Summary Table
Categories |
Total Count |
PII |
0 |
URL |
0 |
DNS |
0 |
EKL |
0 |
IP |
0 |
PORT |
0 |
VsID |
0 |
CF |
0 |
AI |
0 |
VPD |
0 |
PL |
0 |
Other |
0 |
File Content
/*
* XssRequestWrapper.java
* Copyright (c) 2017 Veterans Affairs.
*/
package gov.va.security.filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import gov.va.security.util.DataSanitizer;
/**
* Description: This class does all type of testing against the input coming to
* the API against cross-site scripting and sanitizes the values if it finds
* one.
*
* @author AbleVets
*/
public class XssRequestWrapper extends HttpServletRequestWrapper
{
private DataSanitizer ds = new DataSanitizer();
/**
*
* @param servletRequest
*/
public XssRequestWrapper(HttpServletRequest servletRequest)
{
super(servletRequest);
}
/**
* {@inheritDoc}
*/
@Override
public String[] getParameterValues(String parameter)
{
String[] values = super.getParameterValues(parameter);
if (values == null)
{
return null;
}
int count = values.length;
String[] encodedValues = new String[count];
for (int i = 0; i < count; i++)
{
encodedValues[i] = stripXSS(values[i]);
}
return encodedValues;
}
/**
* {@inheritDoc}
*/
@Override
public String getParameter(String parameter)
{
return stripXSS(super.getParameter(parameter));
}
/**
* {@inheritDoc}
*/
@Override
public String getHeader(String name)
{
return stripXSS(super.getHeader(name));
}
/**
* Description: Sanitizes input value
* @param value
* @return
*/
private String stripXSS(String value)
{
return ds.sanitizeInputData(value);
}
}