Package org.apache.ofbiz.security

Class SecuredFreemarker

java.lang.Object

org.apache.ofbiz.security.SecuredFreemarker

public class SecuredFreemarker
extends Object

Constructor Summary

Constructors

Constructor	Description
SecuredFreemarker()

Method Summary

Modifier and Type	Method	Description
static boolean	containsFreemarkerInterpolation(String stringToCheck)	Analyze if stringToCheck contains a freemarker template
static boolean	containsFreemarkerInterpolation(HttpServletRequest req, HttpServletResponse resp, String uri)
static boolean	containsFreemarkerInterpolation(HttpServletResponse resp, String stringToCheck)
static Map<String,Object>	sanitizeParameterMap(Map<String,Object> params)	Analyse each entry contains on params.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecuredFreemarker

public SecuredFreemarker()

Method Details

containsFreemarkerInterpolation

public static boolean containsFreemarkerInterpolation(HttpServletRequest req,
 HttpServletResponse resp,
 String uri)
                                               throws IOException

Throws:

IOException

containsFreemarkerInterpolation

public static boolean containsFreemarkerInterpolation(HttpServletResponse resp,
 String stringToCheck)
                                               throws IOException

Parameters:

resp -

stringToCheck -

Throws:

IOException

containsFreemarkerInterpolation

public static boolean containsFreemarkerInterpolation(String stringToCheck)

Analyze if stringToCheck contains a freemarker template

Parameters:

stringToCheck -

Returns:

true if freemarker template is detected

sanitizeParameterMap

public static Map<String,Object> sanitizeParameterMap(Map<String,Object> params)

Analyse each entry contains on params. If a freemarker template is detected, sanatize it to escape any exploit

Parameters:

params -

Returns:

Map with all values sanitized