5de024923e
Added a new library wsf_security. Updated test cases to cover protections policy. Added a simple filter using an XSS implementation with WSF_XSS_REQUEST, but it's possible to build custom filters and request using different protection patterns.
519 lines
21 KiB
Plaintext
519 lines
21 KiB
Plaintext
note
|
|
description: "Return data for WSF_REQUEST query and form parameters using different types of protection policy"
|
|
date: "$Date$"
|
|
revision: "$Revision$"
|
|
|
|
class
|
|
WSF_PROTECTION_POLICY
|
|
|
|
-- TODO add header protection.
|
|
|
|
feature -- Query parameters
|
|
|
|
custom_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with custom protections.
|
|
do
|
|
Result := custom_wsf_value (a_req.query_parameter (a_name), a_protections)
|
|
end
|
|
|
|
predefined_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with all predefined protections.
|
|
-- check {WSF_PROTECTION_PATTERNS} class.
|
|
do
|
|
Result := predefined_value (a_req.query_parameter (a_name))
|
|
end
|
|
|
|
xss_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with xss protection.
|
|
do
|
|
Result := xss_value (a_req.query_parameter (a_name))
|
|
end
|
|
|
|
xss_js_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with xss protection.
|
|
do
|
|
Result := xss_js_value (a_req.query_parameter (a_name))
|
|
end
|
|
|
|
sql_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with sql injection protection.
|
|
do
|
|
Result := sql_value (a_req.query_parameter (a_name))
|
|
end
|
|
|
|
server_side_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with server side injection protection.
|
|
do
|
|
Result := server_side_value (a_req.query_parameter (a_name))
|
|
end
|
|
|
|
xpath_abbreviated_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with XPath_abbreviated injection protection.
|
|
do
|
|
Result := xpath_abbreviated_value (a_req.query_parameter (a_name))
|
|
end
|
|
|
|
xpath_expanded_query_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Query parameter name `a_name' with XPath expanded injection protection.
|
|
do
|
|
Result := xpath_expanded_value (a_req.query_parameter (a_name))
|
|
end
|
|
|
|
feature -- Form Parameters
|
|
|
|
custom_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with custom protections.
|
|
do
|
|
Result := custom_wsf_value (a_req.form_parameter (a_name), a_protections)
|
|
end
|
|
|
|
predefined_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with all predefined protections.
|
|
-- check {WSF_PROTECTION_PATTERNS} class.
|
|
do
|
|
Result := predefined_value (a_req.form_parameter (a_name))
|
|
end
|
|
|
|
xss_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with xss protection.
|
|
do
|
|
Result := xss_value (a_req.form_parameter (a_name))
|
|
end
|
|
|
|
xss_js_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with xss protection.
|
|
do
|
|
Result := xss_js_value (a_req.form_parameter (a_name))
|
|
end
|
|
|
|
sql_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with sql injection protection.
|
|
do
|
|
Result := sql_value (a_req.form_parameter (a_name))
|
|
end
|
|
|
|
server_side_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with server side injection protection.
|
|
do
|
|
Result := server_side_value (a_req.form_parameter (a_name))
|
|
end
|
|
|
|
xpath_abbreviated_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with server Xpath abbreviated injection protection.
|
|
do
|
|
Result := xpath_abbreviated_value (a_req.form_parameter (a_name))
|
|
end
|
|
|
|
xpath_expanded_form_parameter (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered Form parameter name `a_name' with server Xpath expanded injection protection.
|
|
do
|
|
Result := xpath_expanded_value (a_req.form_parameter (a_name))
|
|
end
|
|
|
|
feature -- Meta Variables
|
|
|
|
custom_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable WSF_VALUE
|
|
-- Filtered CGI Meta variable name `a_name' with custom protections.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} custom_wsf_value (a_req.meta_variable (a_name), a_protections) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
|
|
predefined_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
|
|
-- Filtered CGI Meta variable name `a_name' with predefined protections.
