dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed file/folder

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@7 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64 2006-09-30 13:25:36 +00:00
parent 7414ec751d
commit 58c4d16530
5 changed files with 0 additions and 1144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

508
webgoat/main/project/JavaSource/org/owasp/webgoat/util/Exec.java
View File

@ -1,508 +0,0 @@
package org.owasp.webgoat.util;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.BitSet;
/**
* Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
* Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
* this software.
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
* @created October 28, 2003
*/
public class Exec
{
/**
* Description of the Method
*
* @param command Description of the Parameter
* @param input Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execInput( String command, String input )
{
return ( execOptions( command, input, 0, 0, false ) );
}
/**
* Description of the Method
*
* @param command Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execLazy( String command )
{
return ( execOptions( command, "", 0, 0, true ) );
}
/*
* Execute an OS command and capture the output in an ExecResults.
* All exceptions are caught and stored in the ExecResults.
* @param String command is the OS command to execute
* @param String input is piped into the OS command
* @param int successCode is the expected return code if the command completes successfully
* @param int timeout is the number of milliseconds to wait before interrupting the command
* @param boolean quit tells the method to exit when there is no more output waiting
*/
/**
* Description of the Method
*
* @param command Description of the Parameter
* @param input Description of the Parameter
* @param successCode Description of the Parameter
* @param timeout Description of the Parameter
* @param lazy Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execOptions( String[] command, String input, int successCode, int timeout, boolean lazy )
{
Process child = null;
ByteArrayOutputStream output = new ByteArrayOutputStream();
ByteArrayOutputStream errors = new ByteArrayOutputStream();
ExecResults results = new ExecResults( command[0], input, successCode, timeout );
BitSet interrupted = new BitSet( 1 );
boolean lazyQuit = false;
ThreadWatcher watcher;
try
{
// start the command
child = Runtime.getRuntime().exec( command );
// get the streams in and out of the command
InputStream processIn = child.getInputStream();
InputStream processError = child.getErrorStream();
OutputStream processOut = child.getOutputStream();
// start the clock running
if ( timeout > 0 )
{
watcher = new ThreadWatcher( child, interrupted, timeout );
new Thread( watcher ).start();
}
// Write to the child process' input stream
if ( ( input != null ) && !input.equals( "" ) )
{
try
{
processOut.write( input.getBytes() );
processOut.flush();
processOut.close();
}
catch ( IOException e1 )
{
results.setThrowable( e1 );
}
}
// Read from the child process' output stream
// The process may get killed by the watcher at any time
int c = 0;
try
{
while ( true )
{
if ( interrupted.get( 0 ) || lazyQuit )
{
break;
}
// interrupted
c = processIn.read();
if ( c == -1 )
{
break;
}
// end of stream
output.write( c );
if ( lazy && ( processIn.available() < 1 ) )
{
lazyQuit = true;
}
// if lazy and nothing then quit (after at least one read)
}
processIn.close();
}
catch ( IOException e2 )
{
results.setThrowable( e2 );
}
finally
{
if ( interrupted.get( 0 ) )
{
results.setInterrupted();
}
results.setOutput( output.toString() );
}
// Read from the child process' error stream
// The process may get killed by the watcher at any time
try
{
while ( true )
{
if ( interrupted.get( 0 ) || lazyQuit )
{
break;
}
// interrupted
c = processError.read();
if ( c == -1 )
{
break;
}
// end of stream
output.write( c );
if ( lazy && ( processError.available() < 1 ) )
{
lazyQuit = true;
}
// if lazy and nothing then quit (after at least one read)
}
processError.close();
}
catch ( IOException e3 )
{
results.setThrowable( e3 );
}
finally
{
if ( interrupted.get( 0 ) )
{
results.setInterrupted();
}
results.setErrors( errors.toString() );
}
// wait for the return value of the child process.
if ( !interrupted.get( 0 ) && !lazyQuit )
{
int returnCode = child.waitFor();
results.setReturnCode( returnCode );
if ( returnCode != successCode )
{
results.setError( ExecResults.BADRETURNCODE );
}
}
}
catch ( InterruptedException i )
{
results.setInterrupted();
}
catch ( Throwable t )
{
results.setThrowable( t );
}
finally
{
if ( child != null )
{
child.destroy();
}
}
return ( results );
}
/*
* Execute an OS command and capture the output in an ExecResults.
