[owasp-java-waf] r5 committed - [No log message]
56 views
Skip to first unread message
owasp-j...@googlecode.com
Jun 15, 2011, 9:35:33 AM6/15/11
to owasp-java-wa...@googlegroups.com
Revision: 5
Author: juan.c...@owasp.org
Date: Tue Jun 14 21:31:31 2011
Log: [No log message]
http://code.google.com/p/owasp-java-waf/source/detail?r=5
Added:
/branches/2.0
/branches/2.0/2.0
/branches/2.0/AssemblyInfo.cs
/branches/2.0/Global.asax
/branches/2.0/Global.asax.cs
/branches/2.0/Global.asax.resx
/branches/2.0/SupportClass.cs
/branches/2.0/UpgradeLog.XML
/branches/2.0/Web.config
/branches/2.0/_ConversionReport.htm
/branches/2.0/_ConversionReport_Files
/branches/2.0/_ConversionReport_Files/ConversionReport.css
/branches/2.0/_ConversionReport_Files/ConversionReport_Blank.gif
/branches/2.0/_ConversionReport_Files/ConversionReport_Minus.gif
/branches/2.0/_ConversionReport_Files/ConversionReport_Plus.gif
/branches/2.0/_UpgradeReport_Files
/branches/2.0/_UpgradeReport_Files/UpgradeReport.css
/branches/2.0/_UpgradeReport_Files/UpgradeReport.xslt
/branches/2.0/_UpgradeReport_Files/UpgradeReport_Minus.gif
/branches/2.0/_UpgradeReport_Files/UpgradeReport_Plus.gif
/branches/2.0/bin
/branches/2.0/build.xml
/branches/2.0/obj
/branches/2.0/obj/Debug
/branches/2.0/obj/Debug/TempPE
/branches/2.0/obj/Debug/owasp-esapi-ASP-11.csproj.GenerateResource.Cache
/branches/2.0/obj/Debug/owasp_esapi_ASP_11.Global.resources
/branches/2.0/obj/owasp-esapi-ASP-11.csproj.FileListAbsolute.txt
/branches/2.0/owasp-esapi-ASP-1.1.xml
/branches/2.0/owasp-esapi-ASP-11.csproj
/branches/2.0/owasp-esapi-ASP-11.csproj.user
/branches/2.0/owasp-esapi-ASP-11.sln
/branches/2.0/owasp-esapi-ASP-11.suo
/branches/2.0/src
/branches/2.0/src/org
/branches/2.0/src/org/owasp
/branches/2.0/src/org/owasp/esapi
/branches/2.0/src/org/owasp/esapi/AccessController.cs
/branches/2.0/src/org/owasp/esapi/AccessReferenceMap.cs
/branches/2.0/src/org/owasp/esapi/Authenticator.cs
/branches/2.0/src/org/owasp/esapi/ESAPI.cs
/branches/2.0/src/org/owasp/esapi/Encoder.cs
/branches/2.0/src/org/owasp/esapi/EncryptedProperties.cs
/branches/2.0/src/org/owasp/esapi/Encryptor.cs
/branches/2.0/src/org/owasp/esapi/Executor.cs
/branches/2.0/src/org/owasp/esapi/HTTPUtilities.cs
/branches/2.0/src/org/owasp/esapi/IntrusionDetector.cs
/branches/2.0/src/org/owasp/esapi/Logger.cs
/branches/2.0/src/org/owasp/esapi/PKCSKeyGenerator.cs
/branches/2.0/src/org/owasp/esapi/Randomizer.cs
/branches/2.0/src/org/owasp/esapi/SecurityConfiguration.cs
/branches/2.0/src/org/owasp/esapi/Threshold.cs
/branches/2.0/src/org/owasp/esapi/User.cs
/branches/2.0/src/org/owasp/esapi/Validator.cs
/branches/2.0/src/org/owasp/esapi/doc-files
/branches/2.0/src/org/owasp/esapi/doc-files/Architecture.jpg
/branches/2.0/src/org/owasp/esapi/doc-files/OWASPTopTen.jpg
/branches/2.0/src/org/owasp/esapi/errors
/branches/2.0/src/org/owasp/esapi/errors/AccessControlException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationAccountsException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationCredentialsException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationHostException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationLoginException.cs
/branches/2.0/src/org/owasp/esapi/errors/AvailabilityException.cs
/branches/2.0/src/org/owasp/esapi/errors/CertificateException.cs
/branches/2.0/src/org/owasp/esapi/errors/EncodingException.cs
/branches/2.0/src/org/owasp/esapi/errors/EncryptionException.cs
/branches/2.0/src/org/owasp/esapi/errors/EnterpriseSecurityException.cs
/branches/2.0/src/org/owasp/esapi/errors/ExecutorException.cs
/branches/2.0/src/org/owasp/esapi/errors/IntegrityException.cs
/branches/2.0/src/org/owasp/esapi/errors/IntrusionException.cs
/branches/2.0/src/org/owasp/esapi/errors/ValidationAvailabilityException.cs
/branches/2.0/src/org/owasp/esapi/errors/ValidationException.cs
/branches/2.0/src/org/owasp/esapi/errors/ValidationUploadException.cs
/branches/2.0/src/org/owasp/esapi/errors/package.html
/branches/2.0/src/org/owasp/esapi/filters
/branches/2.0/src/org/owasp/esapi/filters/ESAPIFilter.cs
/branches/2.0/src/org/owasp/esapi/interfaces
/branches/2.0/src/org/owasp/esapi/interfaces/IAccessController.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IAccessReferenceMap.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IAuthenticator.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IEncoder.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IEncryptedProperties.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IEncryptor.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IExecutor.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IHTTPUtilities.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IIntrusionDetector.cs
/branches/2.0/src/org/owasp/esapi/interfaces/ILogger.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IRandomizer.cs
/branches/2.0/src/org/owasp/esapi/interfaces/ISecurityConfiguration.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IUser.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IValidator.cs
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/AccessController.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/AccessReferenceMap.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/Authenticator.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/HTTPUtilities.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/IntrusionDetector.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/Validator.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/package.html
/branches/2.0/src/org/owasp/esapi/package.html
/branches/2.0/test
/branches/2.0/test/org
/branches/2.0/test/org/owasp
/branches/2.0/test/org/owasp/esapi
/branches/2.0/test/org/owasp/esapi/AccessControllerTest.cs
/branches/2.0/test/org/owasp/esapi/AccessReferenceMapTest.cs
/branches/2.0/test/org/owasp/esapi/AllTests.cs
/branches/2.0/test/org/owasp/esapi/AuthenticatorTest.cs
/branches/2.0/test/org/owasp/esapi/EncoderTest.cs
/branches/2.0/test/org/owasp/esapi/EncryptedPropertiesTest.cs
/branches/2.0/test/org/owasp/esapi/EncryptorTest.cs
/branches/2.0/test/org/owasp/esapi/ExecutorTest.cs
/branches/2.0/test/org/owasp/esapi/HTTPUtilitiesTest.cs
/branches/2.0/test/org/owasp/esapi/IntrusionDetectorTest.cs
/branches/2.0/test/org/owasp/esapi/LoggerTest.cs
/branches/2.0/test/org/owasp/esapi/RandomizerTest.cs
/branches/2.0/test/org/owasp/esapi/UserTest.cs
/branches/2.0/test/org/owasp/esapi/ValidatorTest.cs
/branches/2.0/test/org/owasp/esapi/errors
/branches/2.0/test/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.cs
/branches/2.0/test/org/owasp/esapi/http
/branches/2.0/test/org/owasp/esapi/http/TestHttpServletRequest.cs
/branches/2.0/test/org/owasp/esapi/http/TestHttpServletResponse.cs
/branches/2.0/test/org/owasp/esapi/http/TestHttpSession.cs
/branches/2.0/test/org/owasp/esapi/http/TestServletInputStream.cs
/branches/2.0/test/org/owasp/esapi/http/package.html
/branches/2.0/test/testresources
/branches/2.0/test/testresources/DataAccessRules.txt
/branches/2.0/test/testresources/ESAPI.resources
/branches/2.0/test/testresources/FileAccessRules.txt
/branches/2.0/test/testresources/FunctionAccessRules.txt
/branches/2.0/test/testresources/ServiceAccessRules.txt
/branches/2.0/test/testresources/URLAccessRules.txt
/branches/2.0/test/testresources/antisamy.xml
/branches/2.0/test/testresources/keystore
/branches/2.0/test/testresources/multipart.txt
/branches/2.0/test/testresources/users.txt
=======================================
--- /dev/null
+++ /branches/2.0/AssemblyInfo.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,62 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+
+// General Information about an assembly is controlled through the
following
+// set of attributes. Change these attribute values to modify the
information
+// associated with an assembly.
+
+// TODO: Review the values of the assembly attributes
+
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+
+// Version information for an assembly consists of the following four
values:
+//
+// Major Version
+// Minor Version
+// Revision
+// Build Number
+//
+// You can specify all the values or you can default the Revision and
Build Numbers
+// by using the '*' as shown below:
+
+[assembly: AssemblyVersion("1.0.*")]
+
+//
+// In order to sign your assembly you must specify a key to use. Refer to
the
+// Microsoft .NET Framework documentation for more information on assembly
signing.
+//
+// Use the attributes below to control which key is used for signing.
+//
+// Notes:
+// (*) If no key is specified, the assembly is not signed.
+// (*) KeyName refers to a key that has been installed in the Crypto
Service
+// Provider (CSP) on your machine. KeyFile refers to a file which
contains
+// a key.
+// (*) If the KeyFile and the KeyName values are both specified, the
+// following processing occurs:
+// (1) If the KeyName can be found in the CSP, that key is used.
+// (2) If the KeyName does not exist and the KeyFile does exist, the
key
+// in the KeyFile is installed into the CSP and used.
+// (*) In order to create a KeyFile, you can use the sn.exe (Strong
Name) utility.
+// When specifying the KeyFile, the location of the KeyFile should be
+// relative to the project output directory which is
+// %Project Directory%\obj\<configuration>. For example, if your
KeyFile is
+// located in the project directory, you would specify the
AssemblyKeyFile
+// attribute as [assembly: AssemblyKeyFile("..\..\mykey.snk")]
+// (*) Delay Signing is an advanced option - see the Microsoft .NET
Framework
+// documentation for more information on this.
+//
+
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyDelaySign(false)]
+[assembly: AssemblyKeyFile("")]
+[assembly: AssemblyKeyName("")]
+
+
=======================================
--- /dev/null
+++ /branches/2.0/Global.asax Tue Jun 14 21:31:31 2011
@@ -0,0 +1,1 @@
+<%@ Application Codebehind="Global.asax.cs"
Inherits="owasp_esapi_ASP_11.Global" %>
=======================================
--- /dev/null
+++ /branches/2.0/Global.asax.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,80 @@
+using System;
+using System.Collections;
+using System.ComponentModel;
+using System.Web;
+using System.Web.SessionState;
+
+namespace owasp_esapi_ASP_11
+{
+ /// <summary>
+ /// Summary description for Global.
+ /// </summary>
+ public class Global : System.Web.HttpApplication
+ {
+ /// <summary>
+ /// Required designer variable.
+ /// </summary>
+ private System.ComponentModel.IContainer components = null;
+
+ public Global()
+ {
+ InitializeComponent();
+ }
+
+ protected void Application_Start(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ protected void Session_Start(Object sender, EventArgs e)
+ {
+
+ }
+
+ protected void Application_BeginRequest(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ protected void Application_EndRequest(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ protected void Application_AuthenticateRequest(Object sender, EventArgs
e)
+ {
+
+ }
+
+ protected void Application_Error(Object sender, EventArgs e)
+ {
+
+ }
+
+ protected void Session_End(Object sender, EventArgs e)
+ {
+
+ }
+
+ protected void Application_End(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ #region Web Form Designer generated code
+ /// <summary>
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ /// </summary>
+ private void InitializeComponent()
+ {
+ this.components = new System.ComponentModel.Container();
+ }
+ #endregion
+ }
+}
+
=======================================
--- /dev/null
+++ /branches/2.0/Global.asax.resx Tue Jun 14 21:31:31 2011
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<root>
+ <xsd:schema id="root" xmlns=""
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+ <xsd:element name="root" msdata:IsDataSet="true">
+ <xsd:complexType>
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:element name="data">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" type="xsd:string" minOccurs="0"
msdata:Ordinal="1" />
+ <xsd:element name="comment" type="xsd:string" minOccurs="0"
msdata:Ordinal="2" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" />
+ <xsd:attribute name="type" type="xsd:string" />
+ <xsd:attribute name="mimetype" type="xsd:string" />
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="resheader">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" type="xsd:string" minOccurs="0"
msdata:Ordinal="1" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" use="required" />
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ <resheader name="ResMimeType">
+ <value>text/microsoft-resx</value>
+ </resheader>
+ <resheader name="Version">
+ <value>1.0.0.0</value>
+ </resheader>
+ <resheader name="Reader">
+ <value>System.Resources.ResXResourceReader, System.Windows.Forms,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+ </resheader>
+ <resheader name="Writer">
+ <value>System.Resources.ResXResourceWriter, System.Windows.Forms,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+ </resheader>
+</root>
+
=======================================
--- /dev/null
+++ /branches/2.0/SupportClass.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,3177 @@
+//
+// In order to convert some functionality to Visual C#, the Java Language
Conversion Assistant
+// creates "support classes" that duplicate the original functionality.
+//
+// Support classes replicate the functionality of the original code, but
in some cases they are
+// substantially different architecturally. Although every effort is made
to preserve the
+// original architecture of the application in the converted project, the
user should be aware that
+// the primary goal of these support classes is to replicate
functionality, and that at times
+// the architecture of the resulting solution may differ somewhat.
+//
+
+using System;
+
+ /// <summary>
+ /// This interface should be implemented by any class whose instances are
intended
+ /// to be executed by a thread.
+ /// </summary>
+ public interface IThreadRunnable
+ {
+ /// <summary>
+ /// This method has to be implemented in order that starting of the
thread causes the object's
+ /// run method to be called in that separately executing thread.
+ /// </summary>
+ void Run();
+ }
+
+/// <summary>
+/// Contains conversion support elements such as classes, interfaces and
static methods.
+/// </summary>
+public class SupportClass
+{
+ /// <summary>
+ /// Represents a collection ob objects that contains no duplicate
elements.
+ /// </summary>
+ public interface SetSupport : System.Collections.ICollection,
System.Collections.IList
+ {
+ /// <summary>
+ /// Adds a new element to the Collection if it is not already present.
+ /// </summary>
+ /// <param name="obj">The object to add to the collection.</param>
+ /// <returns>Returns true if the object was added to the collection,
otherwise false.</returns>
+ new bool Add(System.Object obj);
+
+ /// <summary>
+ /// Adds all the elements of the specified collection to the Set.
+ /// </summary>
+ /// <param name="c">Collection of objects to add.</param>
+ /// <returns>true</returns>
+ bool AddAll(System.Collections.ICollection c);
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// Converts the specified collection to its string representation.
+ /// </summary>
+ /// <param name="c">The collection to convert to string.</param>
+ /// <returns>A string representation of the specified
collection.</returns>
+ public static System.String
CollectionToString(System.Collections.ICollection c)
+ {
+ System.Text.StringBuilder s = new System.Text.StringBuilder();
+
+ if (c != null)
+ {
+
+ System.Collections.ArrayList l = new System.Collections.ArrayList(c);
+
+ bool isDictionary = (c is System.Collections.BitArray || c is
System.Collections.Hashtable || c is System.Collections.IDictionary || c is
System.Collections.Specialized.NameValueCollection || (l.Count > 0 && l[0]
is System.Collections.DictionaryEntry));
+ for (int index = 0; index < l.Count; index++)
+ {
+ if (l[index] == null)
+ s.Append("null");
+ else if (!isDictionary)
+ s.Append(l[index]);
+ else
+ {
+ isDictionary = true;
+ if (c is System.Collections.Specialized.NameValueCollection)
+
s.Append(((System.Collections.Specialized.NameValueCollection)c).GetKey
(index));
+ else
+ s.Append(((System.Collections.DictionaryEntry) l[index]).Key);
+ s.Append("=");
+ if (c is System.Collections.Specialized.NameValueCollection)
+
s.Append(((System.Collections.Specialized.NameValueCollection)c).GetValues(index)[0]);
+ else
+ s.Append(((System.Collections.DictionaryEntry) l[index]).Value);
+
+ }
+ if (index < l.Count - 1)
+ s.Append(", ");
+ }
+
+ if(isDictionary)
+ {
+ if(c is System.Collections.ArrayList)
+ isDictionary = false;
+ }
+ if (isDictionary)
+ {
+ s.Insert(0, "{");
+ s.Append("}");
+ }
+ else
+ {
+ s.Insert(0, "[");
+ s.Append("]");
+ }
+ }
+ else
+ s.Insert(0, "null");
+ return s.ToString();
+ }
+
+ /// <summary>
+ /// Tests if the specified object is a collection and converts it to its
string representation.
+ /// </summary>
+ /// <param name="obj">The object to convert to string</param>
+ /// <returns>A string representation of the specified object.</returns>
+ public static System.String CollectionToString(System.Object obj)
+ {
+ System.String result = "";
+
+ if (obj != null)
+ {
+ if (obj is System.Collections.ICollection)
+ result = CollectionToString((System.Collections.ICollection)obj);
+ else
+ result = obj.ToString();
+ }
+ else
+ result = "null";
+
+ return result;
+ }
+ /*******************************/
+ /// <summary>
+ /// SupportClass for the HashSet class.
