a987ca7cdc
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@463 4033779f-a91e-0410-96ef-6bf7bf53c507
1056 lines
28 KiB
Java
1056 lines
28 KiB
Java
|
|
package org.owasp.webgoat.session;
|
|
|
|
import java.util.Enumeration;
|
|
import java.util.StringTokenizer;
|
|
import java.util.Vector;
|
|
import java.util.regex.Pattern;
|
|
import javax.servlet.ServletRequest;
|
|
import org.owasp.webgoat.util.HtmlEncoder;
|
|
|
|
|
|
/***************************************************************************************************
|
|
*
|
|
*
|
|
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
|
* please see http://www.owasp.org/
|
|
*
|
|
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
|
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
|
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along with this program; if
|
|
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
* 02111-1307, USA.
|
|
*
|
|
* Getting Source ==============
|
|
*
|
|
* Source for this application is maintained at code.google.com, a repository for free software
|
|
* projects.
|
|
*
|
|
* For details, please see http://code.google.com/p/webgoat/
|
|
*
|
|
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
|
*/
|
|
public class ParameterParser
|
|
{
|
|
|
|
private final static String ALLOWED_CHARACTERS = "_$()-?.@!,:;=//+"; // Don't
|
|
// allow
|
|
// #&
|
|
// specifically
|
|
|
|
private ServletRequest request;
|
|
|
|
/**
|
|
* Constructs a new ParameterParser to handle the parameters of the given request.
|
|
*
|
|
* @param request
|
|
* the servlet request
|
|
*/
|
|
public ParameterParser(ServletRequest request)
|
|
{
|
|
this.request = request;
|
|
}
|
|
|
|
/**
|
|
* Description of the Method
|
|
*
|
|
* @param s
|
|
* Description of the Parameter
|
|
* @return Description of the Return Value
|
|
*/
|
|
private String clean(String s)
|
|
{
|
|
StringBuffer clean = new StringBuffer();
|
|
|
|
for (int loop = 0; loop < s.length(); loop++)
|
|
{
|
|
char c = s.charAt(loop);
|
|
|
|
if (Character.isLetterOrDigit(c) || Character.isWhitespace(c) || (ALLOWED_CHARACTERS.indexOf(c) != -1))
|
|
{
|
|
clean.append(c);
|
|
}
|
|
else
|
|
{
|
|
clean.append('.');
|
|
}
|
|
}
|
|
|
|
return (clean.toString());
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a boolean
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a boolean
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found
|
|
*/
|
|
public boolean getBooleanParameter(String name) throws ParameterNotFoundException
|
|
{
|
|
return new Boolean(getStringParameter(name)).booleanValue();
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a boolean, with a default. Returns the default value if the
|
|
* parameter is not found.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a boolean, or the default
|
|
*/
|
|
public boolean getBooleanParameter(String name, boolean def)
|
|
{
|
|
try
|
|
{
|
|
return getBooleanParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the booleanSubParameter attribute of the ParameterParser object
|
|
*
|
|
* @param first
|
|
* Description of the Parameter
|
|
* @param next
|
|
* Description of the Parameter
|
|
* @param def
|
|
* Description of the Parameter
|
|
* @return The booleanSubParameter value
|
|
*/
|
|
public boolean getBooleanSubParameter(String first, String next, boolean def)
|
|
{
|
|
try
|
|
{
|
|
return new Boolean(getSubParameter(first, next)).booleanValue();
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a byte
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a byte
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found
|
|
* @exception NumberFormatException
|
|
* if the parameter value could not be converted to a byte
|
|
*/
|
|
public byte getByteParameter(String name) throws ParameterNotFoundException, NumberFormatException
|
|
{
|
|
return Byte.parseByte(getStringParameter(name));
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a byte, with a default. Returns the default value if the
|
|
* parameter is not found or cannot be converted to a byte.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a byte, or the default
|
|
*/
|
|
public byte getByteParameter(String name, byte def)
|
|
{
|
|
try
|
|
{
|
|
return getByteParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a char
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a char
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found or was the empty string
|
|
*/
|
|
public char getCharParameter(String name) throws ParameterNotFoundException
|
|
{
|
|
String param = getStringParameter(name);
|
|
|
|
if (param.length() == 0)
|
|
{
|
|
throw new ParameterNotFoundException(name + " is empty string");
|
|
}
|
|
else
|
|
{
|
|
return (param.charAt(0));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a char, with a default. Returns the default value if the
