Initial import WSF XSS protection.

Added an utility class to get safe query and form parameters. Added a new WSF_XSS_REQUEST to use safe parameters. Added a filter WSF_XSS_FILTER using WSF_XSS_REQUEST. Added test cases Signed-off-by: jvelilla <javier.hector@gmail.com>
2017-11-10 10:37:32 -03:00
parent ccff084642
commit 25446cac12
7 changed files with 471 additions and 4 deletions
--- a/library/server/wsf/src/wsf_xss_request.e
+++ b/library/server/wsf/src/wsf_xss_request.e
@@ -0,0 +1,59 @@
+note
+	description: "[
+		XSS request, redefine query_parameter and form_parameters filtering the data (using XSS protection)
+		before return the value.
+	]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	WSF_XSS_REQUEST
+
+inherit
+	WSF_REQUEST
+		redefine
+			query_parameter,
+			form_parameter
+		end
+
+	WSF_REQUEST_EXPORTER
+
+	WSF_XSS_UTILITIES
+
+create
+	make_from_request
+
+feature {NONE} -- Creation
+
+	make_from_request (req: WSF_REQUEST)
+		do
+			make_from_wgi (req.wgi_request)
+		end
+
+feature -- Query parameters
+
+	query_parameter (a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
+			-- Query parameter for name `a_name'.
+		do
+			Result := safe_query_parameter (Current, a_name)
+		end
+
+feature -- Form Parameters
+
+	form_parameter (a_name: READABLE_STRING_GENERAL): detachable WSF_VALUE
+		do
+			Result := safe_form_parameter (Current, a_name)
+		end
+
+
+note
+	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Olivier Ligot, Colin Adams, Eiffel Software and others"
+	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
+	source: "[
+			Eiffel Software
+			5949 Hollister Ave., Goleta, CA 93117 USA
+			Telephone 805-685-1006, Fax 805-685-6869
+			Website http://www.eiffel.com
+			Customer support http://support.eiffel.com
+		]"
+end