[434] | 1 | package de.ugoe.cs.quest.plugin.php;
|
---|
[54] | 2 |
|
---|
| 3 | import java.io.FileNotFoundException;
|
---|
| 4 | import java.io.IOException;
|
---|
[111] | 5 | import java.net.URI;
|
---|
| 6 | import java.net.URISyntaxException;
|
---|
[54] | 7 | import java.text.ParseException;
|
---|
| 8 | import java.text.SimpleDateFormat;
|
---|
| 9 | import java.util.ArrayList;
|
---|
[203] | 10 | import java.util.Collection;
|
---|
[54] | 11 | import java.util.HashMap;
|
---|
[232] | 12 | import java.util.HashSet;
|
---|
[54] | 13 | import java.util.LinkedList;
|
---|
| 14 | import java.util.List;
|
---|
| 15 | import java.util.Map;
|
---|
[232] | 16 | import java.util.Set;
|
---|
[54] | 17 |
|
---|
[554] | 18 | import de.ugoe.cs.quest.eventcore.Event;
|
---|
| 19 | import de.ugoe.cs.quest.eventcore.IEventTarget;
|
---|
| 20 | import de.ugoe.cs.quest.eventcore.IEventType;
|
---|
| 21 | import de.ugoe.cs.quest.plugin.php.eventcore.PHPEventTarget;
|
---|
| 22 | import de.ugoe.cs.quest.plugin.php.eventcore.PHPEventType;
|
---|
| 23 | import de.ugoe.cs.quest.plugin.php.eventcore.WebRequest;
|
---|
[74] | 24 | import de.ugoe.cs.util.FileTools;
|
---|
[68] | 25 | import de.ugoe.cs.util.console.Console;
|
---|
[54] | 26 |
|
---|
[171] | 27 | /**
|
---|
| 28 | * <p>
|
---|
| 29 | * Provides functionality to parse log files with web request.
|
---|
| 30 | * </p>
|
---|
| 31 | *
|
---|
| 32 | * @author Steffen Herbold
|
---|
| 33 | * @version 1.0
|
---|
| 34 | */
|
---|
[54] | 35 | public class WeblogParser {
|
---|
[171] | 36 |
|
---|
| 37 | /**
|
---|
| 38 | * <p>
|
---|
| 39 | * Timeout between two sessions in milliseconds.
|
---|
| 40 | * </p>
|
---|
| 41 | */
|
---|
[54] | 42 | private long timeout;
|
---|
[171] | 43 |
|
---|
| 44 | /**
|
---|
| 45 | * <p>
|
---|
[225] | 46 | * Minimal length of a session. All shorter sessions will be pruned.<br>
|
---|
[171] | 47 | * Default: 2
|
---|
| 48 | * </p>
|
---|
| 49 | */
|
---|
[68] | 50 | private int minLength = 2;
|
---|
[171] | 51 |
|
---|
| 52 | /**
|
---|
| 53 | * <p>
|
---|
[225] | 54 | * Maximal length of a session. All longer sessions will be pruned.<br>
|
---|
| 55 | * Default: 100
|
---|
[224] | 56 | * </p>
|
---|
| 57 | */
|
---|
| 58 | private int maxLength = 100;
|
---|
| 59 |
|
---|
| 60 | /**
|
---|
| 61 | * <p>
|
---|
[225] | 62 | * URL of the server that generated the log that is currently parser; null
|
---|
| 63 | * of URL is not available.<br>
|
---|
| 64 | * Default: null
|
---|
| 65 | * </p>
|
---|
| 66 | */
|
---|
| 67 | private String url = null;
|
---|
| 68 |
|
---|
| 69 | /**
|
---|
| 70 | * <p>
|
---|
[171] | 71 | * Collection of generated sequences.
|
---|
| 72 | * </p>
|
---|
| 73 | */
|
---|
[554] | 74 | private List<List<Event>> sequences;
|
---|
[171] | 75 |
|
---|
| 76 | /**
|
---|
| 77 | * <p>
|
---|
[232] | 78 | * List that stores the users (identified through their cookie id) to each
|
---|
| 79 | * sequence.
|
---|
| 80 | * </p>
|
---|
| 81 | */
|
---|
| 82 | private List<String> users;
|
---|
| 83 |
|
---|
| 84 | /**
|
---|
| 85 | * <p>
|
---|
| 86 | * List that stores the frequent users (identified through their cookie id)
|
---|
| 87 | * to each sequence.