|
|
-- check {WSF_PROTECTION_PATTERNS} class.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} predefined_value (a_req.meta_variable (a_name)) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
|
|
xss_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_STRING
|
|
-- Filtered CGI Meta variable name `a_name' with xss protection.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} xss_value (a_req.meta_variable (a_name)) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
|
|
xss_js_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_STRING
|
|
-- Filtered CGI Meta variable name `a_name' with xss protection.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} xss_js_value (a_req.meta_variable (a_name)) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
|
|
sql_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_STRING
|
|
-- Filtered CGI Meta variable name `a_name' with sql injection protection.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} sql_value (a_req.meta_variable (a_name)) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
|
|
server_side_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_STRING
|
|
-- Filtered CGI Meta variable name `a_name' with server side injection protection.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} server_side_value (a_req.meta_variable (a_name)) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
|
|
xpath_abbreviated_side_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_STRING
|
|
-- Filtered CGI Meta variable name `a_name' with Xpath abbreviated injection protection.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} xpath_abbreviated_value (a_req.meta_variable (a_name)) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
|
|
xpath_expanded_side_meta_variable (a_req: WSF_REQUEST; a_name: READABLE_STRING_GENERAL): detachable WSF_STRING
|
|
-- Filtered CGI Meta variable name `a_name' with Xpath abbreviated injection protection.
|
|
require
|
|
a_name_valid: a_name /= Void and then not a_name.is_empty
|
|
do
|
|
if attached {WSF_STRING} xpath_expanded_value (a_req.meta_variable (a_name)) as l_result then
|
|
Result := l_result
|
|
end
|
|
end
|
|
feature -- HTTP_*
|
|
|
|
custom_http_accept (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_accept header with custom protections `a_protections`.
|
|
-- Contents of the Accept: header from the current wgi_request, if there is one.
|
|
-- Example: 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
|
|
do
|
|
Result := custom_string_value (a_req.http_accept, a_protections)
|
|
end
|
|
|
|
custom_http_accept_charset (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_accept_charset header with custom protections `a_protections`.
|
|
-- Contents of the Accept-Charset: header from the current wgi_request, if there is one.
|
|
-- Example: 'iso-8859-1,*,utf-8'.
|
|
|
|
do
|
|
Result := custom_string_value (a_req.http_accept_charset, a_protections)
|
|
end
|
|
|
|
custom_http_accept_encoding (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_accept_encoding header with custom protections `a_protections`.
|
|
-- Contents of the Accept-Encoding: header from the current wgi_request, if there is one.
|
|
-- Example: 'gzip'.
|
|
do
|
|
Result := custom_string_value (a_req.http_accept_encoding, a_protections)
|
|
end
|
|
|
|
custom_http_accept_language (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_accept_language header with custom protections `a_protections`.
|
|
-- Contents of the Accept-Language: header from the current wgi_request, if there is one.
|
|
-- Example: 'en'.
|
|
do
|
|
Result := custom_string_value (a_req.http_accept_language, a_protections)
|
|
end
|
|
|
|
custom_http_connection (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_connection header with custom protections `a_protections`.
|
|
-- Contents of the Connection: header from the current wgi_request, if there is one.
|
|
-- Example: 'keep-alive'.
|
|
do
|
|
Result := custom_string_value (a_req.http_connection, a_protections)
|
|
end
|
|
|
|
custom_http_expect (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_expect header with custom protections `a_protections`.
|
|
-- The Expect request-header field is used to indicate that particular server behaviors are required by the client.
|
|
-- Example: '100-continue'.
|
|
do
|
|
Result := custom_string_value (a_req.http_expect, a_protections)
|
|
end
|
|
|
|
custom_http_host (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_host header with custom protections `a_protections`.
|
|
-- Contents of the Host: header from the current wgi_request, if there is one.
|
|
do
|
|
Result := custom_string_value (a_req.http_host, a_protections)
|
|
end
|
|
|
|
custom_http_referer (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_referer header with custom protections `a_protections`.
|
|
-- The address of the page (if any) which referred the user agent to the current page.
|
|
-- This is set by the user agent.
|
|
-- Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature.
|
|
-- In short, it cannot really be trusted.
|
|
do
|
|
Result := custom_string_value (a_req.http_referer, a_protections)
|
|
end
|
|
|
|
custom_http_user_agent (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_user_agent header with custom protections `a_protections`.
|
|
-- Contents of the User-Agent: header from the current wgi_request, if there is one.
|
|
-- This is a string denoting the user agent being which is accessing the page.
|
|
-- A typical example is: Mozilla/4.5 [en] (X11; U; Linux 2.2.9 i586).
|
|
-- Among other things, you can use this value to tailor your page's
|
|
-- output to the capabilities of the user agent.
|
|
do
|
|
Result := custom_string_value (a_req.http_user_agent, a_protections)
|
|
end
|
|
|
|
custom_http_authorization (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_authorization header with custom protections `a_protections`.
