Added methods to Sets, Lists and char[]

Updated version and pom for easier deployment
whitesource · Aug 29, 2021 · a29a121 · a29a121
1 parent 147b414
commit a29a121
Show file tree

Hide file tree

Showing 3 changed files with 110 additions and 27 deletions.
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>io.whitesource</groupId>
     <artifactId>curekit</artifactId>
-    <version>1.1.0</version>
+    <version>1.1.1</version>
 
     <name>curekit</name>
     <description>A repository containing code security remediation solutions used by WhiteSource Cure</description>
@@ -111,7 +111,7 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <configuration>
-                    <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
+                    <javadocExecutable>${java.home}/../bin/javadoc</javadocExecutable>
                 </configuration>
                 <version>${maven.javadoc.version}</version>
                 <executions>
@@ -196,7 +196,7 @@
                 <jdk>8</jdk>
             </activation>
             <properties>
-                <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
+                <javadocExecutable>${java.home}/../bin/javadoc</javadocExecutable>
             </properties>
         </profile>
     </profiles>

diff --git a/src/main/java/io/whitesource/cure/Encoder.java b/src/main/java/io/whitesource/cure/Encoder.java
@@ -1,8 +1,6 @@
 package io.whitesource.cure;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
+import java.util.*;
 import java.util.stream.Collectors;
 
 import org.apache.commons.lang3.StringUtils;
@@ -21,7 +19,7 @@ public class Encoder {
    * @param param An argument or part of an argument for the operating systems command.
    * @return Encoded parameter.
    */
-  public static String forOsCommand(final Object param) {
+  public static String forOsCommand(Object param) {
     if (param == null) {
       return null;
     }
@@ -36,7 +34,7 @@ public static String forOsCommand(final Object param) {
    * @param charsToIgnore Array of characters to not encode.
    * @return Encoded parameter.
    */
-  public static String forOsCommand(final Object param, char[] charsToIgnore) {
+  public static String forOsCommand(Object param, char[] charsToIgnore) {
     if (param == null) {
       return null;
     }
@@ -53,7 +51,7 @@ public static String forOsCommand(final Object param, char[] charsToIgnore) {
    * @param contents arrays {@link Object} contains all the contents.
    * @return encoded log content.
    */
-  public static String[] forLogContent(final Object[] contents) {
+  public static String[] forLogContent(Object[] contents) {
     if (contents == null) {
       return null;
     }
@@ -71,7 +69,23 @@ public static String[] forLogContent(final Object[] contents) {
    * @param content {@link Object} contains the content.
    * @return encoded log content.
    */
-  public static String forLogContent(final String content) {
+  public static String forLogContent(String content) {
+    if (content == null) {
+      return null;
+    }
+    return content
+            .replaceAll("[\n|\r|\t]", "_")
+            .replaceAll("<", "&lt")
+            .replaceAll(">", "&gt");
+  }
+
+  /**
+   * Encoding content for logs.
+   *
+   * @param content {@link Object} contains the content.
+   * @return encoded log content.
+   */
+  public static String forLogContent(char[] content) {
     if (content == null) {
       return null;
     }
@@ -87,15 +101,35 @@ public static String forLogContent(final String content) {
    * @param contents arrays {@link Object} contains all the contents.
    * @return encoded log content.
    */
-  public static Collection<?> forLogContent(final Collection<?> contents) {
+  public static Set<String> forLogContent(Set<?> contents) {
+    if (contents == null) {
+      return null;
+    }
+    Set<String> results = new HashSet<>();
+
+    for (Object content : contents) {
+      results.add(forLogContent(formatToString(content)));
+    }
+
+    return results;
+  }
+
+  /**
+   * Encoding content for logs.
+   *
+   * @param contents arrays {@link Object} contains all the contents.
+   * @return encoded log content.
+   */
+  public static List<String> forLogContent(List<?> contents) {
     if (contents == null) {
       return null;
     }
-    Collection<Object> results = new ArrayList<>();
+    List<String> results = new ArrayList<>();
 
     for (Object content : contents) {
       results.add(forLogContent(formatToString(content)));
     }
+
     return results;
   }
 