|
---|
| 88 | * </p>
|
---|
| 89 | */
|
---|
| 90 | private List<String> frequentUsers;
|
---|
| 91 |
|
---|
| 92 | /**
|
---|
| 93 | * <p>
|
---|
| 94 | * Sequences for all frequent users.
|
---|
| 95 | * </p>
|
---|
| 96 | */
|
---|
[554] | 97 | private List<Collection<List<Event>>> sequencesFrequentUsers;
|
---|
[232] | 98 |
|
---|
| 99 | /**
|
---|
| 100 | * <p>
|
---|
| 101 | * Threshold that defines how many sessions of a user are require to deem
|
---|
| 102 | * the user frequent. Note, that only sessions whose lengths is in range if
|
---|
| 103 | * {@link #minLength} and {@link #maxLength} are counted.
|
---|
| 104 | * </p>
|
---|
| 105 | */
|
---|
| 106 | private int frequentUsersThreshold = -1;
|
---|
| 107 |
|
---|
| 108 | /**
|
---|
| 109 | * <p>
|
---|
[171] | 110 | * Name and path of the robot filter.
|
---|
| 111 | * </p>
|
---|
| 112 | */
|
---|
[72] | 113 | private static final String ROBOTFILTERFILE = "misc/robotfilter.txt";
|
---|
[171] | 114 |
|
---|
| 115 | /**
|
---|
| 116 | * <p>
|
---|
| 117 | * Field that contains a regular expression that matches all robots
|
---|
| 118 | * contained in {@link #ROBOTFILTERFILE}.
|
---|
| 119 | * </p>
|
---|
| 120 | */
|
---|
| 121 | private String robotRegex = null;
|
---|
| 122 |
|
---|
| 123 | /**
|
---|
| 124 | * <p>
|
---|
| 125 | * Constructor. Creates a new WeblogParser with a default timeout of
|
---|
| 126 | * 3,600,000 milliseconds (1 hour).
|
---|
| 127 | * </p>
|
---|
| 128 | */
|
---|
[54] | 129 | public WeblogParser() {
|
---|
[171] | 130 | this(3600000);
|
---|
[54] | 131 | }
|
---|
[171] | 132 |
|
---|
| 133 | /**
|
---|
| 134 | * <p>
|
---|
| 135 | * Constructor. Creates a new WeblogParser.
|
---|
| 136 | * </p>
|
---|
| 137 | *
|
---|
| 138 | * @param timeout
|
---|
| 139 | * session timeout
|
---|
| 140 | */
|
---|
[54] | 141 | public WeblogParser(long timeout) {
|
---|
| 142 | this.timeout = timeout;
|
---|
| 143 | }
|
---|
[171] | 144 |
|
---|
| 145 | /**
|
---|
| 146 | * <p>
|
---|
| 147 | * Returns the generated event sequences.
|
---|
| 148 | * </p>
|
---|
| 149 | *
|
---|
| 150 | * @return generated event sequences
|
---|
| 151 | */
|
---|
[554] | 152 | public Collection<List<Event>> getSequences() {
|
---|
[171] | 153 | return sequences;
|
---|
[54] | 154 | }
|
---|
[171] | 155 |
|
---|
| 156 | /**
|
---|
| 157 | * <p>
|
---|
| 158 | * Sets the session timeout.
|
---|
| 159 | * </p>
|
---|
| 160 | *
|
---|
| 161 | * @param timeout
|
---|
| 162 | * new session timeout
|
---|
| 163 | */
|
---|
[68] | 164 | public void setTimeout(long timeout) {
|
---|
| 165 | this.timeout = timeout;
|
---|
| 166 | }
|
---|
[171] | 167 |
|
---|
| 168 | /**
|
---|
| 169 | * <p>
|
---|
| 170 | * Sets the minimal length of a session. All sessions that contain less
|
---|
| 171 | * events will be pruned.
|
---|
| 172 | * </p>
|
---|
| 173 | *
|
---|
| 174 | * @param minLength
|
---|
| 175 | * new minimal length
|
---|
| 176 | */
|
---|
[68] | 177 | public void setMinLength(int minLength) {
|
---|
| 178 | this.minLength = minLength;
|
---|
| 179 | }
|
---|
[171] | 180 |
|
---|
| 181 | /**
|
---|
| 182 | * <p>
|
---|
[224] | 183 | * Sets the maximal length of a session. All sessions that contain more
|
---|
| 184 | * events will be pruned.
