostEncoder
  • org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder
  • org.opensaml.saml2.binding.encoding.HTTPPostEncoder
  • org.pentaho.platform.plugin.action.mondrian.catalog.MondrianCatalogHelper
  • org.pentaho.platform.web.http.filters.PentahoWebContextFilter
  • railo.runtime.functions.owasp.ESAPIDecode
  • railo.runtime.functions.owasp.ESAPIEncode
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.