001    package railo.runtime.security;
002    
003    import railo.runtime.type.Collection;
004    import railo.runtime.type.Struct;
005    
006    /**
007     * Script-protect to remove cross-attacks from strings
008     */
009    public final class ScriptProtect {
010            
011            public static final String[] invalids=new String[]{
012                    "object", "embed", "script", "applet", "meta", "iframe"
013            };
014            
015            /**
016             * translate all strig values of the struct i script-protected form
017             * @param sct Struct to translate its values
018             */
019            public static void translate(Struct sct) {
020                    Collection.Key[] keys = sct.keys();
021                    Object value;
022                    for(int i=0;i<keys.length;i++) {
023                            value=sct.get(keys[i],null); 
024                            if(value instanceof String) {
025                                    sct.setEL(keys[i],translate((String)value));
026                            }
027                    }
028            }
029            
030            /**
031             * translate string to script-protected form
032             * @param str
033             * @return translated String
034             */
035            public static String translate(String str) {
036                    // TODO do-while machen und StringBuffer 
037                    int index,last=0,endIndex;
038                    StringBuffer sb=null;
039                    String tagName;
040                    while((index=str.indexOf('<',last))!=-1) {
041                            // read tagname
042                            int len=str.length();
043                            char c;
044                            for(endIndex=index+1;endIndex<len;endIndex++) {
045                                    c=str.charAt(endIndex);
046                                    if((c<'a' || c>'z') && (c<'A' || c>'Z'))break;
047                            }
048                            tagName=str.substring(index+1,endIndex);
049    
050                            if(compareTagName(tagName)) {
051                                    if(sb==null) {
052                                            sb=new StringBuffer();
053                                            last=0;
054                                    }
055                                    sb.append(str.substring(last,index+1));
056                                    sb.append("invalidTag");
057                                    last=endIndex;
058                            }
059                            else if(sb!=null) {
060                                    sb.append(str.substring(last,index+1));
061                                    last=index+1;
062                            }
063                            else last=index+1;
064                            
065                    }
066                    if(sb!=null) {
067                            if(last!=str.length())sb.append(str.substring(last));
068                            return sb.toString(); 
069                    }
070                    return str;
071            }
072            
073            
074            private static boolean compareTagName(String tagName) {
075                    for(int i=0;i<invalids.length;i++) {
076                            if(invalids[i].equalsIgnoreCase(tagName)) return true;
077                    }
078                    return false;
079            }
080    
081            /**
082             * @param args
083             */
084            public static void main(String[] args) {
085                    System.out.println(translate("<hell <script><script susi=1><scriptsrc><> how are you <br />object <object ddd"));
086    
087            }
088    }