|
---|
| 185 | * </p>
|
---|
| 186 | *
|
---|
| 187 | * @param maxLength
|
---|
| 188 | * new maximal length
|
---|
| 189 | */
|
---|
| 190 | public void setMaxLength(int maxLength) {
|
---|
| 191 | this.maxLength = maxLength;
|
---|
| 192 | }
|
---|
| 193 |
|
---|
| 194 | /**
|
---|
| 195 | * <p>
|
---|
[225] | 196 | * Sets the URL of the server from which this log was generated. Often
|
---|
| 197 | * required for replay generation
|
---|
| 198 | * </p>
|
---|
| 199 | *
|
---|
| 200 | * @param url
|
---|
| 201 | * URL of the server
|
---|
| 202 | */
|
---|
| 203 | public void setUrl(String url) {
|
---|
| 204 | this.url = url;
|
---|
| 205 | }
|
---|
| 206 |
|
---|
| 207 | /**
|
---|
| 208 | * <p>
|
---|
[232] | 209 | * Sets the threshold for frequent users.
|
---|
| 210 | * </p>
|
---|
| 211 | *
|
---|
| 212 | * @param threshold
|
---|
| 213 | * threshold value; if the value is <1, the sessions of the
|
---|
| 214 | * frequent users will not be determined
|
---|
| 215 | */
|
---|
| 216 | public void setFrequentUserThreshold(int threshold) {
|
---|
| 217 | this.frequentUsersThreshold = threshold;
|
---|
| 218 | }
|
---|
| 219 |
|
---|
| 220 | /**
|
---|
| 221 | * <p>
|
---|
| 222 | * Returns the IDs of all frequent users.
|
---|
| 223 | * </p>
|
---|
| 224 | *
|
---|
| 225 | * @return IDs of the frequent users
|
---|
| 226 | */
|
---|
| 227 | public List<String> getFrequentUsers() {
|
---|
| 228 | return frequentUsers;
|
---|
| 229 | }
|
---|
| 230 |
|
---|
| 231 | /**
|
---|
| 232 | * <p>
|
---|
| 233 | * Returns the sequences of all frequent users.
|
---|
| 234 | * </p>
|
---|
| 235 | * </p>
|
---|
| 236 | *
|
---|
| 237 | * @return list of the sequences of all frequent users
|
---|
| 238 | */
|
---|
[554] | 239 | public List<Collection<List<Event>>> getFrequentUserSequences() {
|
---|
[232] | 240 | return sequencesFrequentUsers;
|
---|
| 241 | }
|
---|
| 242 |
|
---|
| 243 | /**
|
---|
| 244 | * <p>
|
---|
[171] | 245 | * Parses a web log file.
|
---|
| 246 | * </p>
|
---|
| 247 | *
|
---|
| 248 | * @param filename
|
---|
| 249 | * name and path of the log file
|
---|
| 250 | * @throws IOException
|
---|
| 251 | * thrown if there is a problem with reading the log file
|
---|
| 252 | * @throws FileNotFoundException
|
---|
| 253 | * thrown if the log file is not found
|
---|
| 254 | * @throws ParseException
|
---|
| 255 | * thrown the date format is invalid
|
---|
| 256 | */
|
---|
| 257 | public void parseFile(String filename) throws IOException,
|
---|
[177] | 258 | FileNotFoundException, ParseException {
|
---|
[74] | 259 | String[] lines = FileTools.getLinesFromFile(filename);
|
---|
[171] | 260 |
|
---|
[54] | 261 | Map<String, List<Integer>> cookieSessionMap = new HashMap<String, List<Integer>>();
|
---|
[554] | 262 | Map<String, Long> cookieTimestampMap = new HashMap<String, Long>();
|
---|
| 263 |
|
---|
[54] | 264 | int lastId = -1;
|
---|
[171] | 265 |
|
---|
| 266 | SimpleDateFormat dateFormat = new SimpleDateFormat(
|
---|
| 267 | "yyyy-MM-dd HH:mm:ss");
|
---|
[72] | 268 | loadRobotRegex();
|
---|
[171] | 269 |
|
---|
[554] | 270 | sequences = new ArrayList<List<Event>>();
|
---|
[232] | 271 | users = new ArrayList<String>();
|
---|
[171] | 272 |
|
---|
[177] | 273 | int lineCounter = 0;
|
---|
[171] | 274 | for (String line : lines) {
|
---|
[177] | 275 | lineCounter++;
|
---|
[171] | 276 | String[] values = line.substring(1, line.length() - 1).split(
|
---|
| 277 | "\" \"");
|
---|
| 278 |
|
---|
[54] | 279 | // use cookie as session identifier
|
---|
| 280 | int cookieStart = values[0].lastIndexOf('.');
|
---|
[171] | 281 | String cookie = values[0].substring(cookieStart + 1);
|
---|
[72] | 282 | String dateString = values[1];
|
---|
[54] | 283 | long timestamp = dateFormat.parse(dateString).getTime();
|
---|
[111] | 284 | String uriString = values[2];
|
---|
[72] | 285 | // String ref = values[3]; // referer is not yet used!