* All exceptions are caught and stored in the ExecResults.
* @param String command is the OS command to execute
* @param String input is piped into the OS command
* @param int successCode is the expected return code if the command completes successfully
* @param int timeout is the number of milliseconds to wait before interrupting the command
* @param boolean quit tells the method to exit when there is no more output waiting
*/
/**
* Description of the Method
*
* @param command Description of the Parameter
* @param input Description of the Parameter
* @param successCode Description of the Parameter
* @param timeout Description of the Parameter
* @param lazy Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execOptions( String command, String input, int successCode, int timeout, boolean lazy )
{
Process child = null;
ByteArrayOutputStream output = new ByteArrayOutputStream();
ByteArrayOutputStream errors = new ByteArrayOutputStream();
ExecResults results = new ExecResults( command, input, successCode, timeout );
BitSet interrupted = new BitSet( 1 );
boolean lazyQuit = false;
ThreadWatcher watcher;
try
{
// start the command
child = Runtime.getRuntime().exec( command );
// get the streams in and out of the command
InputStream processIn = child.getInputStream();
InputStream processError = child.getErrorStream();
OutputStream processOut = child.getOutputStream();
// start the clock running
if ( timeout > 0 )
{
watcher = new ThreadWatcher( child, interrupted, timeout );
new Thread( watcher ).start();
}
// Write to the child process' input stream
if ( ( input != null ) && !input.equals( "" ) )
{
try
{
processOut.write( input.getBytes() );
processOut.flush();
processOut.close();
}
catch ( IOException e1 )
{
results.setThrowable( e1 );
}
}
// Read from the child process' output stream
// The process may get killed by the watcher at any time
int c = 0;
try
{
while ( true )
{
if ( interrupted.get( 0 ) || lazyQuit )
{
break;
}
// interrupted
c = processIn.read();
if ( c == -1 )
{
break;
}
// end of stream
output.write( c );
if ( lazy && ( processIn.available() < 1 ) )
{
lazyQuit = true;
}
// if lazy and nothing then quit (after at least one read)
}
processIn.close();
}
catch ( IOException e2 )
{
results.setThrowable( e2 );
}
finally
{
if ( interrupted.get( 0 ) )
{
results.setInterrupted();
}
results.setOutput( output.toString() );
}
// Read from the child process' error stream
// The process may get killed by the watcher at any time
try
{
while ( true )
{
if ( interrupted.get( 0 ) || lazyQuit )
{
break;
}
// interrupted
c = processError.read();
if ( c == -1 )
{
break;
}
// end of stream
output.write( c );
if ( lazy && ( processError.available() < 1 ) )
{
lazyQuit = true;
}
// if lazy and nothing then quit (after at least one read)
}
processError.close();
}
catch ( IOException e3 )
{
results.setThrowable( e3 );
}
finally
{
if ( interrupted.get( 0 ) )
{
results.setInterrupted();
}
results.setErrors( errors.toString() );
}
// wait for the return value of the child process.
