CodeSnifferSecurityAdapter (stumps 1.0-SNAPSHOT API)

java.lang.Object
- com.neurosys.cluzo.adapters.CodeSnifferSecurityAdapter

All Implemented Interfaces:

SecurityAdapter<String>
```
public class CodeSnifferSecurityAdapter
extends Object
implements SecurityAdapter<String>
```
While OWASP Anti-Samy takes care of HTML content etc, this can handle things on the scripting side to analyze script content by nature of code.

Irrespective of what time of regular expression used or character-set, programming constructs have some tell tail signs:
(536f6d657468696e672049206f627365727665642066726f6d206d79207265736561726368206f66206c616e6775616765732f636f6e746578742066726565206772616d6d61727320776179206261636b)
- Chaning: Illustration of concept
  
  (^) a.b.com ($) is - An acceptable RegEx within a RegEx Start & RegEx End; In this example [a-z] chained by a DOT (.)
- Nesting: Some characters are Nested by default, like Quotes, Brackets. However DOUBLE-NESTING is rarely used in conventional Data
  Acceptable Examples:
  - "Hello" - OK
  - (psssst...) - OK
  - " And thats the gossp ( psssst...) " - OK, A-Symmetric enclosures within Symmetric Enclosure
  Code like / Symmetric Enclosure within strict (except space/newlines no other chars) A-Symmetric Enclosure or Double Nesting:
  - ( " psssst..." ) - NOT OK, CODE LIKE
  - [ " psssst..." ] - NOT OK, CODE LIKE ..etc, diff variation of combination of Bracket & Quote
  - ( (1),(2), ('x') ) - NOT OK, CODE LIKE
  - " '...', '...', '...'" - NOT OK, CODE LIKE
  - " '...', '...', '...'" - NOT OK, CODE LIKE
Author:

Arjun Dhar

Field Summary
- Fields inherited from interface com.neurosys.cluzo.domain.SecurityAdapter
  REGEX_PROP_FILE

Constructor Summary

Constructors
Constructor and Description

CodeSnifferSecurityAdapter()

Constructors
Constructor and Description
`CodeSnifferSecurityAdapter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`String`	`getChainDelim()` The delimeter within the chain
`SecurityAdapter<String>`	`getChainElementValidator()`
`Pattern`	`getChainRegionRegExPattern()` The region that defines the chain; inclusive of the literals ad delimiter
`List<Character>`	`getSingleEnclosureSymbols()` Single enclosures like ', ""
`List<Character[]>`	`getSymmetricEnclosureSymbols()` Symmetric enclosures like (),{},[] Defines as List of Pairs (Arrays of 2 elements)
`Data<String>`	`sanitize(Data<String> data)` Sanitize content, from malicious to harmless.
`void`	`setChainDelim(String chainDelim)` The delimiter within the chain
`void`	`setChainElementValidator(SecurityAdapter<String> chainElementValidator)`
`void`	`setChainRegionRegExPattern(Pattern chainRegionRegExPattern)` The region that defines the chain; inclusive of the literals ad delimiter
`void`	`setSingleEnclosureSymbols(List<Character> singleEnclosureSymbols)` Single enclosures like ', ""
`void`	`setSymmetricEnclosureSymbols(List<Character[]> symmetricEnclosureSymbols)` Symmetric enclosures like (),{},[] Defines as List of Pairs (Arrays of 2 elements)
`void`	`validate(Data<String> input)` Check if the input is safe or not When used in a chained or a `SecurityContext` with other `SecurityAdapter`s then the Adapters throwing a `OperationNotSupportedException` will be ignored.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CodeSnifferSecurityAdapter
```
public CodeSnifferSecurityAdapter()
```
- Method Detail
  - sanitize
```
public Data<String> sanitize(Data<String> data)
                      throws Exception,
                             OperationNotSupportedException
```
    Description copied from interface: SecurityAdapter
    
    Sanitize content, from malicious to harmless. An adapter may or may not choose to support a Sanitization method. In the event it does not support it, it should throw a OperationNotSupportedException. When used in a chained or a SecurityContext with other SecurityAdapters then the Adapters throwing a OperationNotSupportedException will be ignored. Any other exception will be thrown if there is an issue in the executionof the sanitization process.
    
