Summary Table
Categories |
Total Count |
PII |
0 |
URL |
0 |
DNS |
0 |
EKL |
0 |
IP |
0 |
PORT |
0 |
VsID |
0 |
CF |
0 |
AI |
0 |
VPD |
0 |
PL |
0 |
Other |
0 |
File Content
/*
* SeocSecurityWrapperResponse.java
* Copyright (c) 2017 Veterans Affairs.
*/
package gov.va.security.filter;
import java.io.IOException;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.StringUtilities;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.esapi.filters.SecurityWrapperResponse;
/**
* Description: Custom implementation for SecurityWrapperResponse methods for
* SeocAPI
*
* @author AbleVets
*
*/
public class XssSecurityWrapperResponse extends SecurityWrapperResponse
{
public static final Logger logger = ESAPI.getLogger("XssSecurityWrapperResponse");
XssSecurityWrapperResponse(HttpServletResponse response)
{
super(response);
}
/**
* {@inheritDoc}
*/
@Override
public void setStatus(int sc)
{
HttpServletResponse servletResponse = (HttpServletResponse) super.getResponse();
servletResponse.setStatus(sc);
}
/**
* {@inheritDoc}
*/
@Override
public void sendError(int sc) throws IOException
{
this.getHttpServletResponse().sendError(sc, getHTTPMessage(sc));
}
/**
* {@inheritDoc}
*/
@Override
public void sendError(int sc, String msg) throws IOException
{
this.getHttpServletResponse().sendError(sc, ESAPI.encoder().encodeForHTML(msg));
}
/**
* Description: Get ServletResonse
*
* @return HttpServletResponse
*/
private HttpServletResponse getHttpServletResponse()
{
return (HttpServletResponse) super.getResponse();
}
/**
* Description: Returns status code
*
* @param sc
* @return String
*/
private String getHTTPMessage(int sc)
{
return "HTTP error code: " + sc;
}
/**
* {@inheritDoc}
*/
@Override
public void addHeader(String name, String value)
{
try
{
String strippedName = StringUtilities.stripControls(name);
String strippedValue = StringUtilities.stripControls(value);
String safeName = ESAPI.validator().getValidInput("addHeader", strippedName,
"HTTPHeaderName", 50, false);
String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue,
"HTTPHeaderValue", ESAPI.securityConfiguration().getIntProp
(org.owasp.esapi.reference.DefaultSecurityConfiguration.MAX_HTTP_HEADER_SIZE), false);
getHttpServletResponse().addHeader(safeName, safeValue);
} catch (ValidationException e)
{
logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
}
}
}