|
---|
[78] | 286 | String agent;
|
---|
[171] | 287 | if (values.length > 4) {
|
---|
[78] | 288 | agent = values[4];
|
---|
| 289 | } else {
|
---|
| 290 | agent = "noagent";
|
---|
| 291 | }
|
---|
[171] | 292 |
|
---|
[54] | 293 | List<String> postedVars = new ArrayList<String>();
|
---|
[171] | 294 | if (values.length == 6) { // post vars found
|
---|
| 295 | for (String postVar : values[5].trim().split(" ")) {
|
---|
[363] | 296 | if (!isBrokenVariable(postVar)) {
|
---|
[232] | 297 | postedVars.add(postVar);
|
---|
| 298 | }
|
---|
[72] | 299 | }
|
---|
[54] | 300 | }
|
---|
[171] | 301 | if (!isRobot(agent)) {
|
---|
[177] | 302 | try {
|
---|
| 303 | URI uri = new URI(uriString);
|
---|
| 304 | String path = uri.getPath();
|
---|
| 305 | List<String> getVars = extractGetVarsFromUri(uri);
|
---|
[410] | 306 |
|
---|
[554] | 307 | IEventType type = new PHPEventType(path, postedVars, getVars);
|
---|
| 308 | IEventTarget target = new PHPEventTarget(path);
|
---|
| 309 | Event event = new Event(type, target);
|
---|
| 310 | event.addReplayable(new WebRequest(url, path, postedVars, getVars));
|
---|
[224] | 311 |
|
---|
[177] | 312 | // find session and add event
|
---|
| 313 | List<Integer> sessionIds = cookieSessionMap.get(cookie);
|
---|
| 314 | if (sessionIds == null) {
|
---|
| 315 | sessionIds = new ArrayList<Integer>();
|
---|
| 316 | // start new session
|
---|
| 317 | sessionIds.add(++lastId);
|
---|
| 318 | cookieSessionMap.put(cookie, sessionIds);
|
---|
[554] | 319 | sequences.add(new LinkedList<Event>());
|
---|
[232] | 320 | users.add(cookie);
|
---|
[177] | 321 | }
|
---|
| 322 | Integer lastSessionIndex = sessionIds
|
---|
| 323 | .get(sessionIds.size() - 1);
|
---|
[554] | 324 | List<Event> lastSession = sequences
|
---|
[224] | 325 | .get(lastSessionIndex);
|
---|
[177] | 326 | long lastEventTime = timestamp;
|
---|
| 327 | if (!lastSession.isEmpty()) {
|
---|
[554] | 328 | lastEventTime = cookieTimestampMap.get(cookie);
|
---|
[177] | 329 | }
|
---|
| 330 | if (timestamp - lastEventTime > timeout) {
|
---|
| 331 | sessionIds.add(++lastId);
|
---|
[554] | 332 | List<Event> newSession = new LinkedList<Event>();
|
---|
[177] | 333 | newSession.add(event);
|
---|
| 334 | sequences.add(newSession);
|
---|
[232] | 335 | users.add(cookie);
|
---|
[177] | 336 | } else {
|
---|
| 337 | lastSession.add(event);
|
---|
| 338 | }
|
---|
[554] | 339 | cookieTimestampMap.put(cookie, timestamp);
|
---|
[177] | 340 | } catch (URISyntaxException e) {
|
---|
[224] | 341 | Console.traceln("Ignored line " + lineCounter + ": "
|
---|
| 342 | + e.getMessage());
|
---|
[171] | 343 | }
|
---|
[54] | 344 | }
|
---|
| 345 | }
|
---|
[232] | 346 | Console.traceln("" + sequences.size() + " user sequences found");
|
---|
[224] | 347 | pruneSequences();
|
---|
[232] | 348 | Console.traceln("" + sequences.size()
|
---|
| 349 | + " remaining after pruning of sequences shorter than "
|
---|
| 350 | + minLength);
|
---|
| 351 | Set<String> uniqueUsers = new HashSet<String>(users);
|
---|
| 352 | Console.traceln("" + uniqueUsers.size() + " unique users");
|
---|
| 353 | if (frequentUsersThreshold > 0) {
|
---|
| 354 | generateFrequentUserSequences(uniqueUsers);
|
---|
| 355 | }
|
---|
[74] | 356 | }
|
---|
| 357 |
|
---|
[171] | 358 | /**
|
---|
| 359 | * <p>
|
---|
[232] | 360 | * Generates the frequent user sequences, according to the threshold
|
---|
| 361 | * {@link #frequentUsersThreshold}.
