List of usage examples for java.util.regex Matcher pattern
public Pattern pattern()
From source file:org.silverpeas.core.web.filter.MassiveWebSecurityFilter.java
/** * Verifies deeply a matched SQL string. Indeed, throwing an exception of XSS attack only on * SQL detection is not enough. This method tries to detect a known table name from the SQL * string./* w w w. j a v a 2 s . c om*/ * @param matcherFound * @param string * @return */ private boolean verifySqlDeeply(final Matcher matcherFound, String string) { boolean isVerified = true; if (matcherFound.pattern() == SQL_SELECT_FROM_PATTERN || matcherFound.pattern() == SQL_INSERT_VALUES_PATTERN || matcherFound.pattern() == SQL_UPDATE_PATTERN || matcherFound.pattern() == SQL_DELETE_PATTERN) { isVerified = false; Pattern tableNamesPattern = getSqlTableNamesPattern(); Matcher tableNameMatcher = tableNamesPattern.matcher(string); while (tableNameMatcher.find()) { isVerified = tableNamesPattern.matcher(extractTableNameWholeWord(tableNameMatcher, string)) .matches(); if (isVerified) { break; } } } return isVerified; }
From source file:org.structr.rest.servlet.ResourceHelper.java
/** * Parse the request path and match with possible resource patterns * * @param securityContext/*from w w w. j ava 2s .c o m*/ * @param request * @param resourceMap * @param propertyView * @return resourceChain * @throws FrameworkException */ public static List<Resource> parsePath(final SecurityContext securityContext, final HttpServletRequest request, final Map<Pattern, Class<? extends Resource>> resourceMap, final Value<String> propertyView) throws FrameworkException { final String path = request.getPathInfo(); // intercept empty path and send 204 No Content if (StringUtils.isBlank(path)) { throw new NoResultsException(); } // 1.: split request path into URI parts final String[] pathParts = path.split("[/]+"); // 2.: create container for resource constraints final Set<String> propertyViews = Services.getInstance().getConfigurationProvider().getPropertyViews(); final List<Resource> resourceChain = new ArrayList<>(pathParts.length); // 3.: try to assign resource constraints for each URI part for (int i = 0; i < pathParts.length; i++) { // eliminate empty strings final String part = pathParts[i].trim(); if (part.length() > 0) { boolean found = false; // check views first if (propertyViews.contains(part)) { Resource resource = new ViewFilterResource(); resource.checkAndConfigure(part, securityContext, request); resource.configurePropertyView(propertyView); resourceChain.add(resource); // mark this part as successfully parsed found = true; } else { // look for matching pattern for (Map.Entry<Pattern, Class<? extends Resource>> entry : resourceMap.entrySet()) { Pattern pattern = entry.getKey(); Matcher matcher = pattern.matcher(pathParts[i]); if (matcher.matches()) { Class<? extends Resource> type = entry.getValue(); Resource resource = null; try { // instantiate resource constraint resource = type.newInstance(); } catch (Throwable t) { logger.log(Level.WARNING, "Error instantiating resource class", t); } if (resource != null) { // set security context resource.setSecurityContext(securityContext); if (resource.checkAndConfigure(part, securityContext, request)) { logger.log(Level.FINE, "{0} matched, adding resource of type {1} for part {2}", new Object[] { matcher.pattern(), type.getName(), part }); // allow constraint to modify context resource.configurePropertyView(propertyView); // add constraint and go on resourceChain.add(resource); found = true; // first match wins, so choose priority wisely ;) break; } } } } } if (!found) { throw new NotFoundException(); } } } return resourceChain; }
From source file:tds.itemrenderer.processing.ITSUrlBase64.java
private String replaceHtmlMatch(Matcher matcher) { String basePath = _filePath.replace(Path.getFileName(_filePath), ""); String imageFile = matcher.group("src"); String imagePath = Path.combine(basePath, imageFile); byte[] binaryData = null; try {//ww w . java 2 s . c o m binaryData = FileUtils.readFileToByteArray(new File(imagePath)); } catch (IOException e) { throw new ITSDocumentProcessingException(e); } final String base64Format = "data:image/%s;base64,%s"; String extension = Path.getExtension(imageFile).replace(".", ""); String base64 = String.format(base64Format, extension, DatatypeConverter.printBase64Binary(binaryData)); String imageTag = matcher.group("img"); Matcher matcher2 = matcher.pattern().matcher(imageTag); StringBuilder sb = new StringBuilder(imageTag); matcher2.find(); return sb.replace(matcher2.start(2), matcher2.end(2), base64).toString(); }