mirrors/EWF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
31fa31bd53add3a5a62a7d3fc681883a1383ad63
EWF/library/server/wsf/security/support/wsf_protection.e
Jocelyn Fiat 7d738a164d Added missing comments.
2017-11-30 14:54:46 +01:00

95 lines
2.5 KiB
Plaintext
Raw Blame History

note
description: "[
Security protection on values.
It could be to protect against XSS, SQL ... injections.
]"
date: "$Date$"
revision: "$Revision$"
EIS: "name=OWASP", "src=https://www.owasp.org/", "protocol=uri"
EIS: "name=OWASP XSS", "src=https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet", "protocol=uri"
EIS: "name=Regular expression protection", "src=https://docs.apigee.com/api-services/reference/regular-expression-protection", "protocol=uri"
deferred class
WSF_PROTECTION
feature -- Status report
is_valid: BOOLEAN
-- Is valid protection?
deferred
end
feature -- String Protection
string_8 (s: READABLE_STRING_8): detachable READABLE_STRING_8
-- Safe string value from `s`.
-- If a thread is detected, either return Void, or filter out the threat.
require
is_valid: is_valid
deferred
end
feature -- Value Protection
string_value (v: WSF_STRING): detachable WSF_STRING
-- Safe string value from `v`.
-- If a thread is detected, either return Void, or filter out the threat.
require
is_valid: is_valid
deferred
end
value (v: WSF_VALUE): detachable WSF_VALUE
-- Safe value from `v`.
-- If a thread is detected, either return Void, or filter out the threat.
require
is_valid: is_valid
do
if attached {WSF_STRING} v as s then
Result := string_value (s)
elseif attached {WSF_MULTIPLE_STRING} v as ms then
Result := multiple_string_value (ms)
else
-- TODO
Result := v
end
end
multiple_string_value (mv: WSF_MULTIPLE_STRING): detachable WSF_MULTIPLE_STRING
-- Safe multiple string value from `mv`.
-- If a thread is detected in any of the item, either return Void, or filter out the threat.
require
is_valid: is_valid
local
v: detachable WSF_STRING
do
-- TODO: check if the whole structure should be Void
-- when one item is filtered out, or if the structure could have
-- holes.
across
mv as ic
loop
v := string_value (ic.item)
if v = Void then
Result := Void
elseif Result = Void then
create Result.make_with_value (v)
else
Result.add_value (v)
end
end
end
note
copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Olivier Ligot, Colin Adams, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
source: "[
Eiffel Software
5949 Hollister Ave., Goleta, CA 93117 USA
Telephone 805-685-1006, Fax 805-685-6869
Website http://www.eiffel.com
Customer support http://support.eiffel.com
]"
end
Reference in New Issue View Git Blame Copy Permalink