[Esapi-php] Pretty print functions

Mike Boberski mike.boberski at gmail.com
Thu Jan 21 23:26:05 EST 2010


Cool, I'll review this in detail in the morning. Thanks!

Ok, onward to encoder, finishing that off!

Best,

Mike


On Thu, Jan 21, 2010 at 9:16 PM, jah <jah at jahboite.co.uk> wrote:

> OK, attached is CodecDebug.php which is an initial attempt at the
> functions for outputting codec debugging info - hopefully as you
> envisaged , Mike.  Also attached is codec_debugging.patch which shows
> the functions in use in Codec decode and encode, and in PercentCodec,
> pretty much as you said it would be, I think.
> I'm sure you'll let me know if it needs work - consider it a rough draft
> and fire away.
>
> Here's an example output:
>
> DEBUG - [ -> ] DefaultEncoder->encodeForURL, Codec->encode,
> PercentCodec->encodeCharacter:
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . '<']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 's']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'c']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'r']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'i']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'p']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 't']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . '>']
> Encoded: [%3Cscript%3E]
>
> DEBUG - [ -> ] DefaultEncoder->canonicalize, Codec->decode,
> PercentCodec->decodeCharacter:
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . '%']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . '3']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'C']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 's']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'c']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'r']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'i']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'p']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 't']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . '%']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . '3']
> Normalized codec input: 4 bytes ['' . "\0" . '' . "\0" . '' . "\0" . 'E']
> Decoded: [<script>]
>
> Regards,
>
> jah
>
>
> initial with the supplied string codec input * which is used as a weak way
> of preventing premature logging which would * otherwise happen when using
> encoding methods within CodecDebug. * * @param string $initial codec input
> */ public function setInitial($initial) { if (! $this->allowRecurse) return;
> if ($this->initial !== null) { return; } $this->initial = $initial; } /** *
> resets $this->initial. */ private function resetInitial() { $this->initial =
> null; } /** * addNormalized is called by addToDecode and addToEncode and
> adds a UTF-32 * encoded character (and some extra debug info) to the buffer.
> * * @param string $charNormalizedEncoding is a UTF-32 encoded character. *
> @return null */ public function addNormalized($charNormalizedEncoding) { //
> TODO - it's not very pretty and i'm also worried that var_export does
> strange things. ob_start(); var_dump($charNormalizedEncoding); $dumpedVar =
> ob_get_clean(); $matches=array(); if (! preg_match('/\(length=([0-9]+)\)/',
> $dumpedVar, $matches)) { $matches[1] = strtok( stristr($dumpedVar, "("), '"'
> ); } $this->buf .= "Normalized codec input: " . $matches[1] . " bytes [" .
> substr( var_export($charNormalizedEncoding, true), 0 ) . "]
> \n"; } /** * Called by Codec::decodeCharacter methods, addToDecode sets-up
> the buffer * to begin with a caller trace and passes the supplied character
> to * addNormalized. * * @param string $charNormalizedEncoding is a UTF-32
> encoded character. * @return null */ public function
> addToDecode($charNormalizedEncoding) { if (!
> ESAPI::getLogger(LOG)->isDebugEnabled() || ! $this->allowRecurse) return; if
> ($this->buf === null) { $caller = null; try { $caller =
> $this->_shortTrace(); } catch (Exception $e) { $caller = "Decoding"; }
> $this->buf = $caller.":
> \n"; // ;) } $this->addNormalized($charNormalizedEncoding); } /** * Called
> by Codec::encodeCharacter methods, addToEncode sets-up the buffer * to begin
> with a caller trace and passes the supplied parameter to * addNormalized. *
> * @param string $charNormalizedEncoding is a UTF-32 encoded character. *
> @return null */ public function addToEncode($charNormalizedEncoding) { if (!
> ESAPI::getLogger(LOG)->isDebugEnabled() || ! $this->allowRecurse) return; if
> ($this->buf === null) { $caller = null; try { $caller =
> $this->_shortTrace(); } catch (Exception $e) { $caller = "Encoding"; }
> $this->buf = $caller.":
> \n"; // ;) } $this->addNormalized($charNormalizedEncoding); } /** *
> outputEncoded appends the final encoded string (encoded for HTML) to the *
> contents of $this->buf and logs this debugging output before resetting * the
> CodecDebug instance. * * @param string $initial is the original unencoded
> input string. * @param string $encoded is the final encoded string. *
> @return null */ public function outputEncoded($initial, $encoded) { if (!
> ESAPI::getLogger(LOG)->isDebugEnabled() || ! $this->allowRecurse) return; if
> ($this->buf === null) { $this->resetInitial(); return; // the codec being
> tested has not added any normalised inputs. } if ($this->initial !=
> $initial) { return; // TODO does this need removing now? }
> $this->allowRecurse = false; $output = $this->buf . "Encoded: [" .
> ESAPI::getEncoder()->encodeForHTML($encoded) . "]";
> ESAPI::getLogger(LOG)->debug(new EventType("Codec encode() output"), true,
> $output); $this->allowRecurse = true; $this->buf = null;
> $this->resetInitial(); } /** * outputDecoded appends the final decoded
> string (encoded for HTML) to the * contents of $this->buf and logs this
> debugging output before resetting * the CodecDebug instance. * * @param
> string $initial is the original encoded input string. * @param string
> $decoded is the final decoded string. * @return null */ public function
> outputDecoded($initial, $decoded) { if (!
> ESAPI::getLogger(LOG)->isDebugEnabled() || ! $this->allowRecurse) return; if
> ($this->buf === null) { $this->resetInitial(); return; // the codec being
> tested has not added any normalised inputs. } if ($this->initial !=
> $initial) { return; // TODO does this need removing now? }
> $this->allowRecurse = false; $output = $this->buf . "Decoded: [" .
> ESAPI::getEncoder()->encodeForHTML($decoded) . "]";
> ESAPI::getLogger(LOG)->debug(new EventType("Codec decode() output"), true,
> $output); $this->allowRecurse = true; $this->buf = null;
> $this->resetInitial(); } /** * convenience method which returns a shortened
> backtrace. */ private function _shortTrace() { $dt = debug_backtrace();
> $trace = ""; $trace .= $dt[4]['class'] . '->' . $dt[4]['function'] . ', ';
> $trace .= $dt[3]['class'] . '->' . $dt[3]['function'] . ', '; $trace .=
> $dt[2]['class'] . '->' . $dt[2]['function'] ; // CodecDebug's caller return
> $trace; } }
> _______________________________________________
> Esapi-php mailing list
> Esapi-php at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-php
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-php/attachments/20100121/00c2c0b7/attachment-0001.html 


More information about the Esapi-php mailing list