From 1faf201e8608dfa4d7af3460fd3d1fc7ebec398b Mon Sep 17 00:00:00 2001
From: talasila <talasila@research.att.com>
Date: Tue, 7 Feb 2017 11:47:55 -0500
Subject: Initial OpenECOMP Portal SDK commit

Change-Id: I66a3491600a4b9ea241128dc29267eed6a78ed76
Signed-off-by: talasila <talasila@research.att.com>
---
 .../portalsdk/analytics/util/XSSFilter.java        | 90 ++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java

(limited to 'ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java')

diff --git a/ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java b/ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java
new file mode 100644
index 00000000..e6d01994
--- /dev/null
+++ b/ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java
@@ -0,0 +1,90 @@
+/*-
+ * ================================================================================
+ * eCOMP Portal SDK
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ================================================================================
+ */
+package org.openecomp.portalsdk.analytics.util;
+	
+	/**
+	 * 
+	 * This class is used to filter javascript tags to avoid XSS attacks.
+	 */
+public class XSSFilter {
+
+	//	private static String[] filterChars = { "<", ">", "<", ">", "\"", "\\", "0x" };
+//	private static String[] replacementChars = { " ", " ", " ", " ", "'", "/", "0 x" };
+
+/*	public static synchronized String filterRequest(String param) {
+		String value = param;
+
+		if (param != null) {
+
+			for (int i = 0; i < filterChars.length; i++) {
+				value = filterCharacters(filterChars[i], replacementChars[i],
+						value);
+			}
+
+		}
+
+		return value;
+
+	}
+*/
+	
+	public static synchronized String filterRequestOnlyScript(String param) {
+		String value = "";
+		value = nvl(param);
+		value = value.replaceAll("<[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
+		value = value.replaceAll("</[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
+		value = value.replaceAll("[\\s]*[jJ][\\s]*[aA][\\s]*[vV][\\s]*[aA][\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*", "");
+		return value;
+	}
+	public static synchronized String filterRequest (String param) {
+		String value = "";
+		value = nvl(param);
+		value = value.replaceAll("<[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
+		value = value.replaceAll("</[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
+		value = value.replaceAll("[\\s]*[jJ][\\s]*[aA][\\s]*[vV][\\s]*[aA][\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*", "");
+		value = value.replaceAll("[\\s]*<", "");
+		value = value.replaceAll("[\\s]*>", "");
+		
+		return value;
+	}
+	
+//	private static synchronized String filterCharacters(String originalChar, String newChar,
+//			String param) {
+//		StringBuffer sb = new StringBuffer(param);
+//
+//		for (int position = param.toLowerCase().indexOf(originalChar); position >= 0;) {
+//			sb.replace(position, position + originalChar.length(), newChar);
+//			param = sb.toString();
+//			position = param.toLowerCase().indexOf(originalChar);
+//		}
+//
+//		return sb.toString();
+//	}
+    
+	public static void main (String args[]) {
+		String value = XSSFilter.filterRequest("<s\nC\nr\nI\np\nT\n>\na\nl\ne\nr\nt\n('sundar');</SCRIPT>javascript:alert('Sundar');");
+		int i = Integer.parseInt("8989");
+		System.out.println(value);
+	}
+	
+	private static String nvl(String s) {
+		return (s == null) ? "" : s;
+	}
+}
-- 
cgit 1.2.3-korg