Class OracleCodec


  • public class OracleCodec
    extends Codec
    Implementation of the Codec interface for Oracle strings. This function will only protect you from SQLi in the case of user data bring placed within an Oracle quoted string such as: select * from table where user_name=' USERDATA ';
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security, Jim Manico (jim@manico.net) Manico.net
    See Also:
    how-to-escape-single-quotes-in-strings, Encoder
    • Constructor Detail

      • OracleCodec

        public OracleCodec()
    • Method Detail

      • encodeCharacter

        public java.lang.String encodeCharacter​(char[] immune,
                                                java.lang.Character c)
        Default implementation that should be overridden in specific codecs. Encodes ' to '' Encodes ' to ''
        Overrides:
        encodeCharacter in class Codec
        Parameters:
        immune -
        c - the Character to encode
        Returns:
        the encoded Character
      • decodeCharacter

        public java.lang.Character decodeCharacter​(PushbackString input)
        Returns the decoded version of the next character from the input string and advances the current character in the PushbackString. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. Formats all are legal '' decodes to '
        Overrides:
        decodeCharacter in class Codec
        Parameters:
        input - the Character to decode
        Returns:
        the decoded Character