+ /// </summary>
+ [Serializable]
+ public class HashSetSupport : System.Collections.ArrayList, SetSupport
+ {
+ public HashSetSupport() : base()
+ {
+ }
+
+ public HashSetSupport(System.Collections.ICollection c)
+ {
+ this.AddAll(c);
+ }
+
+ public HashSetSupport(int capacity) : base(capacity)
+ {
+ }
+
+ /// <summary>
+ /// Adds a new element to the ArrayList if it is not already present.
+ /// </summary>
+ /// <param name="obj">Element to insert to the ArrayList.</param>
+ /// <returns>Returns true if the new element was inserted, false
otherwise.</returns>
+ new public virtual bool Add(System.Object obj)
+ {
+ bool inserted;
+
+ if ((inserted = this.Contains(obj)) == false)
+ {
+ base.Add(obj);
+ }
+
+ return !inserted;
+ }
+
+ /// <summary>
+ /// Adds all the elements of the specified collection that are not
present to the list.
+ /// </summary>
+ /// <param name="c">Collection where the new elements will be
added</param>
+ /// <returns>Returns true if at least one element was added, false
otherwise.</returns>
+ public bool AddAll(System.Collections.ICollection c)
+ {
+ System.Collections.IEnumerator e = new
System.Collections.ArrayList(c).GetEnumerator();
+ bool added = false;
+
+ while (e.MoveNext() == true)
+ {
+ if (this.Add(e.Current) == true)
+ added = true;
+ }
+
+ return added;
+ }
+
+ /// <summary>
+ /// Returns a copy of the HashSet instance.
+ /// </summary>
+ /// <returns>Returns a shallow copy of the current HashSet.</returns>
+ public override System.Object Clone()
+ {
+ return base.MemberwiseClone();
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// SupportClass for the SortedSet interface.
+ /// </summary>
+ public interface SortedSetSupport : SetSupport
+ {
+ /// <summary>
+ /// Returns a portion of the list whose elements are less than the limit
object parameter.
+ /// </summary>
+ /// <param name="l">The list where the portion will be extracted.</param>
+ /// <param name="limit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are less than
the limit object parameter.</returns>
+ SortedSetSupport HeadSet(System.Object limit);
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater that the
lowerLimit parameter less than the upperLimit parameter.
+ /// </summary>
+ /// <param name="l">The list where the portion will be extracted.</param>
+ /// <param name="limit">The start element of the portion to
extract.</param>
+ /// <param name="limit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection.</returns>
+ SortedSetSupport SubSet(System.Object lowerLimit, System.Object
upperLimit);
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater than the
limit object parameter.
+ /// </summary>
+ /// <param name="l">The list where the portion will be extracted.</param>
+ /// <param name="limit">The start element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are greater
than the limit object parameter.</returns>
+ SortedSetSupport TailSet(System.Object limit);
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// SupportClass for the TreeSet class.
+ /// </summary>
+ [Serializable]
+ public class TreeSetSupport : System.Collections.ArrayList, SetSupport,
SortedSetSupport
+ {
+ private System.Collections.IComparer comparator =
System.Collections.Comparer.Default;
+
+ public TreeSetSupport() : base()
+ {
+ }
+
+ public TreeSetSupport(System.Collections.ICollection c) : base()
+ {
+ this.AddAll(c);
+ }
+
+ public TreeSetSupport(System.Collections.IComparer c) : base()
+ {
+ this.comparator = c;
+ }
+
+ /// <summary>
+ /// Gets the IComparator object used to sort this set.
+ /// </summary>
+ public System.Collections.IComparer Comparator
+ {
+ get
+ {
+ return this.comparator;
+ }
+ }
+
+ /// <summary>
+ /// Adds a new element to the ArrayList if it is not already present and
sorts the ArrayList.
+ /// </summary>
+ /// <param name="obj">Element to insert to the ArrayList.</param>
+ /// <returns>TRUE if the new element was inserted, FALSE
otherwise.</returns>
+ new public bool Add(System.Object obj)
+ {
+ bool inserted;
+ if ((inserted = this.Contains(obj)) == false)
+ {
+ base.Add(obj);
+ this.Sort(this.comparator);
+ }
+ return !inserted;
+ }
+
+ /// <summary>
+ /// Adds all the elements of the specified collection that are not
present to the list.
+ /// </summary>
+ /// <param name="c">Collection where the new elements will be
added</param>
+ /// <returns>Returns true if at least one element was added to the
collection.</returns>
+ public bool AddAll(System.Collections.ICollection c)
+ {
+ System.Collections.IEnumerator e = new
System.Collections.ArrayList(c).GetEnumerator();
+ bool added = false;
+ while (e.MoveNext() == true)
+ {
+ if (this.Add(e.Current) == true)
+ added = true;
+ }
+ this.Sort(this.comparator);
+ return added;
+ }
+
+ /// <summary>
+ /// Determines whether an element is in the the current TreeSetSupport
collection. The IComparer defined for
+ /// the current set will be used to make comparisons between the
elements already inserted in the collection and
+ /// the item specified.
+ /// </summary>
+ /// <param name="item">The object to be locatet in the current
collection.</param>
+ /// <returns>true if item is found in the collection; otherwise,
false.</returns>
+ public override bool Contains(System.Object item)
+ {
+ System.Collections.IEnumerator tempEnumerator = this.GetEnumerator();
+ while (tempEnumerator.MoveNext())
+ if (this.comparator.Compare(tempEnumerator.Current, item) == 0)
+ return true;
+ return false;
+ }
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are less than the limit
object parameter.
+ /// </summary>
+ /// <param name="limit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are less than
the limit object parameter.</returns>
+ public SortedSetSupport HeadSet(System.Object limit)
+ {
+ SortedSetSupport newList = new TreeSetSupport();
+ for (int i = 0; i < this.Count; i++)
+ {
+ if (this.comparator.Compare(this[i], limit) >= 0)
+ break;
+ newList.Add(this[i]);
+ }
+ return newList;
+ }
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater that the
lowerLimit parameter less than the upperLimit parameter.
+ /// </summary>
+ /// <param name="lowerLimit">The start element of the portion to
extract.</param>
+ /// <param name="upperLimit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection.</returns>
+ public SortedSetSupport SubSet(System.Object lowerLimit, System.Object
upperLimit)
+ {
+ SortedSetSupport newList = new TreeSetSupport();
+ int i = 0;
+ while (this.comparator.Compare(this[i], lowerLimit) < 0)
+ i++;
+ for (; i < this.Count; i++)
+ {
+ if (this.comparator.Compare(this[i], upperLimit) >= 0)
+ break;
+ newList.Add(this[i]);
+ }
+ return newList;
+ }
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater than the
limit object parameter.
+ /// </summary>
+ /// <param name="limit">The start element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are greater
than the limit object parameter.</returns>
+ public SortedSetSupport TailSet(System.Object limit)
+ {
+ SortedSetSupport newList = new TreeSetSupport();
+ int i = 0;
+ while (this.comparator.Compare(this[i], limit) < 0)
+ i++;
+ for (; i < this.Count; i++)
+ newList.Add(this[i]);
+ return newList;
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// This class uses a cryptographic Random Number Generator to provide
support for
+ /// strong pseudo-random number generation.
+ /// </summary>
+ [Serializable]
+ public class SecureRandomSupport :
System.Runtime.Serialization.ISerializable
+ {
+ private System.Security.Cryptography.RNGCryptoServiceProvider generator;
+
+ //Serialization
+ public void GetObjectData(System.Runtime.Serialization.SerializationInfo
info, System.Runtime.Serialization.StreamingContext context)
+ {
+ }
+
+ protected
SecureRandomSupport(System.Runtime.Serialization.SerializationInfo info,
System.Runtime.Serialization.StreamingContext context)
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider();
+ }
+
+ /// <summary>
+ /// Initializes a new instance of the random number generator.
+ /// </summary>
+ public SecureRandomSupport()
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider();
+ }
+
+ /// <summary>
+ /// Initializes a new instance of the random number generator with the
given seed.
+ /// </summary>
+ /// <param name="seed">The initial seed for the generator</param>
+ public SecureRandomSupport(byte[] seed)
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider(seed);
+ }
+
+ /// <summary>
+ /// Returns an array of bytes with a sequence of cryptographically
strong random values.
+ /// </summary>
+ /// <param name="randomnumbersarray">The array of bytes to fill.</param>
+ public sbyte[] NextBytes(byte[] randomnumbersarray)
+ {
+ this.generator.GetBytes(randomnumbersarray);
+ return ToSByteArray(randomnumbersarray);
+ }
+
+ /// <summary>
+ /// Returns the given number of seed bytes generated for the first
running of a new instance
+ /// of the random number generator.
+ /// </summary>
+ /// <param name="numberOfBytes">Number of seed bytes to generate.</param>
+ /// <returns>Seed bytes generated</returns>
+ public static byte[] GetSeed(int numberOfBytes)
+ {
+ System.Security.Cryptography.RNGCryptoServiceProvider generatedSeed =
new System.Security.Cryptography.RNGCryptoServiceProvider();
+ byte[] seeds = new byte[numberOfBytes];
+ generatedSeed.GetBytes(seeds);
+ return seeds;
+ }
+
+ /// <summary>
+ /// Returns the given number of seed bytes generated for the first
running of a new instance
+ /// of the random number generator.
+ /// </summary>
+ /// <param name="numberOfBytes">Number of seed bytes to generate.</param>
+ /// <returns>Seed bytes generated.</returns>
+ public byte[] GenerateSeed(int numberOfBytes)
+ {
+ System.Security.Cryptography.RNGCryptoServiceProvider generatedSeed =
new System.Security.Cryptography.RNGCryptoServiceProvider();
+ byte[] seeds = new byte[numberOfBytes];
+ generatedSeed.GetBytes(seeds);
+ return seeds;
+ }
+
+ /// <summary>
+ /// Creates a new instance of the random number generator with the seed
provided by the user.
+ /// </summary>
+ /// <param name="newSeed">Seed to create a new random number
generator.</param>
+ public void SetSeed(byte[] newSeed)
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider(newSeed);
+ }
+
+ /// <summary>
+ /// Creates a new instance of the random number generator with the seed
provided by the user.
+ /// </summary>
+ /// <param name="newSeed">Seed to create a new random number
generator.</param>
+ public void SetSeed(long newSeed)
+ {
+ byte[] bytes = new byte[8];
+ for (int index = 7; index > 0; index--)
+ {
+ bytes[index] = (byte) (newSeed - (long) ((newSeed >> 8) << 8));
+ newSeed = (long) (newSeed >> 8);
+ }
+ SetSeed(bytes);
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// Receives a byte array and returns it transformed in an sbyte array
+ /// </summary>
+ /// <param name="byteArray">Byte array to process</param>
+ /// <returns>The transformed array</returns>
+ public static sbyte[] ToSByteArray(byte[] byteArray)
+ {
+ sbyte[] sbyteArray = null;
+ if (byteArray != null)
+ {
+ sbyteArray = new sbyte[byteArray.Length];
+ for(int index=0; index < byteArray.Length; index++)
+ sbyteArray[index] = (sbyte) byteArray[index];
+ }
+ return sbyteArray;
+ }
+
+ /*******************************/
+ /// <summary>
+ /// Converts an array of sbytes to an array of bytes
+ /// </summary>
+ /// <param name="sbyteArray">The array of sbytes to be converted</param>
+ /// <returns>The new array of bytes</returns>
+ public static byte[] ToByteArray(sbyte[] sbyteArray)
+ {
+ byte[] byteArray = null;
+
+ if (sbyteArray != null)
+ {
+ byteArray = new byte[sbyteArray.Length];
+ for(int index=0; index < sbyteArray.Length; index++)
+ byteArray[index] = (byte) sbyteArray[index];
+ }
+ return byteArray;
+ }
+
+ /// <summary>
+ /// Converts a string to an array of bytes
+ /// </summary>
+ /// <param name="sourceString">The string to be converted</param>
+ /// <returns>The new array of bytes</returns>
+ public static byte[] ToByteArray(System.String sourceString)
+ {
+ return System.Text.UTF8Encoding.UTF8.GetBytes(sourceString);
+ }
+
+ /// <summary>
+ /// Converts a array of object-type instances to a byte-type array.
+ /// </summary>
+ /// <param name="tempObjectArray">Array to convert.</param>
+ /// <returns>An array of byte type elements.</returns>
+ public static byte[] ToByteArray(System.Object[] tempObjectArray)
+ {
+ byte[] byteArray = null;
+ if (tempObjectArray != null)
+ {
+ byteArray = new byte[tempObjectArray.Length];
+ for (int index = 0; index < tempObjectArray.Length; index++)
+ byteArray[index] = (byte)tempObjectArray[index];
+ }
+ return byteArray;
+ }
+
+ /*******************************/
+ /// <summary>
+ /// Converts an array of sbytes to an array of chars
+ /// </summary>
+ /// <param name="sByteArray">The array of sbytes to convert</param>
+ /// <returns>The new array of chars</returns>
+ public static char[] ToCharArray(sbyte[] sByteArray)
+ {
+ return System.Text.UTF8Encoding.UTF8.GetChars(ToByteArray(sByteArray));
+ }
+
+ /// <summary>
+ /// Converts an array of bytes to an array of chars
+ /// </summary>
+ /// <param name="byteArray">The array of bytes to convert</param>
+ /// <returns>The new array of chars</returns>
+ public static char[] ToCharArray(byte[] byteArray)
+ {
+ return System.Text.UTF8Encoding.UTF8.GetChars(byteArray);
+ }
+
+ /*******************************/
+ /// <summary>
+ /// This class is a holder for two keys, a private key and a public key.
+ /// </summary>
+ public class KeyPairSupport
+ {
+ private PrivateKeySupport privateKey;
+ private PublicKeySupport publicKey;
+
+ /// <summary>
+ /// Construct a new key pair object with the specified PublicKeySupport
and PrivateKeySupport
+ /// </summary>
+ /// <param name="publicKey">The public key</param>
+ /// <param name="privateKey">The private key</param>
+ public KeyPairSupport(PublicKeySupport publicKey, PrivateKeySupport
privateKey)
+ {
+ this.publicKey = publicKey;
+ this.privateKey = privateKey;
+ }
+
+ /// <summary>
+ /// A reference to the private key component of this key pair
+ /// </summary>
+ public PrivateKeySupport Private
+ {
+ get
+ {
+ return this.privateKey;
+ }
+ }
+
+ /// <summary>
+ /// A reference to the public key component of this key pair
+ /// </summary>
+ public PublicKeySupport Public
+ {
+ get
+ {
+ return this.publicKey;
+ }
+ }
+ }
+
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic
private keys.
+ /// </summary>
+ public class PrivateKeySupport: KeySupport
+ {
+ /// <summary>
+ /// Construct a new private key object
+ /// </summary>
+ public PrivateKeySupport()
+ {
+ }
+ }
+
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic keys.
+ /// </summary>
+ public class KeySupport
+ {
+ private System.Security.Cryptography.KeyedHashAlgorithm algorithm;
+
+ /// <summary>
+ /// Construct to new objects key
+ /// </summary>
+ public KeySupport()
+ {
+ }
+
+ /// <summary>
+ /// Construct to new objects key with the algorithm specified
+ /// </summary>
+ /// <param name="algorithm">the cryptographic algorithm</param>
+ public KeySupport(System.Security.Cryptography.KeyedHashAlgorithm
algorithm)
+ {
+ this.algorithm = algorithm;
+ }
+
+ /// <summary>
+ /// The standard algorithm name for this key
+ /// </summary>
+ /// <returns>the keyed hash algorithm name</returns>
+ public System.String GetAlgorithm()
+ {
+ return this.algorithm.ToString();
+ }
+
+ /// <summary>
+ /// The key to be used in the algorithm.
+ /// </summary>
+ public byte[] Key
+ {
+ get
+ {
+ return this.algorithm.Key;
+ }
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic
public keys.
+ /// </summary>
+ public class PublicKeySupport: KeySupport
+ {
+ /// <summary>
+ /// Construct a new public key object
+ /// </summary>
+ public PublicKeySupport()
+ {
+ }
+ }
+
+ /*******************************/
+ /// <summary>
+ /// Encapsulates the functionality of message digest algorithms such as
SHA-1 or MD5.
+ /// </summary>
+ public class MessageDigestSupport
+ {
+ private System.Security.Cryptography.HashAlgorithm algorithm;
+ private byte[] data = new byte[0];
+ private int position;
+ private System.String algorithmName;
+
+ /// <summary>
+ /// The HashAlgorithm instance that provide the cryptographic hash
algorithm
+ /// </summary>
+ public System.Security.Cryptography.HashAlgorithm Algorithm
+ {
+ get
+ {
+ return this.algorithm;
+ }
+ set
+ {
+ this.algorithm = value;
+ }
+ }
+
+ /// <summary>
+ /// The digest data
+ /// </summary>
+ public byte[] Data
+ {
+ get
+ {
+ return this.data;
+ }
+ set
+ {
+ this.data = value;
+ }
+ }
+
+ /// <summary>
+ /// The name of the cryptographic hash algorithm used in the instance
+ /// </summary>
+ public System.String AlgorithmName
+ {
+ get
+ {
+ return this.algorithmName;
+ }
+ }
+
+ /// <summary>
+ /// Creates a message digest using the specified name to set Algorithm
property.
+ /// </summary>
+ /// <param name="algorithm">The name of the algorithm to use</param>
+ public MessageDigestSupport(System.String algorithm)
+ {
+ if (algorithm.Equals("SHA-1"))
+ {
+ this.algorithmName = "SHA";
+ }
+ else
+ {
+ this.algorithmName = algorithm;
+ }
+ this.Algorithm = (System.Security.Cryptography.HashAlgorithm)
System.Security.Cryptography.CryptoConfig.CreateFromName(this.algorithmName);
+ this.data = new byte[0];
+ this.position = 0;
+ }
+
+ /// <summary>
+ /// Computes the hash value for the internal data digest.