|
|
-- Contents of the Authorization: header from the current wgi_request, if there is one.
|
|
do
|
|
Result := custom_string_value (a_req.http_authorization, a_protections)
|
|
end
|
|
|
|
custom_http_transfer_encoding (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_transfer_encoding header with custom protections `a_protections`.
|
|
-- Transfer-Encoding
|
|
-- for instance chunked.
|
|
do
|
|
Result := custom_string_value (a_req.http_transfer_encoding, a_protections)
|
|
end
|
|
|
|
custom_http_access_control_request_headers (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_access_control_request_headers header with custom protections `a_protections`.
|
|
-- Indicates which headers will be used in the actual request
|
|
-- as part of the preflight request
|
|
do
|
|
Result := custom_string_value (a_req.http_access_control_request_headers, a_protections)
|
|
end
|
|
|
|
custom_http_if_match (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_if_match header with custom protections `a_protections`.
|
|
-- Existence check on resource.
|
|
do
|
|
Result := custom_string_value (a_req.http_if_match, a_protections)
|
|
end
|
|
|
|
custom_http_if_modified_since (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_if_modified_since header with custom protections `a_protections`.
|
|
-- Modification check on resource.
|
|
do
|
|
Result := custom_string_value (a_req.http_if_modified_since, a_protections)
|
|
end
|
|
|
|
custom_http_if_none_match (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_if_none_match header with custom protections `a_protections`.
|
|
-- Existence check on resource.
|
|
do
|
|
Result := custom_string_value (a_req.http_if_none_match, a_protections)
|
|
end
|
|
|
|
custom_http_if_range (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_if_range header with custom protections `a_protections`.
|
|
-- Existence check on resource.
|
|
do
|
|
Result := custom_string_value (a_req.http_if_range, a_protections)
|
|
end
|
|
|
|
custom_http_if_unmodified_since (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_if_unmodified_since header with custom protections `a_protections`.
|
|
-- Modification check on resource.
|
|
do
|
|
Result := custom_string_value (a_req.http_if_unmodified_since, a_protections)
|
|
end
|
|
|
|
custom_http_last_modified (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_last_modified header with custom protections `a_protections`.
|
|
-- Modification check on resource.
|
|
do
|
|
Result := custom_string_value (a_req.http_last_modified, a_protections)
|
|
end
|
|
|
|
custom_http_range (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_range header with custom protections `a_protections`.
|
|
-- Requested byte-range of resource.
|
|
do
|
|
Result := custom_string_value (a_req.http_range, a_protections)
|
|
end
|
|
|
|
custom_http_content_range (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_content_range header with custom protections `a_protections`.
|
|
-- Partial range of selected representation enclosed in message payload.
|
|
do
|
|
Result := custom_string_value (a_req.http_content_range, a_protections)
|
|
end
|
|
|
|
custom_http_content_encoding (a_req: WSF_REQUEST; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Filtered http_content_encoding header with custom protections `a_protections`.
|
|
-- Encoding (usually compression) of message payload.
|
|
do
|
|
Result := custom_string_value (a_req.http_content_encoding, a_protections)
|
|
end
|
|
|
|
feature {NONE} -- Implementation
|
|
|
|
custom_wsf_value (a_value: detachable WSF_VALUE; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by all protections policy.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value, a_protections )
|
|
end
|
|
|
|
custom_string_value (a_value: detachable READABLE_STRING_8; a_protections: ARRAY [REGULAR_EXPRESSION]): detachable READABLE_STRING_8
|
|
-- Return value `a_value` filtered by all protections policy.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_string_value (a_value, a_protections )
|
|
end
|
|
|
|
predefined_value (a_value: detachable WSF_VALUE): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by all predefined protections policy.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value,
|
|
{ARRAY [REGULAR_EXPRESSION]}<<
|
|
l_wsf_xss.XSS_regular_expression,
|
|
l_wsf_xss.server_side_expression,
|
|
l_wsf_xss.sql_injection_regular_expression,
|
|
l_wsf_xss.xpath_abbreviated_expression,
|
|
l_wsf_xss.xpath_expanded_expression>>)
|
|
end
|
|
|
|
xss_value (a_value: detachable WSF_VALUE): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by xss protection.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value, {ARRAY [REGULAR_EXPRESSION]}<<l_wsf_xss.XSS_regular_expression>>)
|
|
end
|
|
|
|
xss_js_value (a_value: detachable WSF_VALUE): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by xss-javascript protection.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value, {ARRAY [REGULAR_EXPRESSION]} <<l_wsf_xss.XSS_javascript_expression>>)
|
|
end
|
|
|
|
sql_value (a_value: detachable WSF_VALUE): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by sql injection protection.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value, {ARRAY [REGULAR_EXPRESSION]} <<l_wsf_xss.SQL_injection_regular_expression>>)
|
|
end
|
|
|
|
server_side_value (a_value: detachable WSF_VALUE): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by server side injection protection.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value, {ARRAY [REGULAR_EXPRESSION]} <<l_wsf_xss.Server_side_expression>>)
|
|
end
|
|
|
|
xpath_abbreviated_value (a_value: detachable WSF_VALUE): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by xpath_abbreviated injection protection.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value, {ARRAY [REGULAR_EXPRESSION]} <<l_wsf_xss.Xpath_abbreviated_expression>>)
|
|
end
|
|
|
|
xpath_expanded_value (a_value: detachable WSF_VALUE): detachable WSF_VALUE
|
|
-- Return value `a_value` filtered by Xpath expanded injection protection.
