Example usage for org.apache.commons.lang StringUtils indexOfIgnoreCase

Introduction

In this page you can find the example usage for org.apache.commons.lang StringUtils indexOfIgnoreCase.

Prototype

public static int indexOfIgnoreCase(String str, String searchStr) 

Source Link

Document

Case in-sensitive find of the first index within a String.

Usage

From source file:org.sonar.php.checks.utils.AbstractCommentContainsPatternCheck.java

private boolean isLetterAround(String line) {
    int start = StringUtils.indexOfIgnoreCase(line, pattern());
    int end = start + pattern().length();

    boolean pre = start > 0 && Character.isLetter(line.charAt(start - 1));
    boolean post = end < line.length() - 1 && Character.isLetter(line.charAt(end));

    return pre || post;
}

---

From source file:org.zaproxy.zap.extension.ascanrules.TestExternalRedirect.java

/**
 * Check if the evil payload has been reflected in the retrieved response inside one of the
 * possible redirection points. For a (quite) complete list of the possible redirection attacks
 * please refer to http://code.google.com/p/html5security/wiki/RedirectionMethods
 *
 * @param payload the payload that should be reflected inside a redirection point
 * @param msg the current message where reflected redirection should be check into
 * @return get back the redirection type if exists
 *//*from w  w w  .ja va 2  s  . c o  m*/
private int isRedirected(String payload, HttpMessage msg) {

    // (1) Check if redirection by "Location" header
    // http://en.wikipedia.org/wiki/HTTP_location
    // HTTP/1.1 302 Found
    // Location: http://www.example.org/index.php
    //
    String value = msg.getResponseHeader().getHeader(HttpHeader.LOCATION);
    if (checkPayload(value, payload)) {
        return REDIRECT_LOCATION_HEADER;
    }

    // (2) Check if redirection by "Refresh" header
    // http://en.wikipedia.org/wiki/URL_redirection
    // HTTP/1.1 200 ok
    // Refresh: 0; url=http://www.example.com/
    //
    value = msg.getResponseHeader().getHeader("Refresh");
    if (value != null) {
        // Usually redirect content is configured with a delay
        // so extract the url component
        value = getRefreshUrl(value);

        if (checkPayload(value, payload)) {
            return REDIRECT_REFRESH_HEADER;
        }
    }

    // (3) Check if redirection occurs by "Meta" content header
    // http://code.google.com/p/html5security/wiki/RedirectionMethods
    // <meta http-equiv="location" content="URL=http://evil.com" />
    // <meta http-equiv="refresh" content="0;url=http://evil.com/" />
    //
    String content = msg.getResponseBody().toString();
    Source htmlSrc = new Source(content);
    List<Element> metaElements = htmlSrc.getAllElements(HTMLElementName.META);
    for (Element el : metaElements) {

        value = el.getAttributeValue("http-equiv");

        if (value != null) {
            if (value.equalsIgnoreCase("location")) {
                // Get the content attribute value
                value = el.getAttributeValue("content");

                // Check if the payload is inside the location attribute
                if (checkPayload(value, payload)) {
                    return REDIRECT_LOCATION_META;
                }

            } else if (value.equalsIgnoreCase("refresh")) {
                // Get the content attribute value
                value = el.getAttributeValue("content");

                // If the content attribute isn't set go away
                if (value != null) {
                    // Usually redirect content is configured with a delay
                    // so extract the url component
                    value = getRefreshUrl(value);

                    // Check if the payload is inside the location attribute
                    if (checkPayload(value, payload)) {
                        return REDIRECT_REFRESH_META;
                    }
                }
            }
        }
    }

    // (4) Check if redirection occurs by Base Tag
    // http://code.google.com/p/html5security/wiki/RedirectionMethods
    // <base href="http://evil.com/" />
    //

    // (5) Check if redirection occurs by Javascript
    // http://code.google.com/p/html5security/wiki/RedirectionMethods
    // location='http://evil.com/';
    // location.href='http://evil.com/';
    // location.reload('http://evil.com/');
    // location.replace('http://evil.com/');
    // location.assign('http://evil.com/');
    // window.open('http://evil.com/');
    // window.navigate('http://evil.com/');
    //
    if (StringUtils.indexOfIgnoreCase(content, payload) != -1) {
        List<Element> jsElements = htmlSrc.getAllElements(HTMLElementName.SCRIPT);
        String matchingUrl = "(\\Q" + payload + "\\E|\\Qhttp://" + REDIRECT_SITE + "\\E)";
        Pattern pattern;

        for (Element el : jsElements) {
            value = el.getContent().toString();

            // location='http://evil.com/';
            // location.href='http://evil.com/';
            pattern = Pattern.compile("(?i)location(\\.href)?\\s*=\\s*('|\")\\s*" + matchingUrl);
            if (pattern.matcher(value).find()) {
                return REDIRECT_JAVASCRIPT;
            }

            // location.reload('http://evil.com/');
            // location.replace('http://evil.com/');
            // location.assign('http://evil.com/');
            pattern = Pattern
                    .compile("(?i)location\\.(replace|reload|assign)\\s*\\(\\s*('|\")\\s*" + matchingUrl);
            if (pattern.matcher(value).find()) {
                return REDIRECT_JAVASCRIPT;
            }

            // window.open('http://evil.com/');
            // window.navigate('http://evil.com/');
            pattern = Pattern.compile("(?i)window\\.(open|navigate)\\s*\\(\\s*('|\")\\s*" + matchingUrl);
            if (pattern.matcher(value).find()) {
                return REDIRECT_JAVASCRIPT;
            }
        }
    }

    return NO_REDIRECT;
}

---

• «
• 1
• 2
• 3
• 4
• »