|
|
* parameter is not found.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a char, or the default
|
|
*/
|
|
public char getCharParameter(String name, char def)
|
|
{
|
|
try
|
|
{
|
|
return getCharParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the classNameParameter attribute of the ParameterParser object
|
|
*
|
|
* @param name
|
|
* Description of the Parameter
|
|
* @return The classNameParameter value
|
|
*/
|
|
public String getClassNameParameter(String name) throws ParameterNotFoundException
|
|
{
|
|
String p = getStringParameter(name);
|
|
StringTokenizer st = new StringTokenizer(p);
|
|
|
|
return (st.nextToken().trim());
|
|
}
|
|
|
|
// FIXME: check for [a-zA-Z].([a-zA-Z])*
|
|
|
|
/**
|
|
* Gets the classNameParameter attribute of the ParameterParser object
|
|
*
|
|
* @param name
|
|
* Description of the Parameter
|
|
* @param def
|
|
* Description of the Parameter
|
|
* @return The classNameParameter value
|
|
*/
|
|
public String getClassNameParameter(String name, String def)
|
|
{
|
|
try
|
|
{
|
|
return getClassNameParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a double
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a double
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found
|
|
* @exception NumberFormatException
|
|
* if the parameter could not be converted to a double
|
|
*/
|
|
public double getDoubleParameter(String name) throws ParameterNotFoundException, NumberFormatException
|
|
{
|
|
return new Double(getStringParameter(name)).doubleValue();
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a double, with a default. Returns the default value if the
|
|
* parameter is not found.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a double, or the default
|
|
*/
|
|
public double getDoubleParameter(String name, double def)
|
|
{
|
|
try
|
|
{
|
|
return getDoubleParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a float
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a float
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found
|
|
* @exception NumberFormatException
|
|
* if the parameter could not be converted to a float
|
|
*/
|
|
public float getFloatParameter(String name) throws ParameterNotFoundException, NumberFormatException
|
|
{
|
|
return new Float(getStringParameter(name)).floatValue();
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a float, with a default. Returns the default value if the
|
|
* parameter is not found.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a float, or the default
|
|
*/
|
|
public float getFloatParameter(String name, float def)
|
|
{
|
|
try
|
|
{
|
|
return getFloatParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as an IP String, with a default. Returns the default value if
|
|
* the parameter is not found or is the empty string.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a String, or the default
|
|
*/
|
|
public String getIPParameter(String name, String def)
|
|
{
|
|
try
|
|
{
|
|
return getIPParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as an IP String
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a valid IP String or an Empty string if invalid
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found or was the empty string
|
|
*/
|
|
public String getIPParameter(String name) throws ParameterNotFoundException
|
|
{
|
|
boolean valid = true;
|
|
String[] values = request.getParameterValues(name);
|
|
String value;
|
|
|
|
if (values == null)
|
|
{
|
|
throw new ParameterNotFoundException(name + " not found");
|
|
}
|
|
else if (values[0].length() == 0)
|
|
{
|
|
throw new ParameterNotFoundException(name + " was empty");
|
|
}
|
|
else
|
|
{
|
|
// trim illegal characters
|
|
value = clean(values[0].trim());
|
|
|
|
if (value.indexOf("&") > 0)
|
|
{
|
|
// truncate additional parameters that follow &
|
|
value = value.substring(0, value.indexOf("&"));
|
|
}
|
|
|
|
// validate the IP ex: 124.143.12.254
|
|
int startIndex = 0;
|
|
int endIndex = 0;
|
|
int octetCount = 0;
|
|
int octetValue;
|
|
String octet;
|
|
|
|
// if no .'s then it's not an IP
|
|
if (value.indexOf(".") >= 0)
|
|
{
|
|
while ((valid == true) && (octetCount < 4))
|
|
{
|
|
endIndex = value.indexOf(".", startIndex);
|
|
|
|
if (endIndex == -1)
|
|
{
|
|
endIndex = value.length();
|
|
}
|
|
|
|
octet = value.substring(startIndex, endIndex);
|
|
startIndex = endIndex + 1;
|
|
|
|
try
|
|
{
|
|
octetValue = Integer.parseInt(octet);
|
|
|
|
if ((octetValue <= 0) || (octetValue >= 256))
|
|
{
|
|
valid = false;
|
|
}
|
|
} catch (Exception e)
|
|
{
|
|
valid = false;
|
|
}
|
|
|
|
octetCount++;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Not a valid IP
|
|
valid = false;
|
|
}
|
|
|
|
// Check for any extra garbage. If the last octet was a large value
|
|
// it would be trapped by the above range check.