if ( !interrupted.get( 0 ) && !lazyQuit )
{
int returnCode = child.waitFor();
results.setReturnCode( returnCode );
if ( returnCode != successCode )
{
results.setError( ExecResults.BADRETURNCODE );
}
}
}
catch ( InterruptedException i )
{
results.setInterrupted();
}
catch ( Throwable t )
{
results.setThrowable( t );
}
finally
{
if ( child != null )
{
child.destroy();
}
}
return ( results );
}
/**
* Description of the Method
*
* @param command Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execSimple( String[] command )
{
return ( execOptions( command, "", 0, 0, false ) );
}
/**
* Description of the Method
*
* @param command Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execSimple( String command )
{
return ( execOptions( command, "", 0, 0, false ) );
}
/**
* Description of the Method
*
* @param command Description of the Parameter
* @param args Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execSimple( String command, String args )
{
return ( execOptions( command, args, 0, 0, false ) );
}
/**
* Description of the Method
*
* @param command Description of the Parameter
* @param timeout Description of the Parameter
* @return Description of the Return Value
*/
public static ExecResults execTimeout( String command, int timeout )
{
return ( execOptions( command, "", 0, timeout, false ) );
}
/**
* The main program for the Exec class
*
* @param args The command line arguments
*/
public static void main( String[] args )
{
ExecResults results;
String sep = System.getProperty( "line.separator" );
System.out.println( "-------------------------------------------" + sep + "TEST 1: execSimple" );
results = Exec.execSimple( "c:/swarm-2.1.1/bin/whoami.exe" );
System.out.println( results );
System.out.println( "-------------------------------------------" + sep + "TEST 2: execSimple (with search)" );
results = Exec.execSimple( "netstat -r" );
System.out.println( results );
if ( results.outputContains( "localhost:1031" ) )
{
System.out.println( "ERROR: listening on 1031" );
}
System.out.println( "-------------------------------------------" + sep + "TEST 3: execInput" );
results = Exec.execInput( "find \"cde\"", "abcdefg1\nhijklmnop\nqrstuv\nabcdefg2" );
System.out.println( results );
System.out.println( "-------------------------------------------" + sep + "TEST 4:execTimeout" );
results = Exec.execTimeout( "ping -t 127.0.0.1", 5 * 1000 );
System.out.println( results );
System.out.println( "-------------------------------------------" + sep + "TEST 5:execLazy" );
results = Exec.execLazy( "ping -t 127.0.0.1" );
System.out.println( results );
System.out.println( "-------------------------------------------" + sep + "TEST 6:ExecTimeout process never outputs" );
results = Exec.execTimeout( "c:/swarm-2.1.1/bin/sleep.exe 20", 5 * 1000 );
System.out.println( results );
System.out.println( "-------------------------------------------" + sep + "TEST 7:ExecTimeout process waits for input" );
results = Exec.execTimeout( "c:/swarm-2.1.1/bin/cat", 5 * 1000 );
System.out.println( results );
}
}

320
webgoat/main/project/JavaSource/org/owasp/webgoat/util/ExecResults.java
View File

@ -1,320 +0,0 @@
package org.owasp.webgoat.util;
/**
* Copyright (c) 2002 Free Software Foundation developed under the custody of
* the Open Web Application Security Project (http://www.owasp.org) This
* software package org.owasp.webgoat.is published by OWASP under the GPL. You should read and
* accept the LICENSE before you use, modify and/or redistribute this software.