+ /// </summary>
+ /// <returns>The array of signed bytes with the resulting hash
value</returns>
+ public sbyte[] DigestData()
+ {
+ sbyte[] result = ToSByteArray(this.Algorithm.ComputeHash(this.data));
+ this.Reset();
+ return result;
+ }
+
+ /// <summary>
+ /// Performs and update on the digest with the specified array and then
completes the digest
+ /// computation.
+ /// </summary>
+ /// <param name="newData">The array of bytes for final update to the
digest</param>
+ /// <returns>An array of signed bytes with the resulting hash
value</returns>
+ public sbyte[] DigestData(sbyte[] newData)
+ {
+ this.Update(ToByteArray(newData));
+ return this.DigestData();
+ }
+
+
+ /// <summary>
+ /// Computes the hash value for the internal digest and places the
digest returned into the specified buffer
+ /// </summary>
+ /// <param name="buff">The buffer for the output digest</param>
+ /// <param name="offset">Offset into the buffer for the beginning
index</param>
+ /// <param name="length">Total number of bytes for the digest</param>
+ /// <returns>The number of bytes placed into the output buffer</returns>
+ public int DigestData(sbyte[] buffer, int offset, int length)
+ {
+ byte[] result = this.Algorithm.ComputeHash(this.data);
+ int count = 0;
+ if ( length >= this.GetDigestLength() )
+ {
+ if ( buffer.Length >= (length + offset) )
+ {
+ for ( ; count < result.Length ; count++ )
+ {
+ buffer[offset + count] = (sbyte)result[count];
+ }
+ }
+ else
+ {
+ throw new System.ArgumentException("output buffer too small for the
specified offset and length");
+ }
+ }
+ else
+ {
+ throw new System.Exception("Partial digests not returned");
+ }
+ return count;
+ }
+
+ /// <summary>
+ /// Updates the digest data with the specified array of bytes by making
an append
+ /// operation in the internal array of data.
+ /// </summary>
+ /// <param name="newData">The array of bytes for the update
operation</param>
+ public void Update(byte[] newData)
+ {
+ if (position == 0)
+ {
+ this.Data = newData;
+ this.position = this.Data.Length - 1;
+ }
+ else
+ {
+ byte[] oldData = this.Data;
+ this.Data = new byte[newData.Length + position + 1];
+ oldData.CopyTo(this.Data, 0);
+ newData.CopyTo(this.Data, oldData.Length);
+
+ this.position = this.Data.Length - 1;
+ }
+ }
+
+ /// <summary>
+ /// Updates the digest data with the input byte by calling the method
Update with an array.
+ /// </summary>
+ /// <param name="newData">The input byte for the update</param>
+ public void Update(byte newData)
+ {
+ byte[] newDataArray = new byte[1];
+ newDataArray[0] = newData;
+ this.Update(newDataArray);
+ }
+
+ /// <summary>
+ /// Updates the specified count of bytes with the input array of bytes
starting at the
+ /// input offset.
+ /// </summary>
+ /// <param name="newData">The array of bytes for the update
operation</param>
+ /// <param name="offset">The initial position to start from in the array
of bytes</param>
+ /// <param name="count">The number of bytes fot the update</param>
+ public void Update(byte[] newData, int offset, int count)
+ {
+ byte[] newDataArray = new byte[count];
+ System.Array.Copy(newData, offset, newDataArray, 0, count);
+ this.Update(newDataArray);
+ }
+
+ /// <summary>
+ /// Resets the digest data to the initial state.
+ /// </summary>
+ public void Reset()
+ {
+ this.data = null;
+ this.position = 0;
+ }
+
+ /// <summary>
+ /// Returns a string representation of the Message Digest
+ /// </summary>
+ /// <returns>A string representation of the object</returns>
+ public override System.String ToString()
+ {
+ return this.Algorithm.ToString();
+ }
+
+ /// <summary>
+ /// Generates a new instance of the MessageDigestSupport class using the
specified algorithm
+ /// </summary>
+ /// <param name="algorithm">The name of the algorithm to use</param>
+ /// <returns>A new instance of the MessageDigestSupport class</returns>
+ public static MessageDigestSupport GetInstance(System.String algorithm)
+ {
+ return new MessageDigestSupport(algorithm);
+ }
+
+ /// <summary>
+ /// Compares two arrays of signed bytes evaluating equivalence in digest
data
+ /// </summary>
+ /// <param name="firstDigest">An array of signed bytes for
comparison</param>
+ /// <param name="secondDigest">An array of signed bytes for
comparison</param>
+ /// <returns>True if the input digest arrays are equal</returns>
+ public static bool EquivalentDigest(System.SByte[] firstDigest,
System.SByte[] secondDigest)
+ {
+ bool result = false;
+ if (firstDigest.Length == secondDigest.Length)
+ {
+ int index = 0;
+ result = true;
+ while(result && index < firstDigest.Length)
+ {
+ result = firstDigest[index] == secondDigest[index];
+ index++;
+ }
+ }
+
+ return result;
+ }
+
+
+ /// <summary>
+ /// Gets a number of bytes representing the length of the digest
+ /// </summary>
+ /// <returns>The length of the digest in bytes</returns>
+ public int GetDigestLength( )
+ {
+ return this.algorithm.HashSize / 8;
+ }
+ }
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic
classes.
+ /// </summary>
+ public class CryptoSupport
+ {
+ // Used for working space to Cipher.
+ private System.IO.MemoryStream CipherMemoryStream;
+
+ // Used for key storage to Cipher.
+ private System.Security.Cryptography.SymmetricAlgorithm CipherInitKey;
+
+ // The cipher for encrypt and decrypt.
+ private System.Security.Cryptography.CryptoStream Cipher;
+
+ // Used for set mode to Cipher
+ private System.Security.Cryptography.CryptoStreamMode CipherMode;
+
+ // Used for algorithm name storage to Cipher
+ private System.String CipherAlgorithName;
+
+ /// <summary>
+ /// Constructor class.
+ /// </summary>
+ /// <param name="name">The algorithm name input, (for support propose
only).</param>
+ public CryptoSupport(System.String name)
+ {
+ CipherInitKey =
System.Security.Cryptography.SymmetricAlgorithm.Create();
+ CipherAlgorithName = name;
+ }
+
+ /// <summary>
+ /// Initializes this cipher with the public key from the given
certificate.
+ /// </summary>
+ /// <param name="Mode">The cipher is initialized for one of the
following four operations: encryption (Mode = Write)
+ /// or decryption (Mode = Read).</param>
+ /// <param name="Certificate">The certificate of type X.509</param>
+ public void CryptoInit(System.Security.Cryptography.CryptoStreamMode
Mode, System.Security.Cryptography.X509Certificates.X509Certificate
Certificate)
+ {
+ CipherMode = Mode;
+ if(CipherInitKey == null) return;
+ CipherInitKey.Key = Certificate.GetPublicKey();
+ }
+
+ /// <summary>
+ /// Initializes this cipher with a key.
+ /// </summary>
+ /// <param name="Mode">The cipher is initialized for one of the
following four operations: encryption (Mode = Write)
+ /// or decryption (Mode = Read).</param>
+ /// <param name="Key">The key.</param>
+ public void CryptoInit(System.Security.Cryptography.CryptoStreamMode
Mode, System.Object Key)
+ {
+ CipherMode = Mode;
+ if (CipherInitKey == null) return;
+ if (Key is System.Security.Cryptography.SymmetricAlgorithm)
+ // SecretKeySpec
+ CipherInitKey = (System.Security.Cryptography.SymmetricAlgorithm) Key;
+ else if ( Key is SupportClass.KeySupport)
+ // Security.Key
+ CipherInitKey.Key = ((KeySupport) Key).Key;
+ }
+
+ /// <summary>
+ /// Initializes this cipher with a key and a set of algorithm parameters.
+ /// </summary>
+ /// <param name="Mode">The cipher is initialized for one of the
following four operations: encryption (Mode = Write)
+ /// or decryption (Mode = Read).</param>
+ /// <param name="Key">The key.</param>
+ /// <param name="Spec">The algorithm parameters.</param>
+ public void CryptoInit(System.Security.Cryptography.CryptoStreamMode
Mode, System.Object Key, System.Object Spec)
+ {
+ CipherMode = Mode;
+ if (CipherInitKey == null) return;
+ if ((Key is System.Security.Cryptography.SymmetricAlgorithm) && (Spec
is System.Security.Cryptography.SymmetricAlgorithm))
+ {
+ // SecretKeySpec
+ CipherInitKey.Key = ((System.Security.Cryptography.SymmetricAlgorithm)
Key).Key;
+ CipherInitKey.IV = ((System.Security.Cryptography.SymmetricAlgorithm)
Spec).IV;
+ }
+ else if ( Key is SupportClass.KeySupport)
+ // Security.Key
+ CipherInitKey.Key = ((KeySupport) Key).Key;
+ }
+
+ /// <summary>
***The diff for this file has been truncated for email.***
=======================================
--- /dev/null
+++ /branches/2.0/UpgradeLog.XML Tue Jun 14 21:31:31 2011
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type='text/xsl'
href='_UpgradeReport_Files/UpgradeReport.xslt'?><UpgradeLog>
+<Properties><Property Name="Solution" Value="owasp-esapi-ASP-11">
+</Property><Property Name="Solution File" Value="C:\Documents and
Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\owasp-esapi-ASP-11.sln">
+</Property><Property Name="Date" Value="Lunes, 23 de Junio de 2008">
+</Property><Property Name="Time" Value="19:37:39 p.m.">
+</Property></Properties><Event ErrorLevel="0" Project="owasp-esapi-ASP-11"
Source="owasp-esapi-ASP-11.csproj" Description="Scan complete: Upgrade not
required for project files.">
+</Event><Event ErrorLevel="3" Project="owasp-esapi-ASP-11"
Source="owasp-esapi-ASP-11.csproj" Description="Converted">
+</Event><Event ErrorLevel="0" Project="owasp-esapi-ASP-11"
Source="owasp-esapi-ASP-11.csproj" Description="You have completed the
first step in converting your Visual Studio .NET 2003 web project. To
complete the conversion, please select your project in the Solution
Explorer and choose the 'Convert to Web Application' context menu item.">
+</Event></UpgradeLog>
=======================================
--- /dev/null
+++ /branches/2.0/Web.config Tue Jun 14 21:31:31 2011
@@ -0,0 +1,71 @@
+<?xml version="1.0"?>
+<configuration>
+ <system.web>
+ <!-- DYNAMIC DEBUG COMPILATION
+ Set compilation debug="true" to enable ASPX debugging.
Otherwise, setting this value to
+ false will improve runtime performance of this application.
+ Set compilation debug="true" to insert debugging symbols (.pdb
information)
+ into the compiled page. Because this creates a larger file that
executes
+ more slowly, you should set this value to true only when
debugging and to
+ false at all other times. For more information, refer to the
documentation about
+ debugging ASP.NET files.
+ -->
+ <compilation defaultLanguage="c#" debug="true"/>
+ <!-- CUSTOM ERROR MESSAGES
+ Set customErrors mode="On" or "RemoteOnly" to enable custom
error messages, "Off" to disable.
+ Add <error> tags for each of the errors you want to handle.
+
+ "On" Always display custom (friendly) messages.
+ "Off" Always display detailed ASP.NET error information.
+ "RemoteOnly" Display custom (friendly) messages only to users
not running
+ on the local Web server. This setting is recommended for
security purposes, so
+ that you do not display application detail information to
remote clients.
+ -->
+ <customErrors mode="RemoteOnly"/>
+ <!-- AUTHENTICATION
+ This section sets the authentication policies of the
application. Possible modes are "Windows",
+ "Forms", "Passport" and "None"
+
+ "None" No authentication is performed.
+ "Windows" IIS performs authentication (Basic, Digest, or
Integrated Windows) according to
+ its settings for the application. Anonymous access must be
disabled in IIS.
+ "Forms" You provide a custom form (Web page) for users to enter
their credentials, and then
+ you authenticate them in your application. A user credential
token is stored in a cookie.
+ "Passport" Authentication is performed via a centralized
authentication service provided
+ by Microsoft that offers a single logon and core profile
services for member sites.
+ -->
+ <authentication mode="Windows"/>
+ <!-- AUTHORIZATION
+ This section sets the authorization policies of the application.
You can allow or deny access
+ to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
+ (unauthenticated) users.
+ -->
+ <authorization>
+ <allow users="*"/>
+ <!-- Allow all users -->
+ <!-- <allow users="[comma separated list of users]"
+ roles="[comma separated list of roles]"/>
+ <deny users="[comma separated list of users]"
+ roles="[comma separated list of roles]"/>
+ -->
+ </authorization>
+ <!-- APPLICATION-LEVEL TRACE LOGGING
+ Application-level tracing enables trace log output for every
page within an application.
+ Set trace enabled="true" to enable application trace logging.
If pageOutput="true", the
+ trace information will be displayed at the bottom of each page.
Otherwise, you can view the
+ application trace log by browsing the "trace.axd" page from your
web application
+ root.
+ -->
+ <trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
+ <!-- SESSION STATE SETTINGS
+ By default ASP.NET uses cookies to identify which requests
belong to a particular session.
+ If cookies are not available, a session can be tracked by adding
a session identifier to the URL.
+ To disable cookies, set sessionState cookieless="true".
+ -->
+ <sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"/>
+ <!-- GLOBALIZATION
+ This section sets the globalization settings of the application.
+ -->
+ <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
+ <xhtmlConformance mode="Legacy"/></system.web>
+</configuration>
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport.htm Tue Jun 14 21:31:31 2011
@@ -0,0 +1,2170 @@
+<html>
+ <head>
+ <META HTTP-EQUIV="Content-Type" content="text/html; charset=utf-8">
+ <link rel="stylesheet"
href="_ConversionReport_Files\ConversionReport.css">
+ <title>owasp-esapi-ASP-11 Conversion Report</title>
+
+ <script language="javascript">
+ var oMe;
+ function outliner () {
+ oMe = window.event.srcElement
+ //get child element
+ var child = document.all[event.srcElement.getAttribute("child",false)];
+ //if child element exists, expand or collapse it.
