Skip to content

Commit 9d271b4

Browse files
author
[email protected]
committed
Fix getHexForNonAlphanumeric(char), toOctal(char) and toHex(char) in
Codec to properly handle character values greater than 0xFF. Fix CSS tests for 0x100 in CodecTest. Note, the percent 0x100 tests still fail but that is a bit more complex to fix. Next on the list.
1 parent b8eed4f commit 9d271b4

2 files changed

Lines changed: 54 additions & 59 deletions

File tree

src/main/java/org/owasp/esapi/codecs/Codec.java

Lines changed: 52 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -42,54 +42,48 @@ public abstract class Codec {
4242
if ( c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) {
4343
hex[c] = null;
4444
} else {
45-
hex[c] = toHex(c);
45+
hex[c] = toHex(c).intern();
4646
}
4747
}
4848
}
49-
50-
49+
50+
5151
/**
5252
* Default constructor
5353
*/
5454
public Codec() {
5555
}
56-
56+
5757
/**
5858
* Encode a String so that it can be safely used in a specific context.
5959
*
60-
* @param immune
61-
* @param input
60+
* @param immune
61+
* @param input
6262
* the String to encode
6363
* @return the encoded String
6464
*/
65-
public String encode(char[] immune, String input) {
66-
StringBuilder sb = new StringBuilder();
67-
for (int i = 0; i < input.length(); i++) {
68-
char c = input.charAt(i);
69-
sb.append(encodeCharacter(immune, c));
70-
}
71-
return sb.toString();
72-
}
73-
74-
// public abstract String encodeString( String input ) ;
75-
76-
// public abstract String encodeDate( String input ) ;
77-
78-
// public abstract String encodeNumber( String input ) ;
79-
65+
public String encode(char[] immune, String input) {
66+
StringBuilder sb = new StringBuilder();
67+
for (int i = 0; i < input.length(); i++) {
68+
char c = input.charAt(i);
69+
sb.append(encodeCharacter(immune, c));
70+
}
71+
return sb.toString();
72+
}
73+
8074
/**
8175
* Default implementation that should be overridden in specific codecs.
8276
*
83-
* @param immune
84-
* @param c
77+
* @param immune
78+
* @param c
8579
* the Character to encode
8680
* @return
8781
* the encoded Character
8882
*/
8983
public String encodeCharacter( char[] immune, Character c ) {
9084
return ""+c;
9185
}
92-
86+
9387
/**
9488
* Decode a String that was encoded using the encode method in this Class
9589
*
@@ -98,20 +92,19 @@ public String encodeCharacter( char[] immune, Character c ) {
9892
* @return
9993
* the decoded String
10094
*/
101-
public String decode(String input) {
102-
StringBuilder sb = new StringBuilder();
103-
PushbackString pbs = new PushbackString(input);
104-
while (pbs.hasNext()) {
105-
Character c = decodeCharacter(pbs);
106-
if (c != null) {
107-
sb.append(c);
108-
} else {
109-
sb.append(pbs.next());
110-
}
111-
}
112-
return sb.toString();
113-
}
114-
95+
public String decode(String input) {
96+
StringBuilder sb = new StringBuilder();
97+
PushbackString pbs = new PushbackString(input);
98+
while (pbs.hasNext()) {
99+
Character c = decodeCharacter(pbs);
100+
if (c != null) {
101+
sb.append(c);
102+
} else {
103+
sb.append(pbs.next());
104+
}
105+
}
106+
return sb.toString();
107+
}
115108

116109
/**
117110
* Returns the decoded version of the next character from the input string and advances the
@@ -125,26 +118,28 @@ public String decode(String input) {
125118
public Character decodeCharacter( PushbackString input ) {
126119
return input.next();
127120
}
128-
121+
129122
/**
130-
* Lookup the hex value of any character that is not alphanumeric, return null if alphanumeric.
131-
*
132-
* @param c
133-
* @return
134-
*/
135-
public static String getHexForNonAlphanumeric( char c ) {
136-
if ( c > 0xFF ) return null;
137-
return hex[c];
123+
* Lookup the hex value of any character that is not alphanumeric.
124+
* @param c The character to lookup.
125+
* @return, return null if alphanumeric or the character code
126+
* in hex.
127+
*/
128+
public static String getHexForNonAlphanumeric(char c)
129+
{
130+
if(c<0xFF)
131+
return hex[c];
132+
return toHex(c);
138133
}
139134

140-
public static String toOctal( char c ) {
141-
if ( c > 0xFF ) return null;
142-
return Integer.toOctalString( c );
135+
public static String toOctal(char c)
136+
{
137+
return Integer.toOctalString(c);
143138
}
144139

145-
public static String toHex( char c ) {
146-
if ( c > 0xFF ) return null;
147-
return Integer.toHexString( c );
140+
public static String toHex(char c)
141+
{
142+
return Integer.toHexString(c);
148143
}
149144

150145
/**
@@ -155,10 +150,10 @@ public static String toHex( char c ) {
155150
* @return
156151
*/
157152
public static boolean containsCharacter( char c, char[] array ) {
158-
for (char ch : array) {
159-
if (c == ch) return true;
153+
for (char ch : array) {
154+
if (c == ch) return true;
160155
}
161156
return false;
162157
}
163-
164-
}
158+
159+
}

src/test/java/org/owasp/esapi/codecs/CodecTest.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -269,7 +269,7 @@ public void testCSSEncodeChar0x100()
269269
{
270270
char in = 0x100;
271271
String inStr = Character.toString(in);
272-
String expected = "\\u100";
272+
String expected = "\\100 ";
273273
String result;
274274

275275
result = cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
@@ -282,7 +282,7 @@ public void testCSSEncodeStr0x100()
282282
{
283283
char in = 0x100;
284284
String inStr = Character.toString(in);
285-
String expected = "\\u100";
285+
String expected = "\\100 ";
286286
String result;
287287

288288
result = cssCodec.encode(EMPTY_CHAR_ARRAY, inStr);

0 commit comments

Comments
 (0)