Package fr.gouv.vitam.common.security

Class SanityChecker

  • public class SanityChecker
extends java.lang.Object
    Checker for Sanity of XML and Json

    Json : check if json is not exceed the limit size, if json does not contain script tag
    XML: check if XML file is not exceed the limit size, and it does not contain CDATA, ENTITY or SCRIPT tag

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String HTTP_PARAMETER_VALUE  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void checkHeaders​(javax.ws.rs.core.HttpHeaders headers)
      checkHeaders : Check sanity of Headers: no javascript/xml tag, neither html tag
      static void checkHeadersMap​(javax.ws.rs.core.MultivaluedMap<java.lang.String,​java.lang.String> requestHeaders)
      Checks sanity of Headers: no javascript/xml tag, neither html tag
      static void checkHTMLFile​(java.io.File file)
      checkHTMLFile : Check if the file contains HTML content
      static void checkJsonAll​(com.fasterxml.jackson.databind.JsonNode json)
      checkJsonAll : Check sanity of json : size, invalid tag
      static void checkJsonAll​(java.lang.String json)
      checkJsonAll : Check sanity of json : size, invalid tag
      protected static void checkJsonSanity​(com.fasterxml.jackson.databind.JsonNode json)
      checkJsonSanity : check sanity of json and find invalid key
      static void checkParameter​(java.lang.String... params)
      checkParameter : Check sanity of String: no javascript/xml tag, neither html tag
      static void checkUriParametersMap​(javax.ws.rs.core.MultivaluedMap<java.lang.String,​java.lang.String> uriParameters)
      Checks sanity of Headers: no javascript/xml tag, neither html tag
      static void checkXmlAll​(java.io.File xmlFile)
      checkXMLAll : check xml sanity all aspect : size, tag size, invalid tag
      protected static void checkXmlSanityFileSize​(java.io.File xmlFile)
      CheckXMLSanityFileSize : check size of xml file
      protected static void checkXmlSanityTags​(java.io.File xmlFile)
      CheckXMLSanityTags : check invalid tag contains of a xml file
      protected static void checkXmlSanityTagValueSize​(java.io.File xmlFile)
      check XML Sanity Tag and Value Size
      static int getLimitFieldSize()  
      static long getLimitFileSize()  
      static long getLimitJsonSize()  
      static int getLimitParamSize()  
      static java.lang.String sanitizeJson​(com.fasterxml.jackson.databind.JsonNode json)
      Sabitize the json
      static void setLimitFieldSize​(int limitFieldSize)  
      static void setLimitFileSize​(long limitFileSize)  
      static void setLimitJsonSize​(long limitJsonSize)  
      static void setLimitParamSize​(int limitParamSize)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • HTTP_PARAMETER_VALUE

        public static final java.lang.String HTTP_PARAMETER_VALUE
        See Also:
        Constant Field Values

    • Method Detail

      • checkJsonAll

        public static final void checkJsonAll​(com.fasterxml.jackson.databind.JsonNode json)
                               throws InvalidParseOperationException
        checkJsonAll : Check sanity of json : size, invalid tag
        Parameters:
        json - as JsonNode
        Throws:
        InvalidParseOperationException - when Sanity Check is in error

      • checkHeadersMap

        public static final void checkHeadersMap​(javax.ws.rs.core.MultivaluedMap<java.lang.String,​java.lang.String> requestHeaders)
                                  throws InvalidParseOperationException
        Checks sanity of Headers: no javascript/xml tag, neither html tag
        Parameters:
        requestHeaders -
        Throws:
        InvalidParseOperationException

      • checkUriParametersMap

        public static final void checkUriParametersMap​(javax.ws.rs.core.MultivaluedMap<java.lang.String,​java.lang.String> uriParameters)
                                        throws InvalidParseOperationException
        Checks sanity of Headers: no javascript/xml tag, neither html tag
        Parameters:
        uriParameters -
        Throws:
        InvalidParseOperationException

      • checkXmlSanityTagValueSize

        protected static final void checkXmlSanityTagValueSize​(java.io.File xmlFile)
                                                throws InvalidParseOperationException,
                                                       java.io.IOException
        check XML Sanity Tag and Value Size
        Parameters:
        xmlFile - xml file
        Throws:
        java.io.IOException - when read file error
        InvalidParseOperationException - when Sanity Check is in error

      • checkXmlSanityFileSize

        protected static final void checkXmlSanityFileSize​(java.io.File xmlFile)
                                            throws InvalidParseOperationException
        CheckXMLSanityFileSize : check size of xml file
        Parameters:
        xmlFile - as File
        Throws:
        java.io.IOException - when read file exception
        InvalidParseOperationException - when Sanity Check is in error

      • checkXmlSanityTags

        protected static final void checkXmlSanityTags​(java.io.File xmlFile)
                                        throws InvalidParseOperationException,
                                               java.io.IOException
        CheckXMLSanityTags : check invalid tag contains of a xml file
        Parameters:
        xmlFile - : XML file path as String
        Throws:
        java.io.IOException - when read file error
        InvalidParseOperationException - when Sanity Check is in error

      • checkJsonSanity

        protected static final void checkJsonSanity​(com.fasterxml.jackson.databind.JsonNode json)
                                     throws InvalidParseOperationException
        checkJsonSanity : check sanity of json and find invalid key
        Parameters:
        json - as JsonNode
        Throws:
        InvalidParseOperationException - when Sanity Check is in error

      • getLimitFileSize

        public static final long getLimitFileSize()
        Returns:
        the limit File Size (XML or JSON)

      • setLimitFileSize

        public static final void setLimitFileSize​(long limitFileSize)
        Parameters:
        limitFileSize - the limit File Size to set (XML or JSON)

      • getLimitJsonSize

        public static final long getLimitJsonSize()
        Returns:
        the limit Size of a Json

      • setLimitJsonSize

        public static final void setLimitJsonSize​(long limitJsonSize)
        Parameters:
        limitJsonSize - the limit Size of a Json to set

      • getLimitFieldSize

        public static final int getLimitFieldSize()
        Returns:
        the limit Size of a Field in a Json

      • setLimitFieldSize

        public static final void setLimitFieldSize​(int limitFieldSize)
        Parameters:
        limitFieldSize - the limit Size of a Field in a Json to set

      • getLimitParamSize

        public static final int getLimitParamSize()
        Returns:
        the limit Size of a parameter

      • setLimitParamSize

        public static final void setLimitParamSize​(int limitParamSize)
        Parameters:
        limitParamSize - the limit Size of a parameter to set