|
---|
[171] | 362 | * </p>
|
---|
[232] | 363 | *
|
---|
| 364 | * @param uniqueUsers
|
---|
| 365 | * set with all user IDs
|
---|
[171] | 366 | */
|
---|
[232] | 367 | private void generateFrequentUserSequences(Set<String> uniqueUsers) {
|
---|
| 368 | frequentUsers = new ArrayList<String>();
|
---|
[554] | 369 | sequencesFrequentUsers = new ArrayList<Collection<List<Event>>>();
|
---|
[232] | 370 | for (String user : uniqueUsers) {
|
---|
| 371 | List<String> tmp = new ArrayList<String>();
|
---|
| 372 | tmp.add(user);
|
---|
| 373 | List<String> usersCopy = new LinkedList<String>(users);
|
---|
| 374 | usersCopy.retainAll(tmp);
|
---|
| 375 | int size = usersCopy.size();
|
---|
| 376 | if (size >= frequentUsersThreshold) {
|
---|
| 377 | frequentUsers.add(user);
|
---|
[554] | 378 | Collection<List<Event>> sequencesUser = new ArrayList<List<Event>>();
|
---|
[232] | 379 | for (int i = 0; i < sequences.size(); i++) {
|
---|
| 380 | if (users.get(i).equals(user)) {
|
---|
| 381 | sequencesUser.add(sequences.get(i));
|
---|
| 382 | }
|
---|
| 383 | }
|
---|
| 384 | sequencesFrequentUsers.add(sequencesUser);
|
---|
| 385 |
|
---|
| 386 | }
|
---|
| 387 | }
|
---|
| 388 | Console.traceln("" + frequentUsers.size() + " users with more than "
|
---|
| 389 | + frequentUsersThreshold + " sequences");
|
---|
| 390 | }
|
---|
| 391 |
|
---|
| 392 | /**
|
---|
| 393 | * <p>
|
---|
| 394 | * Prunes sequences shorter than {@link #minLength} and longer than
|
---|
| 395 | * {@link #maxLength}.
|
---|
| 396 | * </p>
|
---|
| 397 | */
|
---|
[224] | 398 | private void pruneSequences() {
|
---|
[171] | 399 | int i = 0;
|
---|
| 400 | while (i < sequences.size()) {
|
---|
[224] | 401 | if ((sequences.get(i).size() < minLength)
|
---|
| 402 | || sequences.get(i).size() > maxLength) {
|
---|
[68] | 403 | sequences.remove(i);
|
---|
[232] | 404 | users.remove(i);
|
---|
[72] | 405 | } else {
|
---|
| 406 | i++;
|
---|
[68] | 407 | }
|
---|
| 408 | }
|
---|
[232] | 409 |
|
---|
[54] | 410 | }
|
---|
[171] | 411 |
|
---|
| 412 | /**
|
---|
| 413 | * <p>
|
---|
| 414 | * Reads {@link #ROBOTFILTERFILE} and creates a regular expression that
|
---|
| 415 | * matches all the robots defined in the file. The regular expression is
|
---|
| 416 | * stored in the field {@link #robotRegex}.