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
*/
public class ExecResults
{
/**
* Description of the Field
*/
public final static int BADRETURNCODE = 2;
/**
* Description of the Field
*/
public final static int THROWABLE = 1;
private String myCommand;
private boolean myError = false;
private int myErrorType = 0;
private String myErrors = null;
private String myInput;
private boolean myInterrupted = false;
private String myOutput = null;
private int myReturnCode = 0;
private int mySuccessCode;
private Throwable myThrowable = null;
private int myTimeout;
/**
* Constructor for the ExecResults object
*
*@param command Description of the Parameter
*@param input Description of the Parameter
*@param successCode Description of the Parameter
*@param timeout Description of the Parameter
*/
public ExecResults(String command, String input, int successCode, int timeout)
{
myCommand = command.trim();
myInput = input.trim();
mySuccessCode = successCode;
myTimeout = timeout;
}
/**
* Description of the Method
*
*@param haystack Description of the Parameter
*@param needle Description of the Parameter
*@param fromIndex Description of the Parameter
*@return Description of the Return Value
*/
private boolean contains(String haystack, String needle, int fromIndex)
{
return (haystack.trim().toLowerCase().indexOf(needle.trim().toLowerCase(), fromIndex) != -1);
}
/**
* Description of the Method
*
*@param value Description of the Parameter
*@return Description of the Return Value
*/
public boolean errorsContains(String value)
{
return (errorsContains(value, 0));
}
/**
* Description of the Method
*
*@param value Description of the Parameter
*@param fromIndex Description of the Parameter
*@return Description of the Return Value
*/
public boolean errorsContains(String value, int fromIndex)
{
return (contains(myErrors, value, fromIndex));
}
/**
* Gets the error attribute of the ExecResults object
*
*@return The error value
*/
public boolean getError()
{
return (myError);
}
/**
* Gets the errorMessage attribute of the ExecResults object
*
*@return The errorMessage value
*/
public String getErrorMessage()
{
switch (getErrorType())
{
case THROWABLE:
return ("Exception: " + myThrowable.getMessage());
case BADRETURNCODE:
return ("Bad return code (expected " + mySuccessCode + ")");
default:
return ("Unknown error");
}
}
/**
* Gets the errorType attribute of the ExecResults object
*
*@return The errorType value
*/
public int getErrorType()
{
return (myErrorType);
}
/**
* Gets the errors attribute of the ExecResults object
*
*@return The errors value
*/
public String getErrors()
{
return (myErrors);
}
/**
* Gets the interrupted attribute of the ExecResults object
*
*@return The interrupted value
*/
public boolean getInterrupted()
{
return (myInterrupted);
}
/**
* Gets the output attribute of the ExecResults object
*
*@return The output value
*/
public String getOutput()
{
return (myOutput);
}
/**
* Gets the returnCode attribute of the ExecResults object
*
*@return The returnCode value
*/
public int getReturnCode()
{
return (myReturnCode);
}
/**
* Gets the throwable attribute of the ExecResults object
*
*@return The throwable value
*/
public Throwable getThrowable()
{
return (myThrowable);
}
/**
* Description of the Method
*
*@param value Description of the Parameter
*@return Description of the Return Value
*/
public boolean outputContains(String value)
{
return (outputContains(value, 0));
}
/**
* Description of the Method
*
*@param value Description of the Parameter
*@param fromIndex Description of the Parameter
*@return Description of the Return Value
*/
public boolean outputContains(String value, int fromIndex)
{
return (contains(myOutput, value, fromIndex));
}
/**
* Sets the error attribute of the ExecResults object
*
*@param value The new error value
*/
public void setError(int value)
{
myError = true;
myErrorType = value;
}
/**
* Sets the errors attribute of the ExecResults object
*
*@param errors The new errors value
*/
public void setErrors(String errors)
{
myErrors = errors.trim();
}
/**
* Sets the interrupted attribute of the ExecResults object
*/
public void setInterrupted()
{
myInterrupted = true;
}
/**
* Sets the output attribute of the ExecResults object
*
*@param value The new output value
*/
public void setOutput(String value)
{
myOutput = value.trim();
}
/**
* Sets the returnCode attribute of the ExecResults object
*
*@param value The new returnCode value
*/
public void setReturnCode(int value)
{
myReturnCode = value;
}
/**
* Sets the throwable attribute of the ExecResults object
*
*@param value The new throwable value
*/
public void setThrowable(Throwable value)
{
setError(THROWABLE);
myThrowable = value;
}
/**
* Description of the Method
*
*@return Description of the Return Value
*/
public String toString()
{
String sep = System.getProperty("line.separator");
StringBuffer value = new StringBuffer();
value.append("ExecResults for \'" + myCommand + "\'" + sep);
if ((myInput != null) && !myInput.equals(""))
{
value.append(sep + "Input..." + sep + myInput + sep);
}
if ((myOutput != null) && !myOutput.equals(""))
{
value.append(sep + "Output..." + sep + myOutput + sep);
}
if ((myErrors != null) && !myErrors.equals(""))
{
value.append(sep + "Errors..." + sep + myErrors + sep);
}
value.append(sep);
if (myInterrupted)
{
value.append("Command timed out after " + (myTimeout / 1000) + " seconds " + sep);
}
value.append("Returncode: " + myReturnCode + sep);
if (myError)
{
value.append(getErrorMessage() + sep);
}
return (value.toString());
}
}

31
webgoat/main/project/JavaSource/org/owasp/webgoat/util/ExecutionException.java
View File

@ -1,31 +0,0 @@
package org.owasp.webgoat.util;
/**
* Copyright (c) 2002 Free Software Foundation developed under the custody of
* the Open Web Application Security Project (http://www.owasp.org) This
* software package org.owasp.webgoat.is published by OWASP under the GPL. You should read and
* accept the LICENSE before you use, modify and/or redistribute this software.