|
|
local
|
|
l_wsf_xss: WSF_PROTECTION_PATTERNS
|
|
do
|
|
Result := filter_wsf_value (a_value, {ARRAY [REGULAR_EXPRESSION]} <<l_wsf_xss.Xpath_expanded_expression>>)
|
|
end
|
|
|
|
filter_wsf_value (a_value: detachable WSF_VALUE; a_regex: ARRAY [REGULAR_EXPRESSION] ): detachable WSF_VALUE
|
|
-- Filter value `a_value` with an array of protections policy `a_regex`.
|
|
local
|
|
not_first: BOOLEAN
|
|
do
|
|
Result := a_value
|
|
if Result /= Void then
|
|
if
|
|
attached {WSF_STRING} Result as str and then
|
|
a_regex.for_all (agent is_compiled)
|
|
then
|
|
a_regex.do_all (agent match (?, str.value))
|
|
if a_regex.there_exists (agent has_matched) then
|
|
create {WSF_STRING} Result.make (str.name, " ")
|
|
end
|
|
elseif
|
|
attached {WSF_MULTIPLE_STRING} Result as l_multi_str and then
|
|
a_regex.for_all (agent is_compiled)
|
|
then
|
|
across l_multi_str as ic loop
|
|
a_regex.do_all (agent match (?, ic.item.value))
|
|
if a_regex.there_exists (agent has_matched ) then
|
|
if not_first and then attached {WSF_MULTIPLE_STRING} Result as l_result then
|
|
l_result.add_value ( (create {WSF_STRING}.make (ic.item.name, " ")))
|
|
else
|
|
create {WSF_MULTIPLE_STRING} Result.make_with_string (ic.item.name, " ")
|
|
not_first := True
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
filter_string_value (a_value: detachable READABLE_STRING_8; a_regex: ARRAY [REGULAR_EXPRESSION] ): detachable READABLE_STRING_8
|
|
-- Filter value `a_value` with an array of protections policy `a_regex`.
|
|
do
|
|
Result := a_value
|
|
if Result /= Void then
|
|
if
|
|
attached a_value as l_value and then
|
|
a_regex.for_all (agent is_compiled)
|
|
then
|
|
a_regex.do_all (agent match (?, l_value))
|
|
if a_regex.there_exists (agent has_matched) then
|
|
create {STRING_8} Result.make_empty
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
is_compiled (a_regex: REGULAR_EXPRESSION): BOOLEAN
|
|
-- Is the regular expression 'a_regex' compiled?
|
|
do
|
|
Result := a_regex.is_compiled
|
|
end
|
|
|
|
match (a_regex: REGULAR_EXPRESSION; a_value: READABLE_STRING_32)
|
|
do
|
|
a_regex.match (a_value)
|
|
end
|
|
|
|
has_matched (a_regex: REGULAR_EXPRESSION): BOOLEAN
|
|
do
|
|
Result := a_regex.has_matched
|
|
end
|
|
|
|
|
|
note
|
|
copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Olivier Ligot, Colin Adams, Eiffel Software and others"
|
|
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
|
|
source: "[
|
|
Eiffel Software
|
|
5949 Hollister Ave., Goleta, CA 93117 USA
|
|
Telephone 805-685-1006, Fax 805-685-6869
|
|
Website http://www.eiffel.com
|
|
Customer support http://support.eiffel.com
|
|
]"
|
|
end
|