|
---|
| 417 | * </p>
|
---|
| 418 | *
|
---|
| 419 | * @throws IOException
|
---|
| 420 | * thrown if there is a problem reading the robot filter
|
---|
| 421 | * @throws FileNotFoundException
|
---|
| 422 | * thrown if the robot filter is not found
|
---|
| 423 | */
|
---|
[72] | 424 | private void loadRobotRegex() throws IOException, FileNotFoundException {
|
---|
[74] | 425 | String[] lines = FileTools.getLinesFromFile(ROBOTFILTERFILE);
|
---|
[72] | 426 | StringBuilder regex = new StringBuilder();
|
---|
[171] | 427 | for (int i = 0; i < lines.length; i++) {
|
---|
| 428 | regex.append("(.*" + lines[i] + ".*)");
|
---|
| 429 | if (i != lines.length - 1) {
|
---|
[176] | 430 | regex.append('|');
|
---|
[72] | 431 | }
|
---|
| 432 | }
|
---|
| 433 | robotRegex = regex.toString();
|
---|
| 434 | }
|
---|
[171] | 435 |
|
---|
| 436 | /**
|
---|
| 437 | * <p>
|
---|
| 438 | * Checks whether an agent is a robot.
|
---|
| 439 | * </p>
|
---|
| 440 | *
|
---|
| 441 | * @param agent
|
---|
| 442 | * agent that is checked
|
---|
| 443 | * @return true, if the agent is a robot; false otherwise
|
---|
| 444 | */
|
---|
[72] | 445 | private boolean isRobot(String agent) {
|
---|
| 446 | return agent.matches(robotRegex);
|
---|
| 447 | }
|
---|
[171] | 448 |
|
---|
| 449 | /**
|
---|
| 450 | * <p>
|
---|
| 451 | * Parses the URI and extracts the GET variables that have been passed.
|
---|
| 452 | * </p>
|
---|
| 453 | *
|
---|
| 454 | * @param uri
|
---|
| 455 | * URI that is parsed
|
---|
| 456 | * @return a list with all GET variables
|
---|
[410] | 457 | * @throws URISyntaxException
|
---|
| 458 | * thrown if one of the variables seems to indicate that the
|
---|
| 459 | * request is a malicious attack on the web application
|
---|
[171] | 460 | */
|
---|
[410] | 461 | private List<String> extractGetVarsFromUri(URI uri)
|
---|
| 462 | throws URISyntaxException {
|
---|
[111] | 463 | List<String> getVars = new ArrayList<String>();
|
---|
| 464 | String query = uri.getQuery();
|
---|
[171] | 465 | if (query != null) {
|
---|
[111] | 466 | String[] paramPairs = query.split("&");
|
---|
[171] | 467 | for (String paramPair : paramPairs) {
|
---|
[111] | 468 | String[] paramSplit = paramPair.split("=");
|
---|
[363] | 469 | if (!isBrokenVariable(paramSplit[0])) {
|
---|
[410] | 470 | for (int i = 1; i < paramSplit.length; i++) {
|
---|
| 471 | checkForAttack(paramSplit[i]);
|
---|
| 472 | }
|
---|
[232] | 473 | getVars.add(paramSplit[0]);
|
---|
| 474 | }
|
---|
[111] | 475 | }
|
---|
| 476 | }
|
---|
| 477 | return getVars;
|
---|
| 478 | }
|
---|
[363] | 479 |
|
---|
| 480 | /**
|
---|
| 481 | * <p>
|
---|
| 482 | * Checks if a variable is broken.Currently, the check rather imprecise and
|
---|
| 483 | * checks only if the term "and" is part of the variable name.
|
---|
| 484 | * </p>
|
---|
| 485 | *
|
---|
| 486 | * @param var
|
---|
| 487 | * variable that is checked
|
---|
| 488 | * @return true if the variable is broken, false otherwise
|
---|
| 489 | */
|
---|
| 490 | private boolean isBrokenVariable(String var) {
|
---|
| 491 | return var.contains("and");
|
---|
| 492 | }
|
---|
[410] | 493 |
|
---|
| 494 | /**
|
---|
| 495 | * <p>
|
---|
| 496 | * Checks if the variable name send with a request seems like an attack on the server.
|
---|
| 497 | * </p>
|
---|
| 498 | * @param value
|
---|
| 499 | * @throws URISyntaxException
|
---|
| 500 | */
|
---|
| 501 | private void checkForAttack(String value) throws URISyntaxException {
|
---|
| 502 | if (value.contains("UNION+") || value.contains("SELECT+")) {
|
---|
| 503 | throw new URISyntaxException(value, "possible injection attack");
|
---|
| 504 | }
|
---|
| 505 | }
|
---|
[54] | 506 | }
|
---|