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
*/
public class ExecutionException extends Exception
{
/**
* Constructor for the ExecutionException object
*/
public ExecutionException()
{
super();
}
/**
* Constructor for the ExecutionException object
*
*@param msg Description of the Parameter
*/
public ExecutionException(String msg)
{
super(msg);
}
}

195
webgoat/main/project/JavaSource/org/owasp/webgoat/util/HtmlEncoder.java
View File

@ -1,195 +0,0 @@
package org.owasp.webgoat.util;
import java.util.HashMap;
import java.util.Map;
public class HtmlEncoder
{
static Map e2i = new HashMap();
static Map i2e = new HashMap();
// html entity list
private static Object[][] entities =
{
{"quot", new Integer( 34 )}, // " - double-quote
{"amp", new Integer( 38 )}, // & - ampersand
{"lt", new Integer( 60 )}, // < - less-than
{"gt", new Integer( 62 )}, // > - greater-than
{"nbsp", new Integer( 160 )}, // non-breaking space
{"copy", new Integer( 169 )}, // © - copyright
{"reg", new Integer( 174 )}, // ® - registered trademark
{"Agrave", new Integer( 192 )}, // À - uppercase A, grave accent
{"Aacute", new Integer( 193 )}, // Á - uppercase A, acute accent
{"Acirc", new Integer( 194 )}, // Â - uppercase A, circumflex accent
{"Atilde", new Integer( 195 )}, // Ã - uppercase A, tilde
{"Auml", new Integer( 196 )}, // Ä - uppercase A, umlaut
{"Aring", new Integer( 197 )}, // Å - uppercase A, ring
{"AElig", new Integer( 198 )}, // Æ - uppercase AE
{"Ccedil", new Integer( 199 )}, // Ç - uppercase C, cedilla
{"Egrave", new Integer( 200 )}, // È - uppercase E, grave accent
{"Eacute", new Integer( 201 )}, // É - uppercase E, acute accent
{"Ecirc", new Integer( 202 )}, // Ê - uppercase E, circumflex accent
{"Euml", new Integer( 203 )}, // Ë - uppercase E, umlaut
{"Igrave", new Integer( 204 )}, // Ì - uppercase I, grave accent
{"Iacute", new Integer( 205 )}, // Í - uppercase I, acute accent
{"Icirc", new Integer( 206 )}, // Î - uppercase I, circumflex accent
{"Iuml", new Integer( 207 )}, // Ï - uppercase I, umlaut
{"ETH", new Integer( 208 )}, // Ð - uppercase Eth, Icelandic
{"Ntilde", new Integer( 209 )}, // Ñ - uppercase N, tilde
{"Ograve", new Integer( 210 )}, // Ò - uppercase O, grave accent
{"Oacute", new Integer( 211 )}, // Ó - uppercase O, acute accent
{"Ocirc", new Integer( 212 )}, // Ô - uppercase O, circumflex accent
{"Otilde", new Integer( 213 )}, // Õ - uppercase O, tilde
{"Ouml", new Integer( 214 )}, // Ö - uppercase O, umlaut
{"Oslash", new Integer( 216 )}, // Ø - uppercase O, slash
{"Ugrave", new Integer( 217 )}, // Ù - uppercase U, grave accent
{"Uacute", new Integer( 218 )}, // Ú - uppercase U, acute accent
{"Ucirc", new Integer( 219 )}, // Û - uppercase U, circumflex accent
{"Uuml", new Integer( 220 )}, // Ü - uppercase U, umlaut
{"Yacute", new Integer( 221 )}, // Ý - uppercase Y, acute accent
{"THORN", new Integer( 222 )}, // Þ - uppercase THORN, Icelandic
{"szlig", new Integer( 223 )}, // ß - lowercase sharps, German
{"agrave", new Integer( 224 )}, // à - lowercase a, grave accent
