Summary Table

Categories Total Count
PII 0
URL 0
DNS 0
EKL 0
IP 0
PORT 0
VsID 0
CF 0
AI 0
VPD 0
PL 0
Other 0

File Content

/*
* XssRequestWrapper.java
* Copyright (c) 2017 Veterans Affairs.
*/
package gov.va.security.filter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import gov.va.security.util.DataSanitizer;

/**
* Description: This class does all type of testing against the input coming to
* the API against cross-site scripting and sanitizes the values if it finds
* one.
*
* @author AbleVets
*/
public class XssRequestWrapper extends HttpServletRequestWrapper
{
private DataSanitizer ds = new DataSanitizer();

/**
*
* @param servletRequest
*/
public XssRequestWrapper(HttpServletRequest servletRequest)
{
super(servletRequest);
}

/**
* {@inheritDoc}
*/
@Override
public String[] getParameterValues(String parameter)
{
String[] values = super.getParameterValues(parameter);

if (values == null)
{
return null;
}

int count = values.length;
String[] encodedValues = new String[count];
for (int i = 0; i < count; i++)
{
encodedValues[i] = stripXSS(values[i]);
}

return encodedValues;
}

/**
* {@inheritDoc}
*/
@Override
public String getParameter(String parameter)
{
return stripXSS(super.getParameter(parameter));
}

/**
* {@inheritDoc}
*/
@Override
public String getHeader(String name)
{
return stripXSS(super.getHeader(name));
}

/**
* Description: Sanitizes input value
* @param value
* @return
*/
private String stripXSS(String value)
{
return ds.sanitizeInputData(value);
}
}