|
|
if (value.length() != endIndex)
|
|
{
|
|
valid = false;
|
|
}
|
|
|
|
return valid ? value : null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a int
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a int
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found
|
|
* @exception NumberFormatException
|
|
* if the parameter could not be converted to a int
|
|
*/
|
|
public int getIntParameter(String name) throws ParameterNotFoundException, NumberFormatException
|
|
{
|
|
return Integer.parseInt(getStringParameter(name));
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a int, with a default. Returns the default value if the
|
|
* parameter is not found.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a int, or the default
|
|
*/
|
|
public int getIntParameter(String name, int def)
|
|
{
|
|
try
|
|
{
|
|
return getIntParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a long
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a long
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found
|
|
* @exception NumberFormatException
|
|
* if the parameter could not be converted to a long
|
|
*/
|
|
public long getLongParameter(String name) throws ParameterNotFoundException, NumberFormatException
|
|
{
|
|
return Long.parseLong(getStringParameter(name));
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a long, with a default. Returns the default value if the
|
|
* parameter is not found.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a long, or the default
|
|
*/
|
|
public long getLongParameter(String name, long def)
|
|
{
|
|
try
|
|
{
|
|
return getLongParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Determines which of the required parameters were missing from the request. Returns null if
|
|
* all the parameters are present.
|
|
*
|
|
* @param requestuired
|
|
* Description of the Parameter
|
|
* @return an array of missing parameters, or null if none are missing
|
|
*/
|
|
public String[] getMissingParameters(String[] requestuired)
|
|
{
|
|
Vector<String> missing = new Vector<String>();
|
|
|
|
for (int i = 0; i < requestuired.length; i++)
|
|
{
|
|
String val = getStringParameter(requestuired[i], null);
|
|
|
|
if (val == null)
|
|
{
|
|
missing.addElement(requestuired[i]);
|
|
}
|
|
}
|
|
|
|
if (missing.size() == 0)
|
|
{
|
|
return null;
|
|
}
|
|
else
|
|
{
|
|
String[] ret = new String[missing.size()];
|
|
missing.copyInto(ret);
|
|
|
|
return ret;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the parameterNames attribute of the ParameterParser object
|
|
*
|
|
* @return The parameterNames value
|
|
*/
|
|
public Enumeration getParameterNames()
|
|
{
|
|
if (request == null) { return (null); }
|
|
|
|
return request.getParameterNames();
|
|
}
|
|
|
|
/**
|
|
* Gets the parameterValues attribute of the ParameterParser object
|
|
*
|
|
* @param name
|
|
* Description of the Parameter
|
|
* @return The parameterValues value
|
|
*/
|
|
public String[] getParameterValues(String name)
|
|
{
|
|
if (request == null) { return (null); }
|
|
|
|
return request.getParameterValues(name);
|
|
}
|
|
|
|
/**
|
|
* Gets the rawParameter attribute of the ParameterParser object
|
|
*
|
|
* @param name
|
|
* Description of the Parameter
|
|
* @param def
|
|
* Description of the Parameter
|
|
* @return The rawParameter value
|
|
*/
|
|
public String getRawParameter(String name, String def)
|
|
{
|
|
try
|
|
{
|
|
return getRawParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the rawParameter attribute of the ParameterParser object
|
|
*
|
|
* @param name
|
|
* Description of the Parameter
|
|
* @return The rawParameter value
|
|
* @exception ParameterNotFoundException
|
|
* Description of the Exception
|
|
*/
|
|
public String getRawParameter(String name) throws ParameterNotFoundException
|
|
{
|
|
String[] values = request.getParameterValues(name);
|
|
|
|
if (values == null)
|
|
{
|
|
throw new ParameterNotFoundException(name + " not found");
|
|
}
|
|
else if (values[0].length() == 0) { throw new ParameterNotFoundException(name + " was empty"); }
|
|
|
|
return (values[0]);
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a short
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a short
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found
|
|
* @exception NumberFormatException
|
|
* if the parameter could not be converted to a short
|
|
*/
|
|
public short getShortParameter(String name) throws ParameterNotFoundException, NumberFormatException
|
|
{
|
|
return Short.parseShort(getStringParameter(name));
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a short, with a default. Returns the default value if the
|
|
* parameter is not found.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a short, or the default
|
|
*/
|
|
public short getShortParameter(String name, short def)
|
|
{
|
|
try
|
|
{
|
|
return getShortParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a String
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @return the parameter value as a String
|
|
* @exception ParameterNotFoundException
|
|
* if the parameter was not found or was the empty string
|
|
*/
|
|
public String getStringParameter(String name) throws ParameterNotFoundException
|
|
{
|
|
String[] values = request.getParameterValues(name);
|
|
String value;
|
|
|
|
if (values == null)
|
|
{
|
|
throw new ParameterNotFoundException(name + " not found");
|
|
}
|
|
else if (values[0].length() == 0)
|
|
{
|
|
throw new ParameterNotFoundException(name + " was empty");
|
|
}
|
|
else
|
|
{
|
|
// trim illegal characters
|
|
value = clean(values[0].trim());
|
|
|
|
if (value.indexOf("&") > 0)
|
|
{
|
|
// truncate additional parameters that follow &
|
|
value = value.substring(0, value.indexOf("&"));
|
|
}
|
|
|
|
return value;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the named parameter value as a String, with a default. Returns the default value if the
|
|
* parameter is not found or is the empty string.