{"aacute", new Integer( 225 )}, // á - lowercase a, acute accent
{"acirc", new Integer( 226 )}, // â - lowercase a, circumflex accent
{"atilde", new Integer( 227 )}, // ã - lowercase a, tilde
{"auml", new Integer( 228 )}, // ä - lowercase a, umlaut
{"aring", new Integer( 229 )}, // å - lowercase a, ring
{"aelig", new Integer( 230 )}, // æ - lowercase ae
{"ccedil", new Integer( 231 )}, // ç - lowercase c, cedilla
{"egrave", new Integer( 232 )}, // è - lowercase e, grave accent
{"eacute", new Integer( 233 )}, // é - lowercase e, acute accent
{"ecirc", new Integer( 234 )}, // ê - lowercase e, circumflex accent
{"euml", new Integer( 235 )}, // ë - lowercase e, umlaut
{"igrave", new Integer( 236 )}, // ì - lowercase i, grave accent
{"iacute", new Integer( 237 )}, // í - lowercase i, acute accent
{"icirc", new Integer( 238 )}, // î - lowercase i, circumflex accent
{"iuml", new Integer( 239 )}, // ï - lowercase i, umlaut
{"igrave", new Integer( 236 )}, // ì - lowercase i, grave accent
{"iacute", new Integer( 237 )}, // í - lowercase i, acute accent
{"icirc", new Integer( 238 )}, // î - lowercase i, circumflex accent
{"iuml", new Integer( 239 )}, // ï - lowercase i, umlaut
{"eth", new Integer( 240 )}, // ð - lowercase eth, Icelandic
{"ntilde", new Integer( 241 )}, // ñ - lowercase n, tilde
{"ograve", new Integer( 242 )}, // ò - lowercase o, grave accent
{"oacute", new Integer( 243 )}, // ó - lowercase o, acute accent
{"ocirc", new Integer( 244 )}, // ô - lowercase o, circumflex accent
{"otilde", new Integer( 245 )}, // õ - lowercase o, tilde
{"ouml", new Integer( 246 )}, // ö - lowercase o, umlaut
{"oslash", new Integer( 248 )}, // ø - lowercase o, slash
{"ugrave", new Integer( 249 )}, // ù - lowercase u, grave accent
{"uacute", new Integer( 250 )}, // ú - lowercase u, acute accent
{"ucirc", new Integer( 251 )}, // û - lowercase u, circumflex accent
{"uuml", new Integer( 252 )}, // ü - lowercase u, umlaut
{"yacute", new Integer( 253 )}, // ý - lowercase y, acute accent
{"thorn", new Integer( 254 )}, // þ - lowercase thorn, Icelandic
{"yuml", new Integer( 255 )}, // ÿ - lowercase y, umlaut
{"euro", new Integer( 8364 )},// Euro symbol
};
public HtmlEncoder()
{
for(int i=0; i<entities.length; i++)
e2i.put(entities[i][0], entities[i][1]);
for(int i=0; i<entities.length; i++)
i2e.put(entities[i][1], entities[i][0]);
}
/**
* Turns funky characters into HTML entity equivalents<p>
*
* e.g. <tt>"bread" & "butter"</tt> => <tt>&amp;quot;bread&amp;quot; &amp;amp;
* &amp;quot;butter&amp;quot;</tt> . Update: supports nearly all HTML entities, including funky
* accents. See the source code for more detail. Adapted from
* http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
*
* @param s1 Description of the Parameter
* @return Description of the Return Value
*/
public static String encode( String s1 )
{
StringBuffer buf = new StringBuffer();
int i;
for ( i = 0; i < s1.length(); ++i )
{
char ch = s1.charAt( i );
String entity = (String) i2e.get( new Integer( (int) ch ) );
