Class: Owasp::Esapi::Codec::VbScriptCodec

Inherits:

BaseCodec

• Object
• BaseCodec
• Owasp::Esapi::Codec::VbScriptCodec

Defined in:

lib/codec/vbscript_codec.rb

Constant Summary

Constants inherited from BaseCodec

BaseCodec::END_CODE_POINT, BaseCodec::START_CODE_POINT

Instance Method Summary

• #decode_char(input) ⇒ Object

  Returns the decoded version of the character starting at index, or nil if no decoding is possible.

• #encode(immune, input) ⇒ Object

  Encode a String so that it can be safely used in a specific context.

• #encode_char(immune, input) ⇒ Object

  Returns quote-encoded character.

Methods inherited from BaseCodec

#decode, #hex, #min

Instance Method Details

#decode_char(input) ⇒ Object

Returns the decoded version of the character starting at index, or nil if no decoding is possible.

Formats all are legal both upper/lower case: “x - all special characters ” + chr(x) + “ - not supported

# File 'lib/codec/vbscript_codec.rb', line 47

def decode_char(input)
  input.mark();
  first = input.next
  if first.nil?
    input.reset
    return nil;
  end
  # if this is not an encoded character, return null
  if first != "\""
    input.reset
    return nil
  end
  input.next
end

#encode(immune, input) ⇒ Object

Encode a String so that it can be safely used in a specific context.

# File 'lib/codec/vbscript_codec.rb', line 8

def encode(immune, input)
  encoded_string = ''
  encoding = false
  inquotes = false
  encoded_string.encode!(Encoding::UTF_8)
  i = 0
  input.encode(Encoding::UTF_8).chars do |c|
    if Owasp::Esapi::Encoder::CHAR_ALPHANUMERIC.include?(c) or immune.include?(c)
      encoded_string << "&" if encoding and i > 0
      encoded_string << "\"" if !inquotes and i > 0
      encoded_string << c
      inquotes = true
      encoding = false
    else
      encoded_string << "\"" if inquotes and i < input.size
      encoded_string << "&" if i > 0
      encoded_string << encode_char(immune,c)
      inquotes = false
      encoding = true
    end
    i += 1
  end
  encoded_string
end

#encode_char(immune, input) ⇒ Object

Returns quote-encoded character

# File 'lib/codec/vbscript_codec.rb', line 33

def encode_char(immune,input)
  return input if immune.include?(input)
  hex = hex(input)
  return input if hex.nil?
  return "chrw(#{input.ord})"
end