This protection could be implemented with a regular expression,
or using another solution (as manual parsing).
Also, when a protection detects an issue, instead of returning empty string,
it returns Void. If the value is a multiple string value, if an item is detected for an issue,
the returned multiple string value is now Void.
This abstraction will allow to return either Void, or a "corrected" value,
for instance the string value, without the detected "<script..>..</script>" text.
TODO: improve the WSF_PROTECTION_REGEXP to allow replacement strategy.
Added a new library wsf_security.
Updated test cases to cover protections policy.
Added a simple filter using an XSS implementation with WSF_XSS_REQUEST, but
it's possible to build custom filters and request using different protection patterns.
Added an utility class to get safe query and form parameters.
Added a new WSF_XSS_REQUEST to use safe parameters.
Added a filter WSF_XSS_FILTER using WSF_XSS_REQUEST.
Added test cases
Signed-off-by: jvelilla <javier.hector@gmail.com>
if True, this display verbose debug information in console
Implemented uploading of file for PUT and POST requests
Refactored LIBCURL_HTTP_CLIENT_REQUEST to free used pointer, and also ease extension of the class if needed.
Updated cURL library with addition of {CURL_EXTERNALS}.slist_free_all (..)
Added WSF_RESPONSE.put_character
Renamed WGI_OUTPUT_STREAM.put_character_8 as put_character to follow style of put_string (and not put_string_8)
Refactored the WSF_DEFAULT_SERVICE_LAUNCHER
Added WSF_DEFAULT_SERVICE to be more user friendly
Splitted the wsf/default/ libraries to have wsf/connector/... and being able to handle more than one connector in the same application
Renamed any *_APPLICATION as *_SERVICE
mainly because those components
such as WSF_APPLICATION, renamed as WSF_SERVICE
are not always the main application entry, and "service" describe them better
Minor implementation change in WSF_REQUEST
Cosmetics
Quite useful when launching using port=0 to use a random free port.
This is great for testing, this way we can run many tests in the same time without any port blocking.