|
|
*
|
|
* @param name
|
|
* the parameter name
|
|
* @param def
|
|
* the default parameter value
|
|
* @return the parameter value as a String, or the default
|
|
*/
|
|
public String getStringParameter(String name, String def)
|
|
{
|
|
try
|
|
{
|
|
return getStringParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the subParameter attribute of the ParameterParser object
|
|
*
|
|
* @param first
|
|
* Description of the Parameter
|
|
* @param next
|
|
* Description of the Parameter
|
|
* @param def
|
|
* Description of the Parameter
|
|
* @return The subParameter value
|
|
*/
|
|
public String getSubParameter(String first, String next, String def)
|
|
{
|
|
try
|
|
{
|
|
return getSubParameter(first, next);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the parameter named 'next' following the parameter 'first'. Presumes the structure:
|
|
* first=firstvalue&next=nextValue
|
|
*
|
|
* @param first
|
|
* Description of the Parameter
|
|
* @param next
|
|
* Description of the Parameter
|
|
* @return The subParameter value
|
|
* @exception ParameterNotFoundException
|
|
* Description of the Exception
|
|
*/
|
|
public String getSubParameter(String first, String next) throws ParameterNotFoundException
|
|
{
|
|
String[] values = request.getParameterValues(first);
|
|
String value;
|
|
|
|
if (values == null)
|
|
{
|
|
throw new ParameterNotFoundException(first + " not found");
|
|
}
|
|
else if (values[0].length() == 0)
|
|
{
|
|
throw new ParameterNotFoundException(first + " was empty");
|
|
}
|
|
else
|
|
{
|
|
value = clean(values[0].trim());
|
|
|
|
int idx = value.indexOf("&") + 1;
|
|
|
|
// index of first char of first sub-param name
|
|
if (idx == 0) { throw new ParameterNotFoundException("No subparameter key"); }
|
|
|
|
value = value.substring(idx);
|
|
|
|
// System.out.println("= = = = = =Parameter parser looking for " +
|
|
// next + " in " + value );
|
|
int nextValueIndex = value.indexOf(next + "=");
|
|
|
|
// System.out.println("= = = = = =Parameter parser nextValueIndex =
|
|
// " + nextValueIndex );
|
|
if (nextValueIndex < 0) { throw new ParameterNotFoundException("No subparameter value"); }
|
|
|
|
nextValueIndex += (next.length() + 1);
|
|
|
|
if (nextValueIndex >= 0)
|
|
{
|
|
value = value.substring(nextValueIndex);
|
|
}
|
|
else
|
|
{
|
|
throw new ParameterNotFoundException(next + " not found");
|
|
}
|
|
}
|
|
|
|
if (value.indexOf("&") > 0)
|
|
{
|
|
// truncate additional parameters that follow &
|
|
value = value.substring(0, value.indexOf("&"));
|
|
}
|
|
|
|
// System.out.println("=-=-=-=-=ParameterParser returning value " +
|
|
// value );
|
|
return value;
|
|
}
|
|
|
|
/**
|
|
* Gets the wordParameter attribute of the ParameterParser object
|
|
*
|
|
* @param name
|
|
* Description of the Parameter
|
|
* @return The wordParameter value
|
|
*/
|
|
public String getWordParameter(String name) throws ParameterNotFoundException
|
|
{
|
|
String p = getStringParameter(name);
|
|
StringTokenizer st = new StringTokenizer(p);
|
|
|
|
return (st.nextToken().trim());
|
|
}
|
|
|
|
// FIXME: check for [a-zA-Z]
|
|
|
|
/**
|
|
* Gets the wordParameter attribute of the ParameterParser object
|
|
*
|
|
* @param name
|
|
* Description of the Parameter
|
|
* @param def
|
|
* Description of the Parameter
|
|
* @return The wordParameter value
|
|
*/
|
|
public String getWordParameter(String name, String def)
|
|
{
|
|
try
|
|
{
|
|
return getWordParameter(name);
|
|
} catch (Exception e)
|
|
{
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the specified parameter from the request and validates it against the provided regular
|
|
* expression. If the regular expression check fails, the default value is returned instead.
