Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

palio.util
Class AttackDetection

java.lang.Object
  extended by palio.util.AttackDetection

public final class AttackDetection
extends java.lang.Object

This is an utility class for detection of multiple types of attacks like SQL/CSS/url injection. All detected attack will be logged to instance/server messages and to attacks.log All detection rules are based on article: http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks

Author:
Szymon Kuklewicz

Method Summary
static boolean detectSqlInjection(java.lang.String parameter, java.lang.String query, Current current)
           
static boolean detectSqlInjection(java.lang.String parameter, java.lang.String query, java.lang.Object page, Instance instance, javax.servlet.http.HttpServletRequest request, PSession session)
           
static boolean detectXssInjection(java.lang.String parameterValue, java.lang.String parameterName, Current current)
           
static boolean detectXssInjection(java.lang.String parameterValue, java.lang.String parameterName, java.lang.Object page, Instance instance, javax.servlet.http.HttpServletRequest request, PSession session)
           
static AttackDetection getInstance()
           
static void main(java.lang.String[] args)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

getInstance

public static AttackDetection getInstance()

detectSqlInjection

public static boolean detectSqlInjection(java.lang.String parameter,
                                         java.lang.String query,
                                         Current current)

detectSqlInjection

public static boolean detectSqlInjection(java.lang.String parameter,
                                         java.lang.String query,
                                         java.lang.Object page,
                                         Instance instance,
                                         javax.servlet.http.HttpServletRequest request,
                                         PSession session)

detectXssInjection

public static boolean detectXssInjection(java.lang.String parameterValue,
                                         java.lang.String parameterName,
                                         Current current)

detectXssInjection

public static boolean detectXssInjection(java.lang.String parameterValue,
                                         java.lang.String parameterName,
                                         java.lang.Object page,
                                         Instance instance,
                                         javax.servlet.http.HttpServletRequest request,
                                         PSession session)

main

public static void main(java.lang.String[] args)
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD