backup/EWF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added missing comments.

Browse Source
This commit is contained in:
Jocelyn Fiat
2017-11-30 14:54:46 +01:00
parent 1037256ea6
commit 7d738a164d
2 changed files with 31 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
library/server/wsf/security/support/wsf_protection.e
View File

@@ -1,8 +1,14 @@
note note
description: "Summary description for {WSF_PROTECTION}." description: "[
author: "" Security protection on values.
It could be to protect against XSS, SQL ... injections.
]"
date: "$Date$" date: "$Date$"
revision: "$Revision$" revision: "$Revision$"
EIS: "name=OWASP", "src=https://www.owasp.org/", "protocol=uri"
EIS: "name=OWASP XSS", "src=https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet", "protocol=uri"
EIS: "name=Regular expression protection", "src=https://docs.apigee.com/api-services/reference/regular-expression-protection", "protocol=uri"
deferred class deferred class
WSF_PROTECTION WSF_PROTECTION
@@ -10,12 +16,15 @@ deferred class
feature -- Status report feature -- Status report
is_valid: BOOLEAN is_valid: BOOLEAN
-- Is valid protection?
deferred deferred
end end
feature -- String Protection feature -- String Protection
string_8 (s: READABLE_STRING_8): detachable READABLE_STRING_8 string_8 (s: READABLE_STRING_8): detachable READABLE_STRING_8
-- Safe string value from `s`.
-- If a thread is detected, either return Void, or filter out the threat.
require require
is_valid: is_valid is_valid: is_valid
deferred deferred
@@ -23,7 +32,17 @@ feature -- String Protection
feature -- Value Protection feature -- Value Protection
string_value (v: WSF_STRING): detachable WSF_STRING
-- Safe string value from `v`.
-- If a thread is detected, either return Void, or filter out the threat.
require
is_valid: is_valid
deferred
end
value (v: WSF_VALUE): detachable WSF_VALUE value (v: WSF_VALUE): detachable WSF_VALUE
-- Safe value from `v`.
-- If a thread is detected, either return Void, or filter out the threat.
require require
is_valid: is_valid is_valid: is_valid
do do
@@ -37,18 +56,17 @@ feature -- Value Protection
end end
end end
string_value (v: WSF_STRING): detachable WSF_STRING
require
is_valid: is_valid
deferred
end
multiple_string_value (mv: WSF_MULTIPLE_STRING): detachable WSF_MULTIPLE_STRING multiple_string_value (mv: WSF_MULTIPLE_STRING): detachable WSF_MULTIPLE_STRING
-- Safe multiple string value from `mv`.
-- If a thread is detected in any of the item, either return Void, or filter out the threat.
require require
is_valid: is_valid is_valid: is_valid
local local
v: detachable WSF_STRING v: detachable WSF_STRING
do do
-- TODO: check if the whole structure should be Void
-- when one item is filtered out, or if the structure could have
-- holes.
across across
mv as ic mv as ic
loop loop

6
library/server/wsf/security/support/wsf_protection_regexp.e
View File

@@ -1,8 +1,8 @@
note note
description: "Summary description for {WSF_PROTECTION_REGEXP}." description: "Security protection based on Regular expression."
author: ""
date: "$Date$" date: "$Date$"
revision: "$Revision$" revision: "$Revision$"
EIS: "name=Regular expression protection", "src=https://docs.apigee.com/api-services/reference/regular-expression-protection", "protocol=uri"
class class
WSF_PROTECTION_REGEXP WSF_PROTECTION_REGEXP
@@ -77,6 +77,8 @@ feature -- String Protection
feature -- Status report feature -- Status report
is_valid: BOOLEAN is_valid: BOOLEAN
-- <Precursor>
-- i.e: if the association regular expression is successfully compiled.
do do
Result := is_compiled Result := is_compiled
end end