+ if (null != child)
+ child.className = child.className
== "collapsed" ? "expanded" : "collapsed";
+ }
+
+ function changepic() {
+ if (oMe.tagName!="IMG") {
+ oMe =oMe.children[0];
+ }
+ var check = oMe.src.toLowerCase();
+ if (check.lastIndexOf("conversionreport_plus.gif") != -1) {
+ oMe.src = "_ConversionReport_Files/ConversionReport_Minus.gif" }
+ else
+ {
+ oMe.src = "_ConversionReport_Files/ConversionReport_Plus.gif"
+ }
+ }
+ </script>
+
+ </head>
+ <body topmargin="0" leftmargin="0" rightmargin="0" onclick="outliner();">
+ <h1>Conversion Report for owasp-esapi-ASP-11</h1>
+
+ <p><span class="note">
+ <b>Time of Conversion: </b>6/23/2008 7:34 PM<br>
+ <b>Total Time Spent: </b>00:03:16<br>
+ </span></p>
+
+ <h2>List of Project Files</h2>
+ <table cellpadding="2" cellspacing="0" width="98%" border="1"
bordercolor="white" class="infotable">
+ <tr>
+ <td nowrap class="header">New Filename</td>
+ <td nowrap class="header">Original Filename</td>
+ <td nowrap class="header">Status</td>
+ <td nowrap class="header">Errors</td>
+ <td nowrap class="header">Warnings</td>
+ <td nowrap class="header">Total Issues</td>
+ </tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="Globals"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="Globals"></a> (Global Issues)</td>
+ <td class="content"></td>
+ <td class="content"></td>
+ <td class="content">0</td>
+ <td class="content">4</td>
+ <td class="content">4</td>
+ </tr>
+ <tr class="collapsed" id="Globals" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr><td colspan="4" class="content">Global conversion issues:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td class="issuehdr">Type</td><td
class="issuehdr">Severity</td><td class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1133'>The
equivalent of java.lang.Object.equals in Visual C# can return a different
value if the two comparison methods differ.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1225'>Type
castings between primitive types may have different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1274'>Interaction
between members of a class may differ because their execution sequence is
different. </a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1297'>Enumerations
should be started first before accessing their data by calling their
MoveNext method.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Global Note</td><td class="issuecontent"
width="5%">3</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1024'>Anonymous
classes were converted to nested classes.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td colspan=3 class="content"><a href="javascript:changepic();"
child="dir_0"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_0"></a> \src</td>
+ <td class="content">270</td>
+ <td class="content">7</td>
+ <td class="content">277</td>
+ </tr>
+ <tr class="collapsed" id="dir_0" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_1"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_1"></a> \org</td>
+ </tr>
+ <tr class="collapsed" id="dir_1" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_2"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_2"></a> \owasp</td>
+ </tr>
+ <tr class="collapsed" id="dir_2" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_3"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_3"></a> \esapi</td>
+ </tr>
+ <tr class="collapsed" id="dir_3" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr>
+ <td nowrap class="header">New Filename</td>
+ <td nowrap class="header">Original Filename</td>
+ <td nowrap class="header">Status</td>
+ <td nowrap class="header">Errors</td>
+ <td nowrap class="header">Warnings</td>
+ <td nowrap class="header">Total Issues</td>
+ </tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue0"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue0"></a> AccessController.cs</td>
+ <td class="content">AccessController.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">10</td>
+ <td class="content">0</td>
+ <td class="content">10</td>
+ </tr>
+ <tr class="collapsed" id="issue0" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessController.overlap(java.util.Set,java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessController.loadRules(java.io.File):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'>Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessController.Rule.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue1"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue1"></a> AccessReferenceMap.cs</td>
+ <td class="content">AccessReferenceMap.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">16</td>
+ <td class="content">0</td>
+ <td class="content">16</td>
+ </tr>
+ <tr class="collapsed" id="issue1" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.iterator():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'>Method 'java.util.HashMap.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.removeDirectReference(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.update(java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'>Method 'java.util.HashMap.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.getIndirectReference(java.lang.Object):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.getDirectReference(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue2"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue2"></a> Authenticator.cs</td>
+ <td class="content">Authenticator.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">41</td>
+ <td class="content">2</td>
+ <td class="content">43</td>
+ </tr>
+ <tr class="collapsed" id="issue2" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalUser.getUser():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalUser.setUser(org.owasp.esapi.interfaces.IUser):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalRequest.getRequest():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalRequest.setUser(javax.servlet.http.HttpServletRequest):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getResponse():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.setUser(javax.servlet.http.HttpServletResponse):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.clearCurrent():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getCurrentUser():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getCurrentRequest():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getCurrentResponse():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getUserNames():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'>Method 'java.util.Map.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.loadUsersIfNecessary():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.loadUsersImmediately():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'>Constructor 'java.io.FileReader.FileReader'
was converted to 'System.IO.StreamReader' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'>Constructor 'java.io.FileReader.FileReader'
was converted to 'System.IO.StreamReader' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the expected value of parameters for
constructor 'java.io.BufferedReader.BufferedReader' may cause compilation
errors. </a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'>At
least one expression was used more than once in the target
code.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.loginWithUsernameAndPassword(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'>Method 'javax.servlet.ServletRequest.getParameter'
was converted to 'System.Web.HttpRequest' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'>Method 'javax.servlet.ServletRequest.getParameter'
was converted to 'System.Web.HttpRequest' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.saveUsers():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.PrintWriter.println' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.PrintWriter.println' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriterFileWriter_javaioFile'>Constructor 'java.io.FileWriter.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriter'>Class 'java.io.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriterFileWriter_javaioFile'>Constructor 'java.io.FileWriter.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriter'>Class 'java.io.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">10</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">11</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'>At
least one expression was used more than once in the target
code.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.saveUsers(java.io.PrintWriter):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.PrintWriter.println' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.setCurrentHTTP(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Class 'java.lang.InheritableThreadLocal'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Class 'java.lang.InheritableThreadLocal'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Class 'java.lang.InheritableThreadLocal'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue3"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue3"></a> Encoder.cs</td>
+ <td class="content">Encoder.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">15</td>
+ <td class="content">1</td>
+ <td class="content">16</td>
+ </tr>
+ <tr class="collapsed" id="issue3" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.encodeForBase64(byte[],boolean):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Method 'sun.misc.CharacterEncoder.encode'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.decodeFromBase64(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Method 'sun.misc.CharacterDecoder.decodeBuffer'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.initializeMaps():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedStringReader.parsePercent(java.lang.String,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'>Method 'java.lang.Integer.parseInt'
was converted to 'System.Convert.ToInt32' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedStringReader.parseEntity(java.lang.String,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">3</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1291'>The 'System.Char'
structure does not have an equivalent to NULL.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1101'>Method 'java.lang.String.indexOf'
was converted to 'System.String.IndexOf' which may throw an
exception.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedCharacter.getEncoded(int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedCharacter.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Class 'sun.misc.BASE64Encoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Constructor 'sun.misc.BASE64Encoder.BASE64Encoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Class 'sun.misc.BASE64Decoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Constructor 'sun.misc.BASE64Decoder.BASE64Decoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'sun.text.Normalizer' could not be found. If it was not included in
the conversion, there may be compiler issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue4"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue4"></a> EncryptedProperties.cs</td>
+ <td class="content">EncryptedProperties.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">11</td>
+ <td class="content">1</td>
+ <td class="content">12</td>
+ </tr>
+ <tr class="collapsed" id="issue4" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.setProperty(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiessetProperty_javalangString_javalangString'>Method 'java.util.Properties.setProperty'
was converted to 'System.Collections.Specialized.NameValueCollection.Item'
which has a different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.load(java.io.InputStream):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiesload_javaioInputStream'>Method 'java.util.Properties.load'
was converted to 'System.Collections.Specialized.NameValueCollection' which
has a different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.store(java.io.OutputStream,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilPropertiesstore_javaioOutputStream_javalangString'>Method 'java.util.Properties.store'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.main(java.lang.String[]):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'>Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileOutputStreamFileOutputStream_javaioFile'>Constructor 'java.io.FileOutputStream.FileOutputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the expected value of parameters for
constructor 'java.io.BufferedReader.BufferedReader' may cause compilation
errors. </a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'>At
least one expression was used more than once in the target
code.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1089'>Format
of property file may need to be changed.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue5"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue5"></a> Encryptor.cs</td>
+ <td class="content">Encryptor.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">21</td>
+ <td class="content">0</td>
+ <td class="content">21</td>
+ </tr>
+ <tr class="collapsed" id="issue5" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.Encryptor():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.security.SecureRandom.getInstance' may
return a different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxcryptoSecretKeyFactorygenerateSecret_javasecurityspecKeySpec'>Method 'javax.crypto.SecretKeyFactory.generateSecret'
was converted
to 'System.Security.Cryptography.SymmetricAlgorithm.GenerateKey' which has
a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1277'>The
class 'java.security.KeyPair' was converted
to 'SupportClass.KeyPairSupport', which is not serializable.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1287'>A
transformation string might not be supported by the classes in the
System.Security.Cryptography namespace.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxcryptospecPBEParameterSpec'>Constructor 'javax.crypto.spec.PBEParameterSpec.PBEParameterSpec'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Class 'java.security.KeyPairGenerator'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Method 'java.security.KeyPairGenerator.getInstance'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Method 'java.security.KeyPairGenerator.initialize'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Method 'java.security.KeyPairGenerator.generateKeyPair'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.encrypt(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javalangStringgetBytes_javalangString'>Method 'java.lang.String.getBytes'
was converted
to 'System.Text.Encoding.GetEncoding(string).GetBytes(string)' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.decrypt(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the Format of parameters for
constructor 'java.lang.String.String' may cause compilation errors.
</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.sign(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitSign_javasecurityPrivateKey'>Method 'java.security.Signature.initSign'
was converted to 'SupportClass.DigitalSignature.Signing' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignaturesign'>Method 'java.security.Signature.sign'
was converted to 'SupportClass.DigitalSignature.Sign' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.verifySignature(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitVerify_javasecurityPublicKey'>Method 'java.security.Signature.initVerify'
was converted to 'SupportClass.DigitalSignature.Verification' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureverify_byte[]'>Method 'java.security.Signature.verify'
was converted to 'SupportClass.DigitalSignature.Verify' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.verifySeal(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.getTimeStamp():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxcryptospecPBEParameterSpec'>Class 'javax.crypto.spec.PBEParameterSpec'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> ESAPI.cs</td>
+ <td class="content">ESAPI.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue6" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue7"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue7"></a> Executor.cs</td>
+ <td class="content">Executor.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">5</td>
+ <td class="content">0</td>
+ <td class="content">5</td>
+ </tr>
+ <tr class="collapsed" id="issue7" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Executor.executeSystemCommand(java.io.File,java.util.List,java.io.File,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the expected value of parameters for
constructor 'java.io.BufferedReader.BufferedReader' may cause compilation
errors. </a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangRuntimeexec_javalangString[]_javalangString[]_javaioFile'>Method 'java.lang.Runtime.exec'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue8"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue8"></a> HTTPUtilities.cs</td>
+ <td class="content">HTTPUtilities.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">33</td>
+ <td class="content">3</td>
+ <td class="content">36</td>
+ </tr>
+ <tr class="collapsed" id="issue8" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.changeSessionIdentifier():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'>Method 'java.util.Enumeration.hasMoreElements'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'>Method 'java.util.Enumeration.nextElement'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpSessioninvalidate'>Method 'javax.servlet.http.HttpSession.invalidate'
was converted to 'System.Web.SessionState.HttpSessionState.Abandon' which
has a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletRequestgetSession_boolean'>Method 'javax.servlet.http.HttpServletRequest.getSession'
was converted to 'System.Web.HttpContext.Current.Session' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'>Method 'java.util.Map.entrySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.verifyCSRFToken():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'>Method 'javax.servlet.ServletRequest.getParameter'
was converted to 'System.Web.HttpRequest' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.encryptStateInCookie(java.util.Map):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Object.toString' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Object.toString' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'>Method 'java.util.Map.entrySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.update(long,long,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'>Data
types in Visual C# might be different. Verify the accuracy of narrowing
conversions.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'>Data
types in Visual C# might be different. Verify the accuracy of narrowing
conversions.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'>Data
types in Visual C# might be different. Verify the accuracy of narrowing
conversions.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.getSafeFileUploads(java.io.File,java.io.File):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaioFilecreateTempFile_javalangString_javalangString_javaioFile'>Method 'java.io.File.createTempFile'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.queryToMap(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeMapTreeMap'>Constructor 'java.util.TreeMap.TreeMap'
was converted to 'System.Collections.SortedList' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.TreeMap'
and 'System.Collections.SortedList' may cause compilation
errors.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.TreeMap'
and 'System.Collections.SortedList' may cause compilation
errors.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.safeSendForward(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcher'>Interface 'javax.servlet.RequestDispatcher'
was converted to 'System.Web.HttpServerUtility' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcherforward_javaxservletServletRequest_javaxservletServletResponse'>Method 'javax.servlet.RequestDispatcher.forward'
was converted to 'System.Web.HttpServerUtility.Transfer' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'>Reference
conversion may require user modification.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetRequestDispatcher_javalangString'>Method 'javax.servlet.ServletRequest.getRequestDispatcher'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.safeSendRedirect(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'>Reference
conversion may require user modification.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.setNoCacheHeaders():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletResponsesetDateHeader_javalangString_long'>Method 'javax.servlet.http.HttpServletResponse.setDateHeader'
was converted to 'System.Web.HttpResponse.AppendHeader' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.regex.Pattern' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.FileItem' could not be found. If it was
not included in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.ProgressListener' could not be found.
If it was not included in the conversion, there may be compiler
issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.disk.DiskFileItemFactory' could not be
found. If it was not included in the conversion, there may be compiler
issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.servlet.ServletFileUpload' could not be
found. If it was not included in the conversion, there may be compiler
issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue9"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue9"></a> IntrusionDetector.cs</td>
+ <td class="content">IntrusionDetector.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">6</td>
+ <td class="content">0</td>
+ <td class="content">6</td>
+ </tr>
+ <tr class="collapsed" id="issue9" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.IntrusionDetector.addException(java.lang.Exception):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Class.getName' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.IntrusionDetector.addEvent(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue10"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue10"></a> Logger.cs</td>
+ <td class="content">Logger.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">8</td>
+ <td class="content">0</td>
+ <td class="content">8</td>
+ </tr>
+ <tr class="collapsed" id="issue10" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Logger.logHTTPRequest(java.lang.String,javax.servlet.http.HttpServletRequest,java.util.List):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'>Method 'java.util.Map.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Logger.log(Level,java.lang.String,java.lang.String,java.lang.Throwable):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Class.getName' may return a
different value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Logger.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.logging.Level' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue11"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue11"></a> Randomizer.cs</td>
+ <td class="content">Randomizer.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">3</td>
+ <td class="content">0</td>
+ <td class="content">3</td>
+ </tr>
+ <tr class="collapsed" id="issue11" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Randomizer.Randomizer():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.security.SecureRandom.getInstance' may
return a different value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Randomizer.getRandomBoolean():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilRandomnextBoolean'>Method 'java.util.Random.nextBoolean'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Randomizer.getRandomGUID():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.net.InetAddress.getLocalHost' may
return a different value.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue12"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue12"></a> SecurityConfiguration.cs</td>
+ <td class="content">SecurityConfiguration.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">23</td>
+ <td class="content">0</td>
+ <td class="content">23</td>
+ </tr>
+ <tr class="collapsed" id="issue12" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.getAllowedFileExtensions():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.loadConfiguration():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Object.toString' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'>Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiesload_javaioInputStream'>Method 'java.util.Properties.load'
was converted to 'System.Collections.Specialized.NameValueCollection' which