if ( entity == null )
{
if ( ( (int) ch ) > 128 )
{
buf.append( "&#" + ( (int) ch ) + ";" );
}
else
{
buf.append( ch );
}
}
else
{
buf.append( "&" + entity + ";" );
}
}
return buf.toString();
}
/**
* Given a string containing entity escapes, returns a string containing the actual Unicode
* characters corresponding to the escapes. Adapted from
* http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
*
* @param s1 Description of the Parameter
* @return Description of the Return Value
*/
public static String decode( String s1 )
{
StringBuffer buf = new StringBuffer();
int i;
for ( i = 0; i < s1.length(); ++i )
{
char ch = s1.charAt( i );
if ( ch == '&' )
{
int semi = s1.indexOf( ';', i + 1 );
if ( semi == -1 )
{
buf.append( ch );
continue;
}
String entity = s1.substring( i + 1, semi );
Integer iso;
if ( entity.charAt( 0 ) == '#' )
{
iso = new Integer( entity.substring( 1 ) );
}
else
{
iso = (Integer) e2i.get( entity );
}
if ( iso == null )
{
buf.append( "&" + entity + ";" );
}
else
{
buf.append( (char) ( iso.intValue() ) );
}
i = semi;
}
else
{
buf.append( ch );
}
}
return buf.toString();
}
}

90
webgoat/main/project/JavaSource/org/owasp/webgoat/util/ThreadWatcher.java
View File

@ -1,90 +0,0 @@
package org.owasp.webgoat.util;
import java.util.BitSet;
/**
* Copyright (c) 2002 Free Software Foundation developed under the custody of
* the Open Web Application Security Project (http://www.owasp.org) This
* software package org.owasp.webgoat.is published by OWASP under the GPL. You should read and
* accept the LICENSE before you use, modify and/or redistribute this software.
*
*@author jwilliams@aspectsecurity.com
*@created November 6, 2002
*/
public class ThreadWatcher implements Runnable
{
// time to live in milliseconds
private BitSet myInterrupted;
private Process myProcess;
private int myTimeout;
/**
* Constructor for the ThreadWatcher object
*
*@param p Description of the Parameter
*@param interrupted Description of the Parameter
*@param timeout Description of the Parameter
*/
public ThreadWatcher(Process p, BitSet interrupted, int timeout)
{
myProcess = p;
// thread used by whoever constructed this watcher
myTimeout = timeout;
myInterrupted = interrupted;
}
/*
* Interrupt the thread by marking the interrupted bit and killing the process
*/
/**
* Description of the Method
*/
public void interrupt()
{
myInterrupted.set(0);
// set interrupted bit (bit 0 of the bitset) to 1
myProcess.destroy();
/*
* try
* {
* myProcess.getInputStream().close();
* }
* catch( IOException e1 )
* {
* / do nothing -- input streams are probably already closed
* }
* try
* {
* myProcess.getErrorStream().close();
* }
* catch( IOException e2 )
* {
* / do nothing -- input streams are probably already closed
* }
* myThread.interrupt();
*/
}
/**
* Main processing method for the ThreadWatcher object
*/
public void run()
{
try
{
Thread.sleep(myTimeout);
}
catch (InterruptedException e)
{
// do nothing -- if watcher is interrupted, so is thread
}
interrupt();
}
}