|
|
*
|
|
* @param name
|
|
* The name of the parameter to retrieve from the request.
|
|
* @param def
|
|
* The default value of the parameter.
|
|
* @param regexpattern
|
|
* The precompiled regular expression to be used to validate the parameter.
|
|
* @return The validated parameter value, or the default value if validation failed.
|
|
*/
|
|
private String getRegexParameter(String name, String def, Pattern regexpattern) throws ValidationException
|
|
{
|
|
try
|
|
{
|
|
return getRegexParameter(name, regexpattern);
|
|
} catch (Exception e)
|
|
{
|
|
// System.out.println("Exception occured in defined pattern match");
|
|
// e.printStackTrace();
|
|
return def;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the specified parameter from the request and validates it against the provided regular
|
|
* expression. If the regular expression check fails, the default value is returned instead.
|
|
*
|
|
* @param name
|
|
* The name of the parameter to retrieve from the request.
|
|
* @param def
|
|
* The default value of the parameter.
|
|
* @param regexpattern
|
|
* The precompiled regular expression to be used to validate the parameter.
|
|
* @return The validated parameter value, or the default value if validation failed.
|
|
*/
|
|
private String getRegexParameter(String name, Pattern regexpattern) throws ParameterNotFoundException,
|
|
ValidationException
|
|
{
|
|
String param = getStringParameter(name);
|
|
|
|
if (regexpattern.matcher(param).matches())
|
|
{
|
|
return param;
|
|
}
|
|
else
|
|
{
|
|
// System.out.println(param + " didn't match defined pattern.");
|
|
throw new ValidationException(name + " contained an invalid value");
|
|
}
|
|
}
|
|
|
|
public String getStrictAlphaParameter(String name, int maxLength) throws ParameterNotFoundException,
|
|
ValidationException
|
|
{
|
|
String alphaRegEx = "^[a-zA-Z\\s]{0," + maxLength + "}$";
|
|
Pattern alphaPattern = Pattern.compile(alphaRegEx);
|
|
|
|
return getRegexParameter(name, alphaPattern);
|
|
}
|
|
|
|
public String getStrictNumericParameter(String name, int maxLength) throws ParameterNotFoundException,
|
|
ValidationException
|
|
{
|
|
String numericRegEx = "^\\d{0," + maxLength + "}$";
|
|
Pattern numericPattern = Pattern.compile(numericRegEx);
|
|
|
|
return getRegexParameter(name, numericPattern);
|
|
}
|
|
|
|
private static final String SSNREGEX = "^\\d{3}-\\d{2}-\\d{4}$";
|
|
|
|
private static final Pattern Ssnpattern = Pattern.compile(SSNREGEX);
|
|
|
|
public String getSsnParameter(String name) throws ParameterNotFoundException, ValidationException
|
|
{
|
|
return getRegexParameter(name, Ssnpattern);
|
|
}
|
|
|
|
// Validates format for major brands of credit card.
