Changeset f0dd09c for apps/jetty


Ignore:
Timestamp:
Jul 26, 2014 12:18:35 PM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
2c82232
Parents:
4746d9eb
Message:

filter logging

File:
1 edited

Legend:

Unmodified
Added
Removed
  • apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java

    r4746d9eb rf0dd09c  
    77
    88//import org.owasp.esapi.ESAPI;
     9
     10import net.i2p.I2PAppContext;
     11import net.i2p.util.Log;
    912
    1013public class XSSRequestWrapper extends HttpServletRequestWrapper {
     
    3740    public String getParameter(String parameter) {
    3841        String value = super.getParameter(parameter);
    39 
    40         return stripXSS(value, parameterValuePattern);
     42        String rv = stripXSS(value, parameterValuePattern);
     43        if (value != null && rv == null) {
     44            Log log = I2PAppContext.getGlobalContext().logManager().getLog(XSSRequestWrapper.class);
     45            log.logAlways(Log.WARN, "URL \"" + getServletPath() + "\" Stripped param \"" + parameter + "\" : \"" + value + '"');
     46        }
     47        return rv;
    4148    }
    4249
     
    4451    public String getHeader(String name) {
    4552        String value = super.getHeader(name);
    46         return stripXSS(value, headerValuePattern);
     53        String rv = stripXSS(value, headerValuePattern);
     54        if (value != null && rv == null) {
     55            Log log = I2PAppContext.getGlobalContext().logManager().getLog(XSSRequestWrapper.class);
     56            log.logAlways(Log.WARN, "URL \"" + getServletPath() + "\" Stripped header \"" + name + "\" : \"" + value + '"');
     57        }
     58        return rv;
    4759    }
    4860
Note: See TracChangeset for help on using the changeset viewer.