has a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">10</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">11</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.getQuota(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.getValidationPatternNames():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1089'>Format
of property file may need to be changed.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.logging.Level' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.regex.Pattern' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangSystem'>Method 'java.lang.System.getProperty'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> Threshold.cs</td>
+ <td class="content">Threshold.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue13" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue14"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue14"></a> User.cs</td>
+ <td class="content">User.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">38</td>
+ <td class="content">0</td>
+ <td class="content">38</td>
+ </tr>
+ <tr class="collapsed" id="issue14" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.User(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.User(java.lang.String,java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.addRoles(java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.dump(java.util.Collection):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getExpirationTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getLastFailedLoginTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getLastLoginTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getLastPasswordChangeTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getRoles():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilCollections'>Method 'java.util.Collections.unmodifiableSet'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.isSessionAbsoluteTimeout(javax.servlet.http.HttpSession):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservlethttpHttpSessiongetCreationTime'>Method 'javax.servlet.http.HttpSession.getCreationTime'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.isSessionTimeout(javax.servlet.http.HttpSession):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservlethttpHttpSessiongetLastAccessedTime'>Method 'javax.servlet.http.HttpSession.getLastAccessedTime'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.logout():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpSessioninvalidate'>Method 'javax.servlet.http.HttpSession.invalidate'
was converted to 'System.Web.SessionState.HttpSessionState.Abandon' which
has a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletRequestgetSession_boolean'>Method 'javax.servlet.http.HttpServletRequest.getSession'
was converted to 'System.Web.HttpContext.Current.Session' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.save():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setExpirationTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setHashedPassword(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.util.List.add' may return a different
value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setLastFailedLoginTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setLastLoginTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setLastPasswordChangeTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setRoles(java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.Event.increment(int,long):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.Event.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue15"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue15"></a> Validator.cs</td>
+ <td class="content">Validator.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">21</td>
+ <td class="content">0</td>
+ <td class="content">21</td>
+ </tr>
+ <tr class="collapsed" id="issue15" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.isValidFileName(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.isValidHTTPRequest(javax.servlet.http.HttpServletRequest):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'>Method 'java.util.Enumeration.hasMoreElements'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">10</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'>Method 'java.util.Enumeration.hasMoreElements'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">11</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'>Method 'java.util.Enumeration.nextElement'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">12</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'>Method 'java.util.Enumeration.nextElement'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">13</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'>Method 'java.util.Map.entrySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">14</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.isValidParameterSet(java.util.Set,java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'>Method 'java.util.Map.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.regex.Pattern' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_4"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_4"></a> \errors</td>
+ </tr>
+ <tr class="collapsed" id="dir_4" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr>
+ <td nowrap class="header">New Filename</td>
+ <td nowrap class="header">Original Filename</td>
+ <td nowrap class="header">Status</td>
+ <td nowrap class="header">Errors</td>
+ <td nowrap class="header">Warnings</td>
+ <td nowrap class="header">Total Issues</td>
+ </tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AccessControlException.cs</td>
+ <td class="content">AccessControlException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue16" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AuthenticationAccountsException.cs</td>
+ <td class="content">AuthenticationAccountsException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue17" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AuthenticationCredentialsException.cs</td>
+ <td
class="content">AuthenticationCredentialsException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue18" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AuthenticationException.cs</td>
+ <td class="content">AuthenticationException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue19" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
***The diff for this file has been truncated for email.***
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport.css Tue Jun 14
21:31:31 2011
@@ -0,0 +1,208 @@
+BODY
+{
+ BACKGROUND-COLOR: white;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px
+}
+P
+{
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 70%;
+ LINE-HEIGHT: 12pt;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 10px
+}
+.note
+{
+ BACKGROUND-COLOR: #ffffff;
+ COLOR: #336699;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ LINE-HEIGHT: 12pt;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px;
+ PADDING-RIGHT: 10px
+}
+.infotable
+{
+ BACKGROUND-COLOR: #f0f0e0;
+ BORDER-BOTTOM: #ffffff 0px solid;
+ BORDER-COLLAPSE: collapse;
+ BORDER-LEFT: #ffffff 0px solid;
+ BORDER-RIGHT: #ffffff 0px solid;
+ BORDER-TOP: #ffffff 0px solid;
+ FONT-SIZE: 70%;
+ MARGIN-LEFT: 10px
+}
+.issuetable
+{
+ BACKGROUND-COLOR: #ffffe8;
+ BORDER-COLLAPSE: collapse;
+ COLOR: #000000;
+ FONT-SIZE: 100%;
+ MARGIN-BOTTOM: 10px;
+ MARGIN-LEFT: 13px;
+ MARGIN-TOP: 0px
+}
+.issuetitle
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px;
+ COLOR: #003366;
+ FONT-WEIGHT: normal
+}
+.header
+{
+ BACKGROUND-COLOR: #cecf9c;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: bold
+}
+.issuehdr
+{
+ BACKGROUND-COLOR: #E0EBF5;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.issuenone
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: 0px;
+ BORDER-LEFT: 0px;
+ BORDER-RIGHT: 0px;
+ BORDER-TOP: 0px;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.content
+{
+ BACKGROUND-COLOR: #e7e7ce;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ PADDING-LEFT: 3px
+}
+.issuecontent
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ PADDING-LEFT: 3px
+}
+A:link
+{
+ COLOR: #cc6633;
+ TEXT-DECORATION: underline
+}
+A:visited
+{
+ COLOR: #cc6633;
+}
+A:active
+{
+ COLOR: #cc6633;
+}
+A:hover
+{
+ COLOR: #cc3300;
+ TEXT-DECORATION: underline
+}
+H1
+{
+ BACKGROUND-COLOR: #003366;
+ BORDER-BOTTOM: #336699 6px solid;
+ COLOR: #ffffff;
+ FONT-SIZE: 130%;
+ FONT-WEIGHT: normal;
+ MARGIN: 0em 0em 0em -20px;
+ PADDING-BOTTOM: 8px;
+ PADDING-LEFT: 30px;
+ PADDING-TOP: 16px
+}
+H2
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 3px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px;
+ PADDING-LEFT: 0px
+}
+H3
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: -5px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px
+}
+H4
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-TOP: 15px;
+ PADDING-BOTTOM: 0px
+}
+UL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+OL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+LI
+{
+ LIST-STYLE: square;
+ MARGIN-LEFT: 0px
+}
+.expandable
+{
+ CURSOR: hand
+}
+.expanded
+{
+ color: black
+}
+.collapsed
+{
+ DISPLAY: none
+}
+.foot
+{
+BACKGROUND-COLOR: #ffffff;
+BORDER-BOTTOM: #cecf9c 1px solid;
+BORDER-TOP: #cecf9c 2px solid
+}
+.settings
+{
+MARGIN-LEFT: 25PX;
+}
+.help
+{
+TEXT-ALIGN: right;
+margin-right: 10px;
+}
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport_Blank.gif Tue
Jun 14 21:31:31 2011
@@ -0,0 +1,1 @@
+GIF89a ò €€€ÀÀÀÿÿÿ !ù , (ºÜ 0ÊA뀶â|
C šÇm iIh ;
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport_Minus.gif Tue
Jun 14 21:31:31 2011
@@ -0,0 +1,1 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã`2Ò:à œgüaWå”A ;
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport_Plus.gif Tue Jun
14 21:31:31 2011
@@ -0,0 +1,2 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã` D
+-¤ ÷ TW˜ Òè8 ;
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport.css Tue Jun 14
21:31:31 2011
@@ -0,0 +1,207 @@
+BODY
+{
+ BACKGROUND-COLOR: white;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px
+}
+P
+{
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 70%;
+ LINE-HEIGHT: 12pt;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 10px
+}
+.note
+{
+ BACKGROUND-COLOR: #ffffff;
+ COLOR: #336699;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px;
+ PADDING-RIGHT: 10px
+}
+.infotable
+{
+ BACKGROUND-COLOR: #f0f0e0;
+ BORDER-BOTTOM: #ffffff 0px solid;
+ BORDER-COLLAPSE: collapse;
+ BORDER-LEFT: #ffffff 0px solid;
+ BORDER-RIGHT: #ffffff 0px solid;
+ BORDER-TOP: #ffffff 0px solid;
+ FONT-SIZE: 70%;
+ MARGIN-LEFT: 10px
+}
+.issuetable
+{
+ BACKGROUND-COLOR: #ffffe8;
+ BORDER-COLLAPSE: collapse;
+ COLOR: #000000;
+ FONT-SIZE: 100%;
+ MARGIN-BOTTOM: 10px;
+ MARGIN-LEFT: 13px;
+ MARGIN-TOP: 0px
+}
+.issuetitle
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px;
+ COLOR: #003366;
+ FONT-WEIGHT: normal
+}
+.header
+{
+ BACKGROUND-COLOR: #cecf9c;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: bold
+}
+.issuehdr
+{
+ BACKGROUND-COLOR: #E0EBF5;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.issuenone
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: 0px;
+ BORDER-LEFT: 0px;
+ BORDER-RIGHT: 0px;
+ BORDER-TOP: 0px;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.content
+{
+ BACKGROUND-COLOR: #e7e7ce;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ PADDING-LEFT: 3px
+}
+.issuecontent
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ PADDING-LEFT: 3px
+}
+A:link
+{
+ COLOR: #cc6633;
+ TEXT-DECORATION: underline
+}
+A:visited
+{
+ COLOR: #cc6633;
+}
+A:active
+{
+ COLOR: #cc6633;
+}
+A:hover
+{
+ COLOR: #cc3300;
+ TEXT-DECORATION: underline
+}
+H1
+{
+ BACKGROUND-COLOR: #003366;
+ BORDER-BOTTOM: #336699 6px solid;
+ COLOR: #ffffff;
+ FONT-SIZE: 130%;
+ FONT-WEIGHT: normal;
+ MARGIN: 0em 0em 0em -20px;
+ PADDING-BOTTOM: 8px;
+ PADDING-LEFT: 30px;
+ PADDING-TOP: 16px
+}
+H2
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 3px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px;
+ PADDING-LEFT: 0px
+}
+H3
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: -5px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px
+}
+H4
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-TOP: 15px;
+ PADDING-BOTTOM: 0px
+}
+UL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+OL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+LI
+{
+ LIST-STYLE: square;
+ MARGIN-LEFT: 0px
+}
+.expandable
+{
+ CURSOR: hand
+}
+.expanded
+{
+ color: black
+}
+.collapsed
+{
+ DISPLAY: none
+}
+.foot
+{
+BACKGROUND-COLOR: #ffffff;
+BORDER-BOTTOM: #cecf9c 1px solid;
+BORDER-TOP: #cecf9c 2px solid
+}
+.settings
+{
+MARGIN-LEFT: 25PX;
+}
+.help
+{
+TEXT-ALIGN: right;
+margin-right: 10px;
+}
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport.xslt Tue Jun 14
21:31:31 2011
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl='urn:schemas-microsoft-com:xslt'>
+
+ <xsl:key name="ProjectKey" match="Event" use="@Project" />
+
+ <xsl:template match="Events" mode="createProjects">
+ <projects>
+ <xsl:for-each select="Event">
+ <!--xsl:sort select="@Project" order="descending"/-->
+ <xsl:if test="(1=position()) or
(preceding-sibling::*[1]/@Project != @Project)">
+
+ <xsl:variable name="ProjectName" select="@Project"/>
+
+ <project>
+ <xsl:attribute name="name">
+ <xsl:value-of select="@Project"/>
+ </xsl:attribute>
+
+ <xsl:if test="@Project=''">
+ <xsl:attribute name="solution">
+ <xsl:value-of select="@Solution"/>
+ </xsl:attribute>
+ </xsl:if>
+
+ <xsl:for-each select="key('ProjectKey',
$ProjectName)">
+ <!--xsl:sort select="@Source" /-->
+ <xsl:if test="(1=position()) or
(preceding-sibling::*[1]/@Source != @Source)">
+
+ <source>
+ <xsl:attribute name="name">
+ <xsl:value-of select="@Source"/>
+ </xsl:attribute>
+
+ <xsl:variable name="Source">
+ <xsl:value-of select="@Source"/>
+ </xsl:variable>
+
+ <xsl:for-each
select="key('ProjectKey', $ProjectName)[ @Source = $Source ]">
+
+ <event>
+ <xsl:attribute
name="error-level">
+ <xsl:value-of
select="@ErrorLevel"/>
+ </xsl:attribute>
+ <xsl:attribute
name="description">
+ <xsl:value-of
select="@Description"/>
+ </xsl:attribute>
+ </event>
+ </xsl:for-each>
+ </source>
+ </xsl:if>
+ </xsl:for-each>
+
+ </project>
+ </xsl:if>
+ </xsl:for-each>
+ </projects>
+ </xsl:template>
+
+ <xsl:template match="projects">
+ <xsl:for-each select="project">
+ <xsl:sort select="@Name" order="ascending"/>
+ <h2>
+ <xsl:if test="@solution">Solution: <xsl:value-of
select="@solution"/></xsl:if>
+ <xsl:if test="not(@solution)">Project: <xsl:value-of
select="@name"/>
+ <xsl:for-each select="source">
+ <xsl:variable name="Hyperlink" select="@name"/>
+ <xsl:for-each select="event[@error-level='4']">
+  <A class="note"><xsl:attribute name="HREF"><xsl:value-of
select="$Hyperlink"/></xsl:attribute><xsl:value-of
select="@description"/></A>
+ </xsl:for-each>
+ </xsl:for-each>
+ </xsl:if>
+ </h2>
+
+ <table cellpadding="2" cellspacing="0" width="98%" border="1"
bordercolor="white" class="infotable">
+ <tr>
+ <td nowrap="1" class="header"
_locID="Filename">Filename</td>
+ <td nowrap="1" class="header" _locID="Status">Status</td>
+ <td nowrap="1" class="header" _locID="Errors">Errors</td>
+ <td nowrap="1" class="header"
_locID="Warnings">Warnings</td>
+ </tr>
+
+ <xsl:for-each select="source">
+ <xsl:sort select="@name" order="ascending"/>
+ <xsl:variable name="source-id" select="generate-id(.)"/>
+
+ <xsl:if
test="count(event)!=count(event[@error-level='4'])">
+
+ <tr class="row">
+ <td class="content">
+ <A HREF="javascript:"><xsl:attribute
name="onClick">javascript:document.images['<xsl:value-of
select="$source-id"/>'].click()</xsl:attribute><IMG border="0"
alt="expand/collapse section" class="expandable" height="11"
onclick="changepic()" src="_UpgradeReport_Files/UpgradeReport_Plus.gif"
width="9" ><xsl:attribute name="name"><xsl:value-of
select="$source-id"/></xsl:attribute><xsl:attribute
name="child">src<xsl:value-of
select="$source-id"/></xsl:attribute></IMG></A> <xsl:value-of
select="@name"/>
+ </td>
+ <td class="content">
+ <xsl:if test="count(event[@error-level='3'])=1">
+ <xsl:for-each select="event[@error-level='3']">
+ <xsl:if
test="@description='Converted'">Converted</xsl:if>
+ <xsl:if
test="@description!='Converted'"><xsl:value-of
select="@description"/></xsl:if>
+ </xsl:for-each>
+ </xsl:if>
+ <xsl:if test="count(event[@error-level='3'])!=1
and count(event[@error-level='3' and
@description='Converted'])!=0">Converted
+ </xsl:if>
+ </td>
+ <td class="content"><xsl:value-of
select="count(event[@error-level='2'])"/></td>
+ <td class="content"><xsl:value-of
select="count(event[@error-level='1'])"/></td>
+ </tr>
+
+ <tr class="collapsed" bgcolor="#ffffff">
+ <xsl:attribute name="id">src<xsl:value-of
select="$source-id"/></xsl:attribute>
+
+ <td colspan="7">
+ <table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr>
+ <td colspan="7" class="issuetitle"
_locID="ConversionIssues">Conversion Issues - <xsl:value-of
select="@name"/>:</td>
+ </tr>
+
+ <xsl:for-each
select="event[@error-level!='3']">
+ <xsl:if test="@error-level!='4'">
+ <tr>
+ <td class="issuenone"
style="border-bottom:solid 1 lightgray">
+ <xsl:value-of
select="@description"/>
+ </td>
+ </tr>
+ </xsl:if>
+ </xsl:for-each>
+ </table>
+ </td>
+ </tr>
+ </xsl:if>
+ </xsl:for-each>
+
+ <tr valign="top">
+ <td class="foot">
+ <xsl:if test="count(source)!=1">
+ <xsl:value-of select="count(source)"/> files
+ </xsl:if>
+ <xsl:if test="count(source)=1">
+ 1 file
+ </xsl:if>
+ </td>
+ <td class="foot">
+ Converted: <xsl:value-of
select="count(source/event[@error-level='3' and
@description='Converted'])"/><BR />
+ Not converted <xsl:value-of select="count(source) -
count(source/event[@error-level='3' and @description='Converted'])"/>
+ </td>
+ <td class="foot"><xsl:value-of
select="count(source/event[@error-level='2'])"/></td>
+ <td class="foot"><xsl:value-of
select="count(source/event[@error-level='1'])"/></td>
+ </tr>
+ </table>
+ </xsl:for-each>
+ </xsl:template>
+
+ <xsl:template match="Property">
+ <xsl:if test="@Name!='Date' and @Name!='Time' and
@Name!='LogNumber' and @Name!='Solution'">
+ <tr><td nowrap="1"><b><xsl:value-of select="@Name"/>:
</b><xsl:value-of select="@Value"/></td></tr>
+ </xsl:if>
+ </xsl:template>
+
+ <xsl:template match="UpgradeLog">
+ <html>
+ <head>
+ <META HTTP-EQUIV="Content-Type" content="text/html;
charset=utf-8" />
+ <link rel="stylesheet"
href="_UpgradeReport_Files\UpgradeReport.css" />
+ <title>Conversion Report 
+ <xsl:if test="Properties/Property[@Name='LogNumber']">
+ <xsl:value-of
select="Properties/Property[@Name='LogNumber']/@Value"/>
+ </xsl:if>
+ </title>
+ <script language="javascript">
+ function outliner () {
+ oMe = window.event.srcElement
+ //get child element
+ var child =
document.all[event.srcElement.getAttribute("child",false)];
+ //if child element exists, expand or collapse it.
+ if (null != child)
+ child.className = child.className
== "collapsed" ? "expanded" : "collapsed";
+ }
+
+ function changepic() {
+ uMe = window.event.srcElement;
+ var check = uMe.src.toLowerCase();
+ if (check.lastIndexOf("upgradereport_plus.gif") !=
-1)
+ {
+ uMe.src
= "_UpgradeReport_Files/UpgradeReport_Minus.gif"
+ }
+ else
+ {
+ uMe.src
= "_UpgradeReport_Files/UpgradeReport_Plus.gif"
+ }
+ }
+ </script>
+ </head>
+ <body topmargin="0" leftmargin="0" rightmargin="0"
onclick="outliner();">
+ <h1 _locID="ConversionReport">Conversion Report -
<xsl:value-of select="Properties/Property[@Name='Solution']/@Value"/></h1>
+
+ <p><span class="note">
+ <b>Time of Conversion:</b>  <xsl:value-of
select="Properties/Property[@Name='Date']/@Value"/>  <xsl:value-of
select="Properties/Property[@Name='Time']/@Value"/><br/>
+ </span></p>
+
+ <xsl:variable name="SortedEvents">
+ <Events>
+ <xsl:for-each select="Event">
+ <xsl:sort select="@Project" order="ascending"/>
+ <xsl:sort select="@Source" order="ascending"/>
+ <xsl:sort select="@ErrorLevel"
order="ascending"/>
+ <Event>
+ <xsl:attribute
name="Project"><xsl:value-of select="@Project"/> </xsl:attribute>
+ <xsl:attribute
name="Solution"><xsl:value-of
select="/UpgradeLog/Properties/Property[@Name='Solution']/@Value"/>
</xsl:attribute>
+ <xsl:attribute name="Source"><xsl:value-of
select="@Source"/> </xsl:attribute>
+ <xsl:attribute
name="ErrorLevel"><xsl:value-of select="@ErrorLevel"/> </xsl:attribute>
+ <xsl:attribute
name="Description"><xsl:value-of select="@Description"/> </xsl:attribute>
+ </Event>
+ </xsl:for-each>
+ </Events>
+ </xsl:variable>
+
+ <xsl:variable name="Projects">
+ <xsl:apply-templates
select="msxsl:node-set($SortedEvents)/*" mode="createProjects"/>
+ </xsl:variable>
+
+ <xsl:apply-templates select="msxsl:node-set($Projects)/*"/>
+
+ <p></p><p>
+ <table class="note">
+ <tr>
+ <td nowrap="1">
+ <b>Conversion Settings</b>
+ </td>
+ </tr>
+ <xsl:apply-templates select="Properties"/>
+ </table></p>
+ </body>
+ </html>
+ </xsl:template>
+</xsl:stylesheet>
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport_Minus.gif Tue Jun 14
21:31:31 2011
@@ -0,0 +1,1 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã`2Ò:à œgüaWå”A ;
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport_Plus.gif Tue Jun 14
21:31:31 2011
@@ -0,0 +1,2 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã` D
+-¤ ÷ TW˜ Òè8 ;
=======================================
--- /dev/null
+++ /branches/2.0/build.xml Tue Jun 14 21:31:31 2011
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project basedir="." default="dist" name="owasp-esapi-java">
+ <target name="init">
+
+ <property file="local.properties"/>
+
+ <buildnumber/>
+ <property name="project.name" value="${ant.project.name}"/>
+ <property name="project.version" value="1.1.1"/>
+ <property name="build.dir" location="${basedir}/build"/>
+ <property name="jar"
location="${build.dir}/${project.name}-classes.jar"/>
+ <property name="src.dir" location="${basedir}/src"/>
+ <property name="test.dir" location="${basedir}/test"/>
+ <property name="dist.dir" location="${basedir}/dist"/>
+ <property name="javadoc.dir" location="${basedir}/doc/api"/>
+
+ </target>
+
+ <target depends="init" description="clean up the build area"
name="clean">
+ <delete includeemptydirs="true" failonerror="false">
+ <fileset dir="${build.dir}" includes="**/*"/>
+ <fileset dir="${dist.dir}" includes="**/*"/>
+ </delete>
+ <mkdir dir="${build.dir}"/>
+ <mkdir dir="${dist.dir}"/>
+ </target>
+
+ <target depends="init" description="Compile the sources"
name="compile">
+ <javac
+ deprecation="yes"
+ destdir="${build.dir}"
+ listfiles="no"
+ optimize="on"
+ srcdir="${src.dir}"
+ debug="on"
+ source="1.4"
+ target="1.4"
+ >
+ <classpath>
+ <fileset dir="lib">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </javac>
+ </target>
+ <target depends="compile" description="Build a jar file" name="build">
+ <jar basedir="${build.dir}" jarfile="${jar}">
+ </jar>
+ </target>
+ <target
+ depends="init,clean"
+ description="packages up the source files"
+ name="source"
+ >
+ <zip
destfile="${dist.dir}/${project.name}-src-${project.version}.zip">
+ <zipfileset
+ dir="${basedir}"
+ includes="build.xml"
+ prefix="${project.name}-${project.version}"
+ />
+ <zipfileset
+ dir="${src.dir}"
+ excludes="**/.*"
+ prefix="${project.name}-${project.version}/src"
+ />
+ <zipfileset
+ dir="${test.dir}"
+ excludes="**/.*"
+ prefix="${project.name}-${project.version}/test"
+ />
+ </zip>
+ </target>
+ <target depends="clean,build"
+ description="Build a standalone self-contained jar"
+ name="proguard" >
+ <taskdef
+ classpath="${proguard.location}/lib/proguard.jar"
+ resource="proguard/ant/task.properties"
+ />
+ <!-- ProGuard is used simply to aggregate the various libraries
into -->
+ <!-- a single distributable. No shrinking, optimization or
obfuscation -->
+ <!-- is performed. We ignore warnings about certain missing
classes -->
+ <!-- since they are not used/required -->
+ <proguard
+ ignorewarnings="true"
+ obfuscate="false"
+ optimize="false"
+ shrink="false"
+ verbose="false"
+ printusage="false"
+ >
+ <injar name="${jar}"/>
+ <injar name="lib/antisamy-bin.1.0.jar"/>
+ <injar name="lib/commons-fileupload-1.2.jar"/>
+ <injar name="lib/commons-io-1.3.2.jar"/>
+ <libraryjar name="${java.home}/lib/rt.jar"/>
+ <libraryjar name="${java.home}/lib/jsse.jar"/>
+ <libraryjar name="lib/servlet-api.jar"/>
+ <outjar
name="${dist.dir}/${project.name}-${project.version}.jar"/>
+ </proguard>
+ </target>
+ <target
+ depends="clean,source,build,proguard"
+ description="Build all distributables"
+ name="dist"
+ />
+</project>
=======================================
--- /dev/null
+++
/branches/2.0/obj/Debug/owasp-esapi-ASP-11.csproj.GenerateResource.Cache
Tue Jun 14 21:31:31 2011
@@ -0,0 +1,9 @@
+ ÿÿÿÿ XMicrosoft.Build.Tasks, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a (Microsoft.Build.Tasks.ResGenDependencies
resXFiles baseLinkedFileDirectory "Microsoft.Build.Tasks.Dependencies
+ "Microsoft.Build.Tasks.Dependencies dependencies
+System.Collections.Hashtable
+System.Collections.Hashtable
+LoadFactor Version Comparer HashCodeProvider HashSize Keys Values
+System.Collections.IComparer$System.Collections.IHashCodeProvider ìQ8?
