1 /*
2 * $Id: SecurityChecker.java 1419 2010-11-01 14:12:17Z hoheisel $
3 *
4 * Copyright (c) 2007
5 * Fraunhofer Institute for Computer Architecture and Software Technology
6 * See http://www.first.fraunhofer.de for more details.
7 */
8
9 package net.kwfgrid.gwes.servlet;
10
11 import org.apache.log4j.Logger;
12
13 /**
14 * @author Andreas Hoheisel
15 * (<a href="http://www.andreas-hoheisel.de">www.andreas-hoheisel.de</a>)
16 * @version $Id: SecurityChecker.java 1419 2010-11-01 14:12:17Z hoheisel $
17 */
18 public class SecurityChecker {
19
20 /**
21 * log4j logger
22 */
23 static Logger logger = Logger.getLogger(SecurityChecker.class);
24
25 /**
26 * Checks inputs for security issues.
27 * @param arg input string.
28 * @return Returns <code>false</code> if input contains insecure escape characters.
29 */
30 public static boolean checkPath(String arg) {
31 boolean secure = true;
32 if (arg.indexOf(";") >= 0) secure = false;
33 else if (arg.indexOf("&") >= 0) secure = false;
34 else if (arg.indexOf("<") >= 0) secure = false;
35 else if (arg.indexOf(">") >= 0) secure = false;
36 else if (arg.indexOf("\n") >= 0) secure = false;
37 else if (arg.indexOf("|") >= 0) secure = false;
38 else if (arg.indexOf("//") >= 0) secure = false;
39 else if (arg.indexOf("..") >= 0) secure = false;
40 if (!secure) {
41 SecurityChecker.logger.warn("Insecure command line input: \"" + arg + "\"");
42 }
43 return secure;
44 }
45
46 }