From 2344baa082277120401d815461d5e13e831d510f Mon Sep 17 00:00:00 2001 From: Kai Moritz Date: Thu, 8 Oct 2015 09:14:20 +0200 Subject: [PATCH] Implemented aspect to deal with long/bad data in Facebook-Entries --- pom.xml | 24 +++++ .../de/juplo/facebook/aspects/Sanitize.java | 18 ++++ .../facebook/aspects/SanitizeAspect.java | 93 +++++++++++++++++++ 3 files changed, 135 insertions(+) create mode 100644 src/main/java/de/juplo/facebook/aspects/Sanitize.java create mode 100644 src/main/java/de/juplo/facebook/aspects/SanitizeAspect.java diff --git a/pom.xml b/pom.xml index e5e0440..aa6fefd 100644 --- a/pom.xml +++ b/pom.xml @@ -58,6 +58,7 @@ 1.7 + 1.8.5 2.6.2 4.12 1.1.3 @@ -176,6 +177,14 @@ provided + + + org.aspectj + aspectjrt + ${aspectj.version} + provided + + commons-codec @@ -254,6 +263,21 @@ true + + org.codehaus.mojo + aspectj-maven-plugin + 1.8 + + 1.7 + + + + + compile + + + + org.apache.maven.plugins maven-source-plugin diff --git a/src/main/java/de/juplo/facebook/aspects/Sanitize.java b/src/main/java/de/juplo/facebook/aspects/Sanitize.java new file mode 100644 index 0000000..0856a04 --- /dev/null +++ b/src/main/java/de/juplo/facebook/aspects/Sanitize.java @@ -0,0 +1,18 @@ +package de.juplo.facebook.aspects; + + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * @author Kai Moritz + */ +@Target({ ElementType.FIELD }) +@Retention(RetentionPolicy.RUNTIME) +public @interface Sanitize +{ + int length() default 255; // in accordance to @Column(length) + boolean fail() default false; +} diff --git a/src/main/java/de/juplo/facebook/aspects/SanitizeAspect.java b/src/main/java/de/juplo/facebook/aspects/SanitizeAspect.java new file mode 100644 index 0000000..4bdf908 --- /dev/null +++ b/src/main/java/de/juplo/facebook/aspects/SanitizeAspect.java @@ -0,0 +1,93 @@ +package de.juplo.facebook.aspects; + + +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + + +/** + * @author Kai Moritz + */ +@Aspect +public class SanitizeAspect +{ + private static final Logger log = + LoggerFactory.getLogger(SanitizeAspect.class); + + + /** + * This method sanitizes the given string in all means: + *
    + *
  • It removes leading and trailing whitspace.
  • + *
  • It removes characters, that are not allowed in the XML-output
  • + *
  • It checks the allowed length of the string
  • + *
+ * + * This method ensures that the output String has only + * valid XML unicode characters as specified by the + * XML 1.0 standard. For reference, please see + * the + * standard. This method will return an empty + * String if the input is null or empty. + * + * @param jp The join-point captured by AspectJ. + * @param in The String whose non-valid characters we want to remove. + * @param sanitize The annotation, the field was marked with. + * @see Invalid XML Characters: when valid UTF8 does not mean valid XML + * @see Ungültige Zeichen in Eingabefeldern abfangen + */ + @Around("set(String *) && args(in) && @annotation(sanitize)") + public void sanitize( + ProceedingJoinPoint jp, + String in, + Sanitize sanitize + ) + throws Throwable + { + if (in == null) + { + jp.proceed(new Object[] { null }); + return; + } + + in = in.trim(); + if ("".equals(in)) + { + jp.proceed(new Object[] { null }); + return; + } + + StringBuilder out = new StringBuilder(); // Used to hold the output. + char current; // Used to reference the current character. + + for (int i = 0; i < in.length(); i++) + { + current = in.charAt(i); // NOTE: No IndexOutOfBoundsException caught here; it should not happen. + if ((current == 0x9) || + (current == 0xA) || + (current == 0xD) || + ((current >= 0x20) && (current <= 0xD7FF)) || + ((current >= 0xE000) && (current <= 0xFFFD)) || + ((current >= 0x10000) && (current <= 0x10FFFF))) + out.append(current); + } + if (out.length() > sanitize.length()) + { + log.error( + "Maximum length for attribute {} exceeded: should={}, was={}", + jp.getSignature().getName(), + sanitize.length(), + out.length() + ); + if (sanitize.fail()) + throw new RuntimeException("String is longer than " + sanitize.length()); + else + out.setLength(sanitize.length()); + } + jp.proceed(new Object[] { out.toString() }); + } +} -- 2.20.1