|
|
// private static final String CCNREGEX =
|
|
// "^(?:(?<Visa>4\\d{3})|(?<Mastercard>5[1-5]\\d{2})|(?<Discover>6011)|(?<DinersClub>(?:3[68]\\d{2})|(?:30[0-5]\\d))|(?<AmericanExpress>3[47]\\d{2}))([
|
|
//-]?)(?(DinersClub)(?:\\d{6}\\1\\d{4})|(?(AmericanExpress)(?:\\d{6}\\1\\d{5})|(?:\\d{4}\\1\\d{4
|
|
// }\\1\\d{4})))$";
|
|
private static final String CCNREGEX = "^\\d{16}$";
|
|
|
|
private static final Pattern Ccnpattern = Pattern.compile(CCNREGEX);
|
|
|
|
public String getCcnParameter(String name) throws ParameterNotFoundException, ValidationException
|
|
{
|
|
return getRegexParameter(name, Ccnpattern);
|
|
}
|
|
|
|
private static final String ZIPREGEX = "^\\d{5}(-\\d{4})?$";
|
|
|
|
private static final Pattern Zippattern = Pattern.compile(ZIPREGEX);
|
|
|
|
public String getZipParameter(String name) throws ParameterNotFoundException, ValidationException
|
|
{
|
|
return getZipParameter(name, null);
|
|
}
|
|
|
|
public String getZipParameter(String name, String def) throws ValidationException
|
|
{
|
|
return getRegexParameter(name, def, Zippattern);
|
|
}
|
|
|
|
private static final String PHONEREGEX = "^\\(?[\\d]{3}\\)?[\\s-]?[\\d]{3}[\\s-]?[\\d]{4}$";
|
|
|
|
// Or this more forgiving pattern:
|
|
// private static final String PHONEREGEX = "^([\\-()+ 0-9x])+$";
|
|
private static final Pattern phonepattern = Pattern.compile(PHONEREGEX);
|
|
|
|
public String getPhoneParameter(String name) throws ParameterNotFoundException, ValidationException
|
|
{
|
|
return getPhoneParameter(name, null);
|
|
}
|
|
|
|
public String getPhoneParameter(String name, String def) throws ValidationException
|
|
{
|
|
return getRegexParameter(name, def, phonepattern);
|
|
}
|
|
|
|
private static final String EMAILREGEX = "^[\\w-]+(?:\\.[\\w-]+)*@(?:[\\w-]+\\.)+[a-zA-Z]{2,7}$";
|
|
|
|
private static final Pattern emailpattern = Pattern.compile(EMAILREGEX);
|
|
|
|
public String getEMailParameter(String name) throws ParameterNotFoundException, ValidationException
|
|
{
|
|
return getEMailParameter(name, null);
|
|
}
|
|
|
|
public String getEMailParameter(String name, String def) throws ValidationException
|
|
{
|
|
return getRegexParameter(name, def, emailpattern);
|
|
}
|
|
|
|
private static final String DATEREGEX = "([\\/ .,:0-9a-zA-Z])+$";
|
|
|
|
private static final Pattern datepattern = Pattern.compile(DATEREGEX);
|
|
|
|
public String getDateParameter(String name) throws ParameterNotFoundException, ValidationException
|
|
{
|
|
return getDateParameter(name, null);
|
|
}
|
|
|
|
public String getDateParameter(String name, String def) throws ValidationException
|
|
{
|
|
return getRegexParameter(name, def, datepattern);
|
|
}
|
|
|
|
private static final String URLREGEX = "^(((https?)://)([-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,][[:blank:]])?$";
|
|
|
|
private static final Pattern URLpattern = Pattern.compile(URLREGEX);
|
|
|
|
public String getURLParameter(String name) throws ParameterNotFoundException, ValidationException
|
|
{
|
|
return getURLParameter(name, null);
|
|
}
|
|
|
|
public String getURLParameter(String name, String def) throws ValidationException
|
|
{
|
|
return getRegexParameter(name, def, URLpattern);
|
|
}
|
|
|
|
protected static String htmlEncode(String s)
|
|
{
|
|
return HtmlEncoder.encode(s);
|
|
}
|
|
|
|
/**
|
|
* Description of the Method
|
|
*
|
|
* @return Description of the Return Value
|
|
*/
|
|
public String toString()
|
|
{
|
|
StringBuffer s = new StringBuffer("[");
|
|
Enumeration e = getParameterNames();
|
|
|
|
while (e.hasMoreElements())
|
|
{
|
|
String key = (String) e.nextElement();
|
|
s.append(key + "=" + getParameterValues(key)[0]);
|
|
|
|
// FIXME: Other values?
|
|
if (e.hasMoreElements())
|
|
{
|
|
s.append(",");
|
|
}
|
|
}
|
|
|
|
s.append("]");
|
|
|
|
return (s.toString());
|
|
}
|
|
|
|
/**
|
|
* Description of the Method
|
|
*
|
|
* @param request
|
|
* Description of the Parameter
|
|
*/
|
|
public void update(ServletRequest request)
|
|
{
|
|
this.request = request;
|
|
}
|
|
}
|