+
+ Global.asax.resx
1Microsoft.Build.Tasks.ResGenDependencies+ResXFile linkedFiles DependencyFile+filename DependencyFile+lastModified DependencyFile+exists
+ z_VM £Êˆ
=======================================
--- /dev/null
+++ /branches/2.0/obj/Debug/owasp_esapi_ASP_11.Global.resources Tue Jun 14
21:31:31 2011
@@ -0,0 +1,1 @@
+ÎÊï¾ ‘ lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet PADPADP´
=======================================
--- /dev/null
+++ /branches/2.0/obj/owasp-esapi-ASP-11.csproj.FileListAbsolute.txt Tue
Jun 14 21:31:31 2011
@@ -0,0 +1,3 @@
+C:\Documents and Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\obj\Debug\ResolveAssemblyReference.cache
+C:\Documents and Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\obj\Debug\owasp_esapi_ASP_11.Global.resources
+C:\Documents and Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\obj\Debug\owasp-esapi-ASP-11.csproj.GenerateResource.Cache
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-1.1.xml Tue Jun 14 21:31:31 2011
@@ -0,0 +1,3155 @@
+<ConversionLog>
+ <Settings>
+ <Setting
+ Name = "LogFile"
+ Value = "owasp-esapi-ASP-1.1.xml"
+ />
+ <Setting
+ Name = "ProjectName"
+ Value = "owasp-esapi-ASP-11"
+ />
+ <Setting
+ Name = "StartTime"
+ Value = "Monday, June 23, 2008 19:31:18"
+ />
+ <Setting
+ Name = "OutputDir"
+ Value = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1"
+ />
+ <Setting
+ Name = "ProjectPath"
+ Value = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic ASP\owasp-esapi-java-1.1.1"
+ />
+ </Settings>
+ <Root>
+ <Directory Name = "src" >
+ <Directory Name = "org" >
+ <Directory Name = "owasp" >
+ <Directory Name = "esapi" >
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\AccessController.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AccessController.cs"
+ >
+ <Class Name
= "org.owasp.esapi.AccessController" >
+ <Section Name
= "overlap(java.util.Set,java.util.Set)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "loadRules(java.io.File)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileInputStreamFileInputStream_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileInputStream.FileInputStream' was converted
to 'System.IO.FileStream.FileStream' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.AccessController.Rule" >
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashSet"
+ Severity = "2"
+ >Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\AccessReferenceMap.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AccessReferenceMap.cs"
+ >
+ <Class Name
= "org.owasp.esapi.AccessReferenceMap" >
+ <Section Name = "iterator()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilTreeSet"
+ Severity = "2"
+ >Class 'java.util.TreeSet' was converted
to 'SupportClass.TreeSetSupport' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilTreeSet"
+ Severity = "2"
+ >Class 'java.util.TreeSet' was converted
to 'SupportClass.TreeSetSupport' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMapkeySet"
+ Severity = "2"
+ >Method 'java.util.HashMap.keySet' was
converted to 'SupportClass.HashSetSupport' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "removeDirectReference(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "update(java.util.Set)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMapkeySet"
+ Severity = "2"
+ >Method 'java.util.HashMap.keySet' was
converted to 'SupportClass.HashSetSupport' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ <Section Name
= "getIndirectReference(java.lang.Object)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "getDirectReference(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Authenticator.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Authenticator.cs"
+ >
+ <Class Name
= "org.owasp.esapi.Authenticator.ThreadLocalUser" >
+ <Section Name = "getUser()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name
= "setUser(org.owasp.esapi.interfaces.IUser)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Authenticator.ThreadLocalRequest" >
+ <Section Name = "getRequest()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name
= "setUser(javax.servlet.http.HttpServletRequest)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Authenticator.ThreadLocalResponse" >
+ <Section Name = "getResponse()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name
= "setUser(javax.servlet.http.HttpServletResponse)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ <Section Name = "clearCurrent()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ <Section Name = "getCurrentUser()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name = "getCurrentRequest()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name = "getCurrentResponse()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name = "getUserNames()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashSet"
+ Severity = "2"
+ >Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilMapkeySet"
+ Severity = "2"
+ >Method 'java.util.Map.keySet' was
converted to 'SupportClass.HashSetSupport' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "loadUsersIfNecessary()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.File.lastModified' may return a different value.</Issue>
+ </Section>
+ <Section Name = "loadUsersImmediately()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the expected value of
parameters for constructor 'java.io.BufferedReader.BufferedReader' may
cause compilation errors. </Issue>
+ <Issue
+ Type = "Runtime"
+ Number = "1181"
+ Severity = "2"
+ >At least one expression was used more
than once in the target code.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ Severity = "2"
+
>Constructor 'java.io.FileReader.FileReader' was converted
to 'System.IO.StreamReader' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ Severity = "2"
+
>Constructor 'java.io.FileReader.FileReader' was converted
to 'System.IO.StreamReader' which has a different behavior.</Issue>
+ </Section>
+ <Section Name
= "loginWithUsernameAndPassword(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)"
>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxservletServletRequestgetParameter_javalangString"
+ Severity = "2"
+
>Method 'javax.servlet.ServletRequest.getParameter' was converted
to 'System.Web.HttpRequest' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxservletServletRequestgetParameter_javalangString"
+ Severity = "2"
+
>Method 'javax.servlet.ServletRequest.getParameter' was converted
to 'System.Web.HttpRequest' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "saveUsers()" >
+ <Issue
+ Type = "Runtime"
+ Number = "1181"
+ Severity = "2"
+ >At least one expression was used more
than once in the target code.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileWriterFileWriter_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileWriter.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javaioFileWriter"
+ Severity = "2"
+ >Class 'java.io.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileWriterFileWriter_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileWriter.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javaioFileWriter"
+ Severity = "2"
+ >Class 'java.io.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.PrintWriter.println' may return a different value.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln_javalangString"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.PrintWriter.println' may return a different value.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln_javalangString"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.File.lastModified' may return a different value.</Issue>
+ </Section>
+ <Section Name
= "saveUsers(java.io.PrintWriter)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.PrintWriter.println' may return a different value.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln_javalangString"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "setCurrentHTTP(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)"
>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+ >Class 'java.lang.InheritableThreadLocal'
was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+ >Class 'java.lang.InheritableThreadLocal'
was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+ >Class 'java.lang.InheritableThreadLocal'
was not converted.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Encoder.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Encoder.cs"
+ >
+ <Class Name = "org.owasp.esapi.Encoder" >
+ <Section Name
= "encodeForBase64(byte[],boolean)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+ >Method 'sun.misc.CharacterEncoder.encode'
was not converted.</Issue>
+ </Section>
+ <Section Name
= "decodeFromBase64(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+
>Method 'sun.misc.CharacterDecoder.decodeBuffer' was not converted.</Issue>
+ </Section>
+ <Section Name = "initializeMaps()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Encoder.EncodedStringReader" >
+ <Section Name
= "parsePercent(java.lang.String,int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ Severity = "2"
+ >Method 'java.lang.Integer.parseInt' was
converted to 'System.Convert.ToInt32' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "parseEntity(java.lang.String,int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1291"
+ Severity = "3"
+ >The 'System.Char' structure does not have
an equivalent to NULL.</Issue>
+ <Issue
+ Type = "Runtime"
+ Number = "1101"
+ Severity = "2"
+ >Method 'java.lang.String.indexOf' was
converted to 'System.String.IndexOf' which may throw an exception.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Encoder.EncodedCharacter" >
+ <Section Name = "getEncoded(int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+ >Class 'sun.misc.BASE64Encoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+
>Constructor 'sun.misc.BASE64Encoder.BASE64Encoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+ >Class 'sun.misc.BASE64Decoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+
>Constructor 'sun.misc.BASE64Decoder.BASE64Decoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1262"
+ Severity = "2"
+ >The type 'sun.text.Normalizer' could not
be found. If it was not included in the conversion, there may be compiler
issues.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\EncryptedProperties.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EncryptedProperties.cs"
+ >
+ <Class Name
= "org.owasp.esapi.EncryptedProperties" >
+ <Section Name
= "setProperty(java.lang.String,java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilPropertiessetProperty_javalangString_javalangString"
+ Severity = "2"
+ >Method 'java.util.Properties.setProperty'
was converted to 'System.Collections.Specialized.NameValueCollection.Item'
which has a different behavior.</Issue>
+ </Section>
+ <Section Name
= "load(java.io.InputStream)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilPropertiesload_javaioInputStream"
+ Severity = "2"
+ >Method 'java.util.Properties.load' was
converted to 'System.Collections.Specialized.NameValueCollection' which has
a different behavior.</Issue>
+ </Section>
+ <Section Name
= "store(java.io.OutputStream,java.lang.String)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javautilPropertiesstore_javaioOutputStream_javalangString"
+ Severity = "1"
+ >Method 'java.util.Properties.store' was
not converted.</Issue>
+ </Section>
+ <Section Name = "main(java.lang.String[])"
>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileInputStreamFileInputStream_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileInputStream.FileInputStream' was converted
to 'System.IO.FileStream.FileStream' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the expected value of
parameters for constructor 'java.io.BufferedReader.BufferedReader' may
cause compilation errors. </Issue>
+ <Issue
+ Type = "Runtime"
+ Number = "1181"
+ Severity = "2"
+ >At least one expression was used more
than once in the target code.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileOutputStreamFileOutputStream_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileOutputStream.FileOutputStream' was converted
to 'System.IO.FileStream.FileStream' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "Compile"
+ Number = "1186"
+ Severity = "2"
+ >Class hierarchy differences
between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1089"
+ Severity = "2"
+ >Format of property file may need to be
changed.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1186"
+ Severity = "2"
+ >Class hierarchy differences
between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Encryptor.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Encryptor.cs"
+ >
+ <Class Name = "org.owasp.esapi.Encryptor" >
+ <Section Name = "Encryptor()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javaxcryptospecPBEParameterSpec"
+ Severity = "1"
+
>Constructor 'javax.crypto.spec.PBEParameterSpec.PBEParameterSpec' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1287"
+ Severity = "2"
+ >A transformation string might not be
supported by the classes in the System.Security.Cryptography
namespace.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxcryptoSecretKeyFactorygenerateSecret_javasecurityspecKeySpec"
+ Severity = "2"
+
>Method 'javax.crypto.SecretKeyFactory.generateSecret' was converted
to 'System.Security.Cryptography.SymmetricAlgorithm.GenerateKey' which has
a different behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+ >Class 'java.security.KeyPairGenerator'
was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+
>Method 'java.security.KeyPairGenerator.getInstance' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.security.SecureRandom.getInstance' may return a different
value.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+
>Method 'java.security.KeyPairGenerator.initialize' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1277"
+ Severity = "2"
+ >The class 'java.security.KeyPair' was
converted to 'SupportClass.KeyPairSupport', which is not
serializable.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+
>Method 'java.security.KeyPairGenerator.generateKeyPair' was not
converted.</Issue>
+ </Section>
+ <Section Name
= "encrypt(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javalangStringgetBytes_javalangString"
+ Severity = "2"
+ >Method 'java.lang.String.getBytes' was
converted to 'System.Text.Encoding.GetEncoding(string).GetBytes(string)'
which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ <Section Name
= "decrypt(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the Format of
parameters for constructor 'java.lang.String.String' may cause compilation
errors. </Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ <Section Name = "sign(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignatureinitSign_javasecurityPrivateKey"
+ Severity = "2"
+ >Method 'java.security.Signature.initSign'
was converted to 'SupportClass.DigitalSignature.Signing' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignaturesign"
+ Severity = "2"
+ >Method 'java.security.Signature.sign' was
converted to 'SupportClass.DigitalSignature.Sign' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "verifySignature(java.lang.String,java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignatureinitVerify_javasecurityPublicKey"
+ Severity = "2"
+
>Method 'java.security.Signature.initVerify' was converted
to 'SupportClass.DigitalSignature.Verification' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignatureverify_byte[]"
+ Severity = "2"
+ >Method 'java.security.Signature.verify'
was converted to 'SupportClass.DigitalSignature.Verify' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ <Section Name
= "verifySeal(java.lang.String,java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilDategetTime"
+ Severity = "2"
+ >Method 'java.util.Date.getTime' was
converted to 'System.DateTime.Ticks' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "getTimeStamp()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilDategetTime"
+ Severity = "2"
+ >Method 'java.util.Date.getTime' was
converted to 'System.DateTime.Ticks' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javaxcryptospecPBEParameterSpec"
+ Severity = "1"
+
>Class 'javax.crypto.spec.PBEParameterSpec' was not converted.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <Directory Name = "errors" >
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AccessControlException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AccessControlException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationAccountsException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationAccountsException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationCredentialsException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationCredentialsException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationHostException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationHostException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationLoginException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationLoginException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AvailabilityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AvailabilityException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\CertificateException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\CertificateException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\EncodingException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EncodingException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\EncryptionException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EncryptionException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\EnterpriseSecurityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EnterpriseSecurityException.cs"
+ >
+ <Class Name
= "org.owasp.esapi.errors.EnterpriseSecurityException" >
+ <Section Name = "getUserMessage()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ExecutorException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ExecutorException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\IntegrityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\IntegrityException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\IntrusionException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\IntrusionException.cs"
+ >
+ <Class Name
= "org.owasp.esapi.errors.IntrusionException" >
+ <Section Name = "getUserMessage()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ValidationAvailabilityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ValidationAvailabilityException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ValidationException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ValidationException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ValidationUploadException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ValidationUploadException.cs"
+ />
+ </Directory>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\ESAPI.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ESAPI.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Executor.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Executor.cs"
+ >
+ <Class Name = "org.owasp.esapi.Executor" >
+ <Section Name