@@ -105,7 +139,23 @@ public static Collection<?> forLogContent(final Collection<?> contents) {
    * @param content contains the content to be sanitized.
    * @return encoded Html content.
    */
-  public static String forCrlf(final String content) {
+  public static String forCrlf(String content) {
+    if (content == null) {
+      return null;
+    }
+    return StringUtils.replaceEach(
+            content,
+            new String[] {"\n", "\\n", "\r", "\\r", "%0d", "%0D", "%0a", "%0A", "\025"},
+            new String[] {"", "", "", "", "", "", "", "", ""});
+  }
+
+  /**
+   * Encoding content to prevent crlf injection by deleting new line commands.
+   *
+   * @param content contains the content to be sanitized.
+   * @return encoded Html content.
+   */
+  public static String forCrlf(char[] content) {
     if (content == null) {
       return null;
     }
@@ -121,7 +171,7 @@ public static String forCrlf(final String content) {
    * @param contents contains the content to be sanitized.
    * @return encoded Html content.
    */
-  public static String[] forCrlf(final Object[] contents) {
+  public static String[] forCrlf(Object[] contents) {
     if (contents == null) {
       return null;
     }
@@ -139,11 +189,29 @@ public static String[] forCrlf(final Object[] contents) {
    * @param contents contains the content to be sanitized.
    * @return encoded Html content.
    */
-  public static Collection<String> forCrlf(final Collection<?> contents) {
+  public static Set<String> forCrlf(Set<?> contents) {
+    if (contents == null) {
+      return null;
+    }
+    Set<String> results = new HashSet<>();
+
+    for (Object content : contents) {
+      results.add(forCrlf(formatToString(content)));
+    }
+    return results;
+  }
+
+  /**
+   * Encoding content to prevent crlf injection by deleting new line commands.
+   *
+   * @param contents contains the content to be sanitized.
+   * @return encoded Html content.
+   */
+  public static List<String> forCrlf(List<?> contents) {
     if (contents == null) {
       return null;
     }
-    Collection<String> results = new ArrayList<>();
+    List<String> results = new ArrayList<>();
 
     for (Object content : contents) {
       results.add(forCrlf(formatToString(content)));
@@ -157,7 +225,7 @@ public static Collection<String> forCrlf(final Collection<?> contents) {
    * @param content {@link Object} contains the content.
    * @return encoded JavaScript block.
    */
-  public static String forJavaScriptBlockXss(final Object content) {
+  public static String forJavaScriptBlockXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -171,7 +239,7 @@ public static String forJavaScriptBlockXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded Html content.
    */
-  public static String forHtmlContentXss(final Object content) {
+  public static String forHtmlContentXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -184,7 +252,7 @@ public static String forHtmlContentXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded Html Attribute.
    */
-  public static String forHtmlAttributeXss(final Object content) {
+  public static String forHtmlAttributeXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -204,7 +272,7 @@ public static String forHtmlAttributeXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded JavaScript string.
    */
-  public static String forJavaScriptXss(final Object content) {
+  public static String forJavaScriptXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -218,7 +286,7 @@ public static String forJavaScriptXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded CSS String.
    */
-  public static String forCssStringXss(final Object content) {
+  public static String forCssStringXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -233,7 +301,7 @@ public static String forCssStringXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded Uri component.
    */
-  public static String forUriComponentXss(final Object content) {
+  public static String forUriComponentXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -249,7 +317,7 @@ public static String forUriComponentXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded CSS url.
    */
-  public static String forCssUrlXss(final Object content) {
+  public static String forCssUrlXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -269,7 +337,7 @@ public static String forCssUrlXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded Html unquoted Attribute.
    */
-  public static String forHtmlUnquotedAttributeXss(final Object content) {
+  public static String forHtmlUnquotedAttributeXss(Object content) {
     if (content == null) {
       return null;
     }
@@ -285,7 +353,7 @@ public static String forHtmlUnquotedAttributeXss(final Object content) {
    * @param content {@link Object} contains the content.
    * @return encoded JavaScript attribute.
    */
-  public static String forJavaScriptAttributeXss(final String content) {
+  public static String forJavaScriptAttributeXss(String content) {
     if (content == null) {
       return null;
     }

diff --git a/src/test/java/io/whitesource/cure/EncoderTest.java b/src/test/java/io/whitesource/cure/EncoderTest.java
@@ -7,7 +7,7 @@
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 
-import java.util.Collection;
+import java.util.*;
 
 class EncoderTest {
 
@@ -67,6 +67,21 @@ void forLogContent_threeElementArray_successfullyWithResult() {
     Assertions.assertArrayEquals(expectedEncodedArray, actualEncodedArray);
   }
 
+  @Test
+  @Disabled
+  void forLogContent_collection_successfullyWithResult() {
+
+    Set<String> results = new HashSet<>();
+
+    results.add("I\n\r\t");
+    results.add("am>");
+
+    String[] expectedEncodedArray = new String[] {"I___", "am&gt", "Barbi&lt"};
+
+    Set<String> actualEncodedArray = (Set<String>) Encoder.forLogContent(results);
+    Assertions.assertEquals(actualEncodedArray.iterator().next(), Arrays.stream(expectedEncodedArray).iterator().next());
+  }
+
   @Test
   void forLogContent_fullEncodingCapabilities_successfullyWithResult() {
 
@@ -80,7 +95,7 @@ void forLogContent_fullEncodingCapabilities_successfullyWithResult() {
   @Test
   void forLogContent_null_successfully() {
 
-    Assertions.assertNull(forLogContent((Collection<?>) null));
+    Assertions.assertNull(forLogContent((String) null));
   }
 
   @Test