    Specified by:
    
    sanitize in interface SecurityAdapter<String>
    
    Returns:
    
    Throws:
    
    Exception
    
    OperationNotSupportedException
  - validate
```
public void validate(Data<String> input)
              throws SecurityException,
                     OperationNotSupportedException,
                     IOException
```
    Description copied from interface: SecurityAdapter
    
    Check if the input is safe or not
    When used in a chained or a SecurityContext with other SecurityAdapters then the Adapters throwing a OperationNotSupportedException will be ignored.
    
    Specified by:
    
    validate in interface SecurityAdapter<String>
    
    Parameters:
    
    input - as Data
    
    Throws:
    
    SecurityException - is its is not safe. This is to provide additional details about the failure that te return param cannot.
    
    IOException - for any type of setup, reading, infra related issue with files/configs
    
    OperationNotSupportedException
  - getChainRegionRegExPattern
```
public Pattern getChainRegionRegExPattern()
```
    The region that defines the chain; inclusive of the literals ad delimiter
    
    Can be null:
    
    true
  - setChainRegionRegExPattern
```
public void setChainRegionRegExPattern(Pattern chainRegionRegExPattern)
```
    The region that defines the chain; inclusive of the literals ad delimiter
    
    Can be null:
    
    true
  - getChainDelim
```
public String getChainDelim()
```
    The delimeter within the chain
    
    Can be null:
    
    false, if chainRegionRegExPattern is supplied
  - setChainDelim
```
public void setChainDelim(String chainDelim)
```
    The delimiter within the chain
    
    Can be null:
    
    false, if chainRegionRegExPattern is supplied
  - getChainElementValidator
```
public SecurityAdapter<String> getChainElementValidator()
```
    Can be null:
    
    - If null will not apply any further validation on the Chain element if not null, it will SecurityAdapter.validate(Data) the chain element between the delimiter
  - setChainElementValidator
```
public void setChainElementValidator(SecurityAdapter<String> chainElementValidator)
```
    Can be null:
    
    - If null will not apply any further validation on the Chain element if not null, it will SecurityAdapter.validate(Data) the chain element between the delimiter
  - getSingleEnclosureSymbols
```
public List<Character> getSingleEnclosureSymbols()
```
    Single enclosures like ', ""
    
    Can be null:
    
    true
  - setSingleEnclosureSymbols
```
public void setSingleEnclosureSymbols(List<Character> singleEnclosureSymbols)
```
    Single enclosures like ', ""
    
    Can be null:
    
    true
  - getSymmetricEnclosureSymbols
```
public List<Character[]> getSymmetricEnclosureSymbols()
```
    Symmetric enclosures like (),{},[]
    Defines as List of Pairs (Arrays of 2 elements)
    
    Can be null:
    
    true
  - setSymmetricEnclosureSymbols
```
public void setSymmetricEnclosureSymbols(List<Character[]> symmetricEnclosureSymbols)
```
    Symmetric enclosures like (),{},[]
    Defines as List of Pairs (Arrays of 2 elements)
    
    Can be null:
    
    true

Class CodeSnifferSecurityAdapter

Field Summary

Fields inherited from interface com.neurosys.cluzo.domain.SecurityAdapter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CodeSnifferSecurityAdapter

Method Detail

sanitize

validate

getChainRegionRegExPattern

setChainRegionRegExPattern

getChainDelim

setChainDelim

getChainElementValidator

setChainElementValidator

getSingleEnclosureSymbols

setSingleEnclosureSymbols

getSymmetricEnclosureSymbols

setSymmetricEnclosureSymbols