= "executeSystemCommand(java.io.File,java.util.List,java.io.File,int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangRuntimeexec_javalangString[]_javalangString[]_javaioFile"
+ Severity = "1"
+ >Method 'java.lang.Runtime.exec' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the expected value of
parameters for constructor 'java.io.BufferedReader.BufferedReader' may
cause compilation errors. </Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <Directory Name = "filters" >
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\filters\ESAPIFilter.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ESAPIFilter.cs"
+ >
+ <Class Name
= "org.owasp.esapi.filters.ESAPIFilter" >
+ <Section Name
= "doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)"
>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxservletRequestDispatcher"
+ Severity = "2"
+
>Interface 'javax.servlet.RequestDispatcher' was converted
to 'System.Web.HttpServerUtility' which has a different behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javaxservletServletRequestgetRequestDispatcher_javalangString"
***The diff for this file has been truncated for email.***
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.csproj Tue Jun 14 21:31:31 2011
@@ -0,0 +1,210 @@
+<Project DefaultTargets="Build"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup>
+ <SchemaVersion>2.0</SchemaVersion>
+
<ProjectTypeGuids>{349c5851-65df-11da-9384-00065b846f21};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}</ProjectTypeGuids>
+ <Configuration Condition=" '$(Configuration)'
== '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+ <ApplicationIcon>
+ </ApplicationIcon>
+ <AssemblyKeyContainerName>
+ </AssemblyKeyContainerName>
+ <AssemblyName>owasp-esapi-ASP-11</AssemblyName>
+ <AssemblyOriginatorKeyFile>
+ </AssemblyOriginatorKeyFile>
+ <DefaultClientScript>JScript</DefaultClientScript>
+ <DefaultHTMLPageLayout>Grid</DefaultHTMLPageLayout>
+ <DefaultTargetSchema>IE50</DefaultTargetSchema>
+ <DelaySign>false</DelaySign>
+ <OutputType>Library</OutputType>
+ <RootNamespace>owasp_esapi_ASP_11</RootNamespace>
+ <NoStandardLibraries>false</NoStandardLibraries>
+ <RunPostBuildEvent>OnBuildSuccess</RunPostBuildEvent>
+ <StartupObject>
+ </StartupObject>
+ <FileUpgradeFlags>
+ </FileUpgradeFlags>
+ <UpgradeBackupLocation>
+ </UpgradeBackupLocation>
+ <ProjectGuid>{366DD1B5-7540-4310-847C-168784D8B207}</ProjectGuid>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|
AnyCPU' ">
+ <OutputPath>bin\</OutputPath>
+ <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
+ <BaseAddress>285212672</BaseAddress>
+ <CheckForOverflowUnderflow>false</CheckForOverflowUnderflow>
+ <ConfigurationOverrideFile>
+ </ConfigurationOverrideFile>
+ <DefineConstants>
+ </DefineConstants>
+ <DocumentationFile>
+ </DocumentationFile>
+ <DebugSymbols>true</DebugSymbols>
+ <FileAlignment>4096</FileAlignment>
+ <NoStdLib>false</NoStdLib>
+ <NoWarn>
+ </NoWarn>
+ <RegisterForComInterop>false</RegisterForComInterop>
+ <RemoveIntegerChecks>false</RemoveIntegerChecks>
+ <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+ <WarningLevel>4</WarningLevel>
+ <DebugType>full</DebugType>
+ <ErrorReport>prompt</ErrorReport>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|
AnyCPU' ">
+ <OutputPath>bin\</OutputPath>
+ <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
+ <BaseAddress>285212672</BaseAddress>
+ <CheckForOverflowUnderflow>false</CheckForOverflowUnderflow>
+ <ConfigurationOverrideFile>
+ </ConfigurationOverrideFile>
+ <DefineConstants>
+ </DefineConstants>
+ <DocumentationFile>
+ </DocumentationFile>
+ <DebugSymbols>true</DebugSymbols>
+ <FileAlignment>4096</FileAlignment>
+ <NoStdLib>false</NoStdLib>
+ <NoWarn>
+ </NoWarn>
+ <RegisterForComInterop>false</RegisterForComInterop>
+ <RemoveIntegerChecks>false</RemoveIntegerChecks>
+ <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+ <WarningLevel>4</WarningLevel>
+ <DebugType>full</DebugType>
+ <ErrorReport>prompt</ErrorReport>
+ </PropertyGroup>
+ <ItemGroup>
+ <Reference Include="mscorlib">
+ <Name>mscorlib</Name>
+ </Reference>
+ <Reference Include="System">
+ <Name>System</Name>
+ </Reference>
+ <Reference Include="System.Data">
+ <Name>System.Data</Name>
+ </Reference>
+ <Reference Include="System.Design">
+ <Name>System.Design</Name>
+ </Reference>
+ <Reference Include="System.Drawing">
+ <Name>System.Drawing</Name>
+ </Reference>
+ <Reference Include="System.Management">
+ <Name>System.Management</Name>
+ </Reference>
+ <Reference Include="System.Web">
+ <Name>System.Web</Name>
+ </Reference>
+ <Reference Include="System.Windows.Forms">
+ <Name>System.Windows.Forms</Name>
+ </Reference>
+ <Reference Include="System.Xml">
+ <Name>System.Xml</Name>
+ </Reference>
+ <Reference Include="System.XML">
+ <Name>System.XML</Name>
+ </Reference>
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="AssemblyInfo.cs" />
+ <Compile Include="Global.asax.cs">
+ <DependentUpon>Global.asax</DependentUpon>
+ <SubType>Code</SubType>
+ </Compile>
+ <Compile Include="src\org\owasp\esapi\AccessController.cs" />
+ <Compile Include="src\org\owasp\esapi\AccessReferenceMap.cs" />
+ <Compile Include="src\org\owasp\esapi\Authenticator.cs" />
+ <Compile Include="src\org\owasp\esapi\Encoder.cs" />
+ <Compile Include="src\org\owasp\esapi\EncryptedProperties.cs" />
+ <Compile Include="src\org\owasp\esapi\Encryptor.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AccessControlException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationAccountsException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationCredentialsException.cs"
/>
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationHostException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationLoginException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\AvailabilityException.cs"
/>
+ <Compile Include="src\org\owasp\esapi\errors\CertificateException.cs"
/>
+ <Compile Include="src\org\owasp\esapi\errors\EncodingException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\EncryptionException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\EnterpriseSecurityException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\ExecutorException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\IntegrityException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\IntrusionException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\ValidationAvailabilityException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\ValidationException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\ValidationUploadException.cs" />
+ <Compile Include="src\org\owasp\esapi\ESAPI.cs" />
+ <Compile Include="src\org\owasp\esapi\Executor.cs" />
+ <Compile Include="src\org\owasp\esapi\filters\ESAPIFilter.cs" />
+ <Compile Include="src\org\owasp\esapi\HTTPUtilities.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IAccessController.cs"
/>
+ <Compile
Include="src\org\owasp\esapi\interfaces\IAccessReferenceMap.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IAuthenticator.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IEncoder.cs" />
+ <Compile
Include="src\org\owasp\esapi\interfaces\IEncryptedProperties.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IEncryptor.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IExecutor.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IHTTPUtilities.cs" />
+ <Compile
Include="src\org\owasp\esapi\interfaces\IIntrusionDetector.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\ILogger.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IRandomizer.cs" />
+ <Compile
Include="src\org\owasp\esapi\interfaces\ISecurityConfiguration.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IUser.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IValidator.cs" />
+ <Compile Include="src\org\owasp\esapi\IntrusionDetector.cs" />
+ <Compile Include="src\org\owasp\esapi\Logger.cs" />
+ <Compile Include="src\org\owasp\esapi\PKCSKeyGenerator.cs" />
+ <Compile Include="src\org\owasp\esapi\Randomizer.cs" />
+ <Compile Include="src\org\owasp\esapi\SecurityConfiguration.cs" />
+ <Compile Include="src\org\owasp\esapi\Threshold.cs" />
+ <Compile Include="src\org\owasp\esapi\User.cs" />
+ <Compile Include="src\org\owasp\esapi\Validator.cs" />
+ <Compile Include="SupportClass.cs" />
+ <Content Include="build.xml" />
+ <Content Include="Global.asax">
+ <SubType>Component</SubType>
+ </Content>
+ <Content Include="src\org\owasp\esapi\doc-files\Architecture.jpg" />
+ <Content Include="src\org\owasp\esapi\doc-files\OWASPTopTen.jpg" />
+ <Content Include="src\org\owasp\esapi\errors\package.html" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\AccessController.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\AccessReferenceMap.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\Authenticator.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\HTTPUtilities.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\IntrusionDetector.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\Validator.jpg" />
+ <Content Include="src\org\owasp\esapi\interfaces\package.html" />
+ <Content Include="src\org\owasp\esapi\package.html" />
+ <Content Include="Web.config" />
+ <EmbeddedResource Include="Global.asax.resx">
+ <DependentUpon>Global.asax.cs</DependentUpon>
+ </EmbeddedResource>
+ <None Include="_ConversionReport.htm">
+ <SubType>Preview</SubType>
+ </None>
+ </ItemGroup>
+ <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+ <PropertyGroup>
+ <PreBuildEvent>
+ </PreBuildEvent>
+ <PostBuildEvent>
+ </PostBuildEvent>
+ </PropertyGroup>
+ <Import
Project="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v8.0\WebApplications\Microsoft.WebApplication.targets"
/>
+ <ProjectExtensions>
+ <VisualStudio>
+ <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">
+ <WebProjectProperties>
+ <UseIIS>False</UseIIS>
+ <AutoAssignPort>True</AutoAssignPort>
+ <DevelopmentServerPort>0</DevelopmentServerPort>
+ <DevelopmentServerVPath>/</DevelopmentServerVPath>
+ <IISUrl>
+ </IISUrl>
+ <NTLMAuthentication>False</NTLMAuthentication>
+ </WebProjectProperties>
+ </FlavorProperties>
+ </VisualStudio>
+ </ProjectExtensions>
+</Project>
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.csproj.user Tue Jun 14 21:31:31 2011
@@ -0,0 +1,33 @@
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup>
+ <ProjectView>ProjectFiles</ProjectView>
+ </PropertyGroup>
+ <ProjectExtensions>
+ <VisualStudio>
+ <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">
+ <WebProjectProperties>
+ <StartPageUrl>
+ </StartPageUrl>
+ <StartAction>CurrentPage</StartAction>
+ <AspNetDebugging>True</AspNetDebugging>
+ <NativeDebugging>False</NativeDebugging>
+ <SQLDebugging>False</SQLDebugging>
+ <PublishCopyOption>RunFiles</PublishCopyOption>
+ <PublishTargetLocation>
+ </PublishTargetLocation>
+ <PublishDeleteAllFiles>False</PublishDeleteAllFiles>
+ <PublishCopyAppData>True</PublishCopyAppData>
+ <ExternalProgram>
+ </ExternalProgram>
+ <StartExternalURL>
+ </StartExternalURL>
+ <StartCmdLineArguments>
+ </StartCmdLineArguments>
+ <StartWorkingDirectory>
+ </StartWorkingDirectory>
+ <EnableENC>False</EnableENC>
+ </WebProjectProperties>
+ </FlavorProperties>
+ </VisualStudio>
+ </ProjectExtensions>
+</Project>
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.sln Tue Jun 14 21:31:31 2011
@@ -0,0 +1,24 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}")
= "owasp-esapi-ASP-11", "owasp-esapi-ASP-11.csproj", "{366DD1B5-7540-4310-847C-168784D8B207}"
+ ProjectSection(WebsiteProperties) = preProject
+ Debug.AspNetCompiler.Debug = "True"
+ Release.AspNetCompiler.Debug = "False"
+ EndProjectSection
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {366DD1B5-7540-4310-847C-168784D8B207}.Debug|Any CPU.ActiveCfg = Debug|
Any CPU
+ {366DD1B5-7540-4310-847C-168784D8B207}.Debug|Any CPU.Build.0 = Debug|Any
CPU
+ {366DD1B5-7540-4310-847C-168784D8B207}.Release|Any CPU.ActiveCfg =
Release|Any CPU
+ {366DD1B5-7540-4310-847C-168784D8B207}.Release|Any CPU.Build.0 = Release|
Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.suo Tue Jun 14 21:31:31 2011
Binary file, no diff available.
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/AccessController.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,537 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using AccessControlException =
org.owasp.esapi.errors.AccessControlException;
+using EncodingException = org.owasp.esapi.errors.EncodingException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+using ValidationException = org.owasp.esapi.errors.ValidationException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IAccessController
interface. This reference
+ /// implementation uses a simple model for specifying a set of access
control
+ /// rules. Many organizations will want to create their own
implementation of the
+ /// methods provided in the IAccessController interface.
+ /// <P>
+ /// This reference implementation uses a simple scheme for specifying the
rules.
+ /// The first step is to create a namespace for the resources being
accessed. For
+ /// files and URL's, this is easy as they already have a namespace. Be
extremely
+ /// careful about canonicalizing when relying on information from the
user in an
+ /// access ctnrol decision.
+ /// <P>
+ /// For functions, data, and services, you will have to come up with your
own
+ /// namespace for the resources being accessed. You might simply define a
flat
+ /// namespace with a list of category names. For example, you might
specify
+ /// 'FunctionA', 'FunctionB', and 'FunctionC'. Or you can create a richer
+ /// namespace with a hierarchical structure, such as:
+ /// <P>
+ /// /functions
+ /// <ul>
+ /// <li>purchasing</li>
+ /// <li>shipping</li>
+ /// <li>inventory</li>
+ /// </ul>
+ /// /admin
+ /// <ul>
+ /// <li>createUser</li>
+ /// <li>deleteUser</li>
+ /// </ul>
+ /// Once you've defined your namespace, you have to work out the rules
that
+ /// govern access to the different parts of the namespace. This
implementation
+ /// allows you to attach a simple access control list (ACL) to any part
of the
+ /// namespace tree. The ACL lists a set of roles that are either allowed
or
+ /// denied access to a part of the tree. You specify these rules in a
textfile
+ /// with a simple format.
+ /// <P>
+ /// There is a single configuration file supporting each of the five
methods in
+ /// the IAccessController interface. These files are located in the ESAPI
+ /// resources directory as specified when the JVM was started. The use of
a
+ /// default deny rule is STRONGLY recommended. The file format is as
follows:
+ ///
+ /// <pre>
+ /// path | role,role | allow/deny | comment
+ ///
------------------------------------------------------------------------------------
+ /// /banking/* | user,admin | allow | authenticated users can
access /banking
+ /// /admin | admin | allow | only admin role can access
/admin
+ /// / | any | deny | default deny rule
+ /// </pre>
+ ///
+ /// To find the matching rules, this implementation follows the general
approach
+ /// used in Java EE when matching HTTP requests to servlets in web.xml.
The
+ /// four mapping rules are used in the following order:
+ /// <ul>
+ /// <li>exact match, e.g. /access/login</li>
+ /// <li>longest path prefix match, beginning / and ending /*, e.g.
/access/* or /*</li>
+ /// <li>extension match, beginning *., e.g. *.css</li>
+ /// <li>default rule, specified by the single character pattern /</li>
+ /// </ul>
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.w...@aspectsecurity.com)
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IAccessController">
+ /// </seealso>
+ public class AccessController :
org.owasp.esapi.interfaces.IAccessController
+ {
+ private void InitBlock()
+ {
+ deny = new Rule(this);
+ }
+
+ /// <summary>The resource directory. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'resourceDirectory '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'resourceDirectory' was moved to
static
method 'org.owasp.esapi.AccessController'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly System.IO.FileInfo resourceDirectory;
+
+ /// <summary>The url map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary urlMap = new
System.Collections.Hashtable();
+
+ /// <summary>The function map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary functionMap = new
System.Collections.Hashtable();
+
+ /// <summary>The data map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary dataMap = new
System.Collections.Hashtable();
+
+ /// <summary>The file map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary fileMap = new
System.Collections.Hashtable();
+
+ /// <summary>The service map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary serviceMap = new
System.Collections.Hashtable();
+
+ /// <summary>The deny. </summary>
+ //UPGRADE_NOTE: The initialization of 'deny' was moved to
method 'InitBlock'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private Rule deny;
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.AccessController'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static Logger logger;
+
+ public AccessController()
+ {
+ InitBlock();
+ }
+
+ // FIXME: consider adding flag for logging
+ // FIXME: perhaps an enumeration for context (i.e. the layer the call is
made from)
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForURL(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForURL(System.String url)
+ {
+ if ((urlMap.Count == 0))
+ {
+ try
+ {
+ urlMap = loadRules(new System.IO.FileInfo(resourceDirectory.FullName
+ "\\" + "URLAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(urlMap, url);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForFunction(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForFunction(System.String functionName)
+ {
+ if ((functionMap.Count == 0))
+ {
+ try
+ {
+ functionMap = loadRules(new
System.IO.FileInfo(resourceDirectory.FullName + "\\"
+ "FunctionAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(functionMap, functionName);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForData(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForData(System.String key)
+ {
+ if ((dataMap.Count == 0))
+ {
+ try
+ {
+ dataMap = loadRules(new System.IO.FileInfo(resourceDirectory.FullName
+ "\\" + "DataAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(dataMap, key);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForFile(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForFile(System.String filepath)
+ {
+ if ((fileMap.Count == 0))
+ {
+ try
+ {
+ fileMap = loadRules(new System.IO.FileInfo(resourceDirectory.FullName
+ "\\" + "FileAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ // FIXME: AAA think about canonicalization here - use Java file
canonicalizer
+ // remember that Windows paths have \ instad of /
+ return matchRule(fileMap, filepath.replaceAll("\\\\", "/"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForBackendService(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForService(System.String serviceName)
+ {
+ if ((serviceMap.Count == 0))
+ {
+ try
+ {
+ serviceMap = loadRules(new
System.IO.FileInfo(resourceDirectory.FullName + "\\"
+ "ServiceAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(serviceMap, serviceName);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /// <summary> Match rule.
+ ///
+ /// </summary>
+ /// <param name="map">the map
+ /// </param>
+ /// <param name="path">the path
+ ///
+ /// </param>
+ /// <returns> true, if successful
+ ///
+ /// </returns>
+ /// <throws> AccessControlException </throws>
+ /// <summary> the access control exception
+ /// </summary>
+ private bool matchRule(System.Collections.IDictionary map, System.String
path)
+ {
+ // get users roles
+ User user = ESAPI.authenticator().getCurrentUser();
+ if (user == null)
+ {
+ return false;
+ }
+ SupportClass.SetSupport roles = user.Roles;
+ // search for the first rule that matches the path and rules
+ Rule rule = searchForRule(map, roles, path);
+ return rule.allow;
+ }
+
+ /// <summary> Search for rule. Four mapping rules are used in order: -
exact match,
+ /// e.g. /access/login - longest path prefix match, beginning / and
ending
+ /// /*, e.g. /access/* or /* - extension match, beginning *., e.g. *.css
-
+ /// default servlet, specified by the single character pattern /
+ ///
+ /// </summary>
+ /// <param name="map">the map
+ /// </param>
+ /// <param name="roles">the roles
+ /// </param>
+ /// <param name="path">the path
+ ///
+ /// </param>
+ /// <returns> the rule
+ ///
+ /// </returns>
+ /// <throws> AccessControlException </throws>
+ /// <summary> the access control exception
+ /// </summary>
+ private Rule searchForRule(System.Collections.IDictionary map,
SupportClass.SetSupport roles, System.String path)
+ {
+ System.String canonical = null;
+ try
+ {
+ canonical = ESAPI.encoder().canonicalize(path);
+ }
+ catch (EncodingException ee)
+ {
+ throw new AccessControlException("Internal error", "Failed to
canonicaliize input ", ee);
+ }
+
+ System.String part = canonical;
+ while (part.EndsWith("/"))
+ {
+ part = part.Substring(0, (part.Length - 1) - (0));
+ }
+
+ if (part.IndexOf("..") != - 1)
+ {
+ throw new IntrusionException("Attempt to manipulate access control
path", "Attempt to manipulate access control path: " + path);
+ }
+
+ // extract extension if any
+ System.String extension = "";
+ int extIndex = part.LastIndexOf(".");
+ if (extIndex != - 1)
+ {
+ extension = part.Substring(extIndex + 1);
+ }
+
+ // Check for exact match - ignore any ending slash
+ Rule rule = (Rule) map[part];
+
+ // Check for ending with /*
+ if (rule == null)
+ rule = (Rule) map[part + "/*"];
+
+ // Check for matching extension rule *.ext
+ if (rule == null)
+ rule = (Rule) map["*." + extension];
+
+ // if rule found and user's roles match rules' roles, return the rule
+ if (rule != null && overlap(rule.roles, roles))
+ return rule;
+
+ // if rule has not been found, strip off the last element and recurse
+ part = part.Substring(0, (part.LastIndexOf('/')) - (0));
+
+ // return default deny
+ if (part.Length <= 1)
+ {
+ return deny;
+ }
+
+ return searchForRule(map, roles, part);
+ }
+
+ /// <summary> Return true if there is overlap between the two sets.
+ ///
+ /// </summary>
+ /// <param name="ruleRoles">the rule roles
+ /// </param>
+ /// <param name="userRoles">the user roles
+ ///
+ /// </param>
+ /// <returns> true, if successful
+ /// </returns>
+ private bool overlap(SupportClass.SetSupport ruleRoles,
SupportClass.SetSupport userRoles)
+ {
+ if (ruleRoles.Contains("any"))
+ {
+ return true;
+ }
+ System.Collections.IEnumerator i = userRoles.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String role = (System.String) i.Current;
+ if (ruleRoles.Contains(role))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /// <summary> Load rules.
+ ///
+ /// </summary>
+ /// <param name="f">the f
+ ///
+ /// </param>
+ /// <returns> the hash map
+ ///
+ /// </returns>
+ /// <throws> AccessControlException </throws>
+ /// <summary> the access control exception
+ /// </summary>
+ private System.Collections.IDictionary loadRules(System.IO.FileInfo f)
+ {
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.IDictionary map = new System.Collections.Hashtable();
+ System.IO.FileStream fis = null;
+ try
+ {
+ //UPGRADE_TODO: Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'"
+ fis = new System.IO.FileStream(f.FullName, System.IO.FileMode.Open,
System.IO.FileAccess.Read);
+ System.String line = "";
+ while ((line = ESAPI.validator().safeReadLine(fis, 500)) != null)
+ {
+ if (line.Length > 0 && line[0] != '#')
+ {
+ Rule rule = new Rule(this);
+ System.String[] parts = line.split("\\|");
+ // fix Windows paths
+ rule.path = parts[0].Trim().replaceAll("\\\\", "/");
+ rule.roles.Add(parts[1].Trim().ToLower());
+ System.String action = parts[2].Trim();
+ rule.allow = action.ToUpper().Equals("allow".ToUpper());
+ if (map.Contains(rule.path))
+ {
+ throw new AccessControlException("Access control failure", "Problem
in access control file. Duplicate rule " + rule);
+ }
+ map[rule.path] = rule;
+ }
+ }
+ return map;
+ }
+ catch (System.IO.IOException e)
+ {
+ throw new AccessControlException("Access control failure", "Failure
loading access control file " + f, e);
+ }
+ catch (ValidationException e1)
+ {
+ throw new AccessControlException("Access control failure", "Failure
loading access control file " + f, e1);
+ }
+ finally
+ {
+ try
+ {
+ if (fis != null)
+ {
+ fis.Close();
+ }
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Failure
closing access control file: " + f, e);
+ }
+ }
+ }
+
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to class 'Rule' to
access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ /// <summary> The Class Rule.</summary>
+ private class Rule
+ {
+ private void InitBlock(AccessController enclosingInstance)
+ {
+ this.enclosingInstance = enclosingInstance;
+ }
+ private AccessController enclosingInstance;
+ public AccessController Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+
+ /// <summary>The path. </summary>
+ protected internal System.String path = "";
+
+ /// <summary>The roles. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'"
+ protected internal SupportClass.SetSupport roles = new
SupportClass.HashSetSupport();
+
+ /// <summary>The allow. </summary>
+ protected internal bool allow = false;
+
+ /// <summary> Creates a new Rule object.</summary>
+ protected internal Rule(AccessController enclosingInstance)
+ {
+ InitBlock(enclosingInstance);
+ // to replace synthetic accessor method
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#toString()
+ */
+ public override System.String ToString()
+ {
+ return "URL:" + path + " | " + SupportClass.CollectionToString(roles)
+ " | " + (allow?"allow":"deny");
+ }
+ }
+ static AccessController()
+ {
+ resourceDirectory = ((SecurityConfiguration)
ESAPI.securityConfiguration()).ResourceDirectory;
+ logger = Logger.getLogger("ESAPI", "AccessController");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/AccessReferenceMap.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,188 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using AccessControlException =
org.owasp.esapi.errors.AccessControlException;
+using IRandomizer = org.owasp.esapi.interfaces.IRandomizer;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IAccessReferenceMap
interface. This
+ /// implementation generates random 6 character alphanumeric strings for
indirect
+ /// references. It is possible to use simple integers as indirect
references, but
+ /// the random string approach provides a certain level of protection
from CSRF
+ /// attacks, because an attacker would have difficulty guessing the
indirect
+ /// reference.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.w...@aspectsecurity.com)
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IAccessReferenceMap">
+ /// </seealso>
+ public class AccessReferenceMap :
org.owasp.esapi.interfaces.IAccessReferenceMap
+ {
+ private void InitBlock()
+ {
+ random = ESAPI.randomizer();
+ }
+
+ /// <summary>The itod. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ internal System.Collections.Hashtable itod = new
System.Collections.Hashtable();
+
+ /// <summary>The dtoi. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ internal System.Collections.Hashtable dtoi = new
System.Collections.Hashtable();
+
+ /// <summary>The random. </summary>
+ //UPGRADE_NOTE: The initialization of 'random' was moved to
method 'InitBlock'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal IRandomizer random;
+
+ /// <summary> This AccessReferenceMap implementation uses short random
strings to
+ /// create a layer of indirection. Other possible implementations would
use
+ /// simple integers as indirect references.
+ /// </summary>
+ public AccessReferenceMap()
+ {
+ InitBlock();
+ // call update to set up the references
+ }
+
+ /// <summary> Instantiates a new access reference map.
+ ///
+ /// </summary>
+ /// <param name="directReferences">the direct references
+ /// </param>
+ public AccessReferenceMap(SupportClass.SetSupport directReferences)
+ {
+ InitBlock();
+ update(directReferences);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IAccessReferenceMap#iterator()
+ */
+ public virtual System.Collections.IEnumerator iterator()
+ {
+ //UPGRADE_TODO: Class 'java.util.TreeSet' was converted
to 'SupportClass.TreeSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'"
+ //UPGRADE_TODO: Method 'java.util.HashMap.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'"
+ SupportClass.TreeSetSupport sorted = new
SupportClass.TreeSetSupport(new SupportClass.HashSetSupport(dtoi.Keys));
+ return sorted.GetEnumerator();
+ }
+
+ /// <summary> Adds a direct reference and a new random indirect
reference, overwriting any existing values.</summary>
+ /// <param name="direct">
+ /// </param>
+ public virtual void addDirectReference(System.String direct)
+ {
+ System.String indirect = random.getRandomString(6,
Encoder.CHAR_ALPHANUMERICS);
+ itod[indirect] = direct;
+ dtoi[direct] = indirect;
+ }
+
+
+ // FIXME: add addDirectRef and removeDirectRef to IAccessReferenceMap
+ // FIXME: add test code for add/remove direct ref
+
+ /// <summary> Remove a direct reference and the corresponding indirect
reference.</summary>
+ /// <param name="direct">
+ /// </param>
+ public virtual void removeDirectReference(System.String direct)
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.String indirect = (System.String) dtoi[direct];
+ if (indirect != null)
+ {
+ itod.Remove(indirect);
+ dtoi.Remove(direct);
+ }
+ }
+
+ /*
+ * This preserves any existing mappings for items that are still in the
new
+ * list. You could regenerate new indirect references every time, but that
+ * might mess up anything that previously used an indirect reference, such
+ * as a URL parameter.
+ */
+ /// <summary> Update.
+ ///
+ /// </summary>
+ /// <param name="directReferences">the direct references
+ /// </param>
+ public void update(SupportClass.SetSupport directReferences)
+ {
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.Hashtable dtoi_old = (System.Collections.Hashtable)
dtoi.Clone();
+ dtoi.Clear();
+ itod.Clear();
+
+ System.Collections.IEnumerator i = directReferences.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.Object direct = i.Current;
+
+ // get the old indirect reference
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.String indirect = (System.String) dtoi_old[direct];
+
+ // if the old reference is null, then create a new one that doesn't
+ // collide with any existing indirect references
+ if (indirect == null)
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'"
+ do
+ {
+ indirect = random.getRandomString(6, Encoder.CHAR_ALPHANUMERICS);
+ }
+ while (new SupportClass.HashSetSupport(itod.Keys).Contains(indirect));
+ }
+ itod[indirect] = direct;
+ dtoi[direct] = indirect;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessReferenceMap#getIndirectReference(java.lang.String)
+ */
+ public virtual System.String getIndirectReference(System.Object
directReference)
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ return (System.String) dtoi[directReference];
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessReferenceMap#getDirectReference(java.lang.String)
+ */
+ public virtual System.Object getDirectReference(System.String
indirectReference)
+ {
+ if (itod.ContainsKey(indirectReference))
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ return itod[indirectReference];
+ }
+ throw new AccessControlException("Access denied", "Request for invalid
indirect reference: " + indirectReference);
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Authenticator.cs Tue Jun 14 21:31:31
2011
@@ -0,0 +1,893 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using AuthenticationAccountsException =
org.owasp.esapi.errors.AuthenticationAccountsException;
+using AuthenticationCredentialsException =
org.owasp.esapi.errors.AuthenticationCredentialsException;
+using AuthenticationException =
org.owasp.esapi.errors.AuthenticationException;
+using AuthenticationLoginException =
org.owasp.esapi.errors.AuthenticationLoginException;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+using IRandomizer = org.owasp.esapi.interfaces.IRandomizer;
+using IUser = org.owasp.esapi.interfaces.IUser;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IAuthenticator interface.
This reference implementation is backed by a simple text
+ /// file that contains serialized information about users. Many
organizations will want to create their own
+ /// implementation of the methods provided in the IAuthenticator
interface backed by their own user repository. This
+ /// reference implementation captures information about users in a simple
text file format that contains user information
+ /// separated by the pipe "|" character. Here's an example of a single
line from the users.txt file:
+ ///
+ /// <PRE>
+ ///
+ /// account name | hashed password | roles | lockout | status | remember
token | old password hashes | last
+ /// hostname | last change | last login | last failed | expiration |
failed
+ ///
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /// mitch | 44k/NAzQUlrCq9musTGGkcMNmdzEGJ8w8qZTLzpxLuQ= | admin,user |
unlocked | enabled | token |
+ /// u10dW4vTo3ZkoM5xP+blayWCz7KdPKyKUojOn9GJobg= | 192.168.1.255 |
1187201000926 | 1187200991568 | 1187200605330 |
+ /// 2187200605330 | 1
+ ///
+ /// </PRE>
+ ///
+ /// </summary>
+ /// <author> <a
href="mailto:jeff.w...@aspectsecurity.com?subject=ESAPI question">Jeff
Williams</a> at <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IAuthenticator">
+ /// </seealso>
+ public class Authenticator : org.owasp.esapi.interfaces.IAuthenticator
+ {
+ virtual public System.Web.HttpRequest CurrentRequest
+ {
+ /*
+ * Returns the current HttpServletRequest.
+ *
+ * @see org.owasp.esapi.interfaces.IAuthenticator#getCurrentRequest()
+ */
+
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpRequest) currentRequest.get_Renamed();
+ }
+
+ }
+ virtual public System.Web.HttpResponse CurrentResponse
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpResponse) currentResponse.get_Renamed();
+ }
+
+ }
+ /// <summary> Gets the user from session.
+ ///
+ /// </summary>
+ /// <param name="request">the request
+ /// </param>
+ /// <returns> the user from session
+ /// </returns>
+ virtual public User UserFromSession
+ {
+ /*
+ * Get the current user from the session and set it as the current user.
(non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#setCurrentUser(javax.servlet.http.HttpServletRequest)
+ */
+
+ get
+ {
+ System.Web.SessionState.HttpSessionState session =
System.Web.HttpContext.Current.Session;
+ System.String userName = (System.String) session[USER];
+ if (userName != null)
+ {
+ User sessionUser = this.getUser(userName);
+ if (sessionUser != null)
+ {
+ return sessionUser;
+ }
+ }
+ return null;
+ }
+
+ }
+
+ /// <summary>The Constant USER. </summary>
+ protected internal const System.String USER = "ESAPIUserSessionKey";
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Authenticator'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary>The file that contains the user db </summary>
+ private System.IO.FileInfo userDB = null;
+
+ /// <summary>How frequently to check the user db for external
modifications </summary>
+ private long checkInterval = 60 * 1000;
+
+ /// <summary>The last modified time we saw on the user db. </summary>
+ private long lastModified = 0;
+
+ /// <summary>The last time we checked if the user db had been modified
externally </summary>
+ private long lastChecked = 0;
+
+ /// <summary> Fail safe main program to add or update an account in an
emergency.
+ /// <P>
+ /// Warning: this method does not perform the level of validation and
checks
+ /// generally required in ESAPI, and can therefore be used to create a
username and password that do not comply
+ /// with the username and password strength requirements.
+ /// <P>
+ /// Example: Use this to add the alice account with the admin role to
the users file:
+ /// <PRE>
+ ///
+ /// java -Dorg.owasp.esapi.resources="/path/resources" -classpath
esapi.jar org.owasp.esapi.Authenticator alice password admin
+ ///
+ /// </PRE>
+ ///
+ /// </summary>
+ /// <param name="args">the args
+ /// </param>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ [STAThread]
+ public static void Main(System.String[] args)
+ {
+ if (args.Length != 3)
+ {
+ System.Console.Out.WriteLine("Usage: Authenticator accountname
password role");
+ return ;
+ }
+ Authenticator auth = new Authenticator();
+ System.String accountName = args[0].ToLower();
+ System.String password = args[1];
+ System.String role = args[2];
+ User user = auth.getUser(args[0]);
+ if (user == null)
+ {
+ user = new User();
+ user.AccountName = accountName;
+ auth.userMap[accountName] = user;
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "New
user created: " + accountName);
+ }
+ System.String newHash = auth.hashPassword(password, accountName);
+ user.setHashedPassword(newHash);
+ user.addRole(role);
+ user.enable();
+ user.unlock();
+ auth.saveUsers();
+ System.Console.Out.WriteLine("User account " + user.AccountName + "
updated");
+ }
+
+ // FIXME: ENHANCE consider an impersonation feature
+
+ /// <summary>The anonymous user </summary>
+ // FIXME: AAA is this whole anonymous user concept right?
+ internal static User anonymous = new User("anonymous", "anonymous");
+
+ /// <summary>The user map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary userMap = new
System.Collections.Hashtable();
+
+
+ /*
+ * The currentUser ThreadLocal variable is used to make the currentUser
available to any call in any part of an
+ * application. Otherwise, each thread would have to pass the User object
through the calltree to any methods that
+ * need it. Because we want exceptions and log calls to contain user
data, that could be almost anywhere. Therefore,
+ * the ThreadLocal approach simplifies things greatly. <P> As a possible
extension, one could create a delegation
+ * framework by adding another ThreadLocal to hold the delegating user
identity.
+ */
+ private static ThreadLocalUser currentUser = new ThreadLocalUser();
+
+ //UPGRADE_ISSUE: Class 'java.lang.InheritableThreadLocal' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ private class ThreadLocalUser:InheritableThreadLocal
+ {
+ virtual public IUser User
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (IUser) base.get_Renamed();
+ }
+
+ set
+ {
+ // System.out.println( "SETTING Thread: " + Thread.currentThread()
+ " " + (getUser() != null ? getUser().getAccountName() : "null" ) + "
--> " + (newUser != null ? (newUser).getAccountName() : "null" ) );
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ base.set_Renamed(value);
+ }
+
+ }
+
+ //UPGRADE_NOTE: The equivalent of
method 'java.lang.ThreadLocal.initialValue' is not an override
method. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1143'"
+ public System.Object initialValue()
+ {
+ return org.owasp.esapi.Authenticator.anonymous;
+ }
+ }
+
+
+ /*
+ * The currentRequest ThreadLocal variable is used to make the
currentRequest available to any call in any part of an
+ * application. This enables API's for actions that require the request
to be much simpler. For example, the logout()
+ * method in the Authenticator class requires the currentRequest to get
the session in order to invalidate it.
+ */
+ private static ThreadLocalRequest currentRequest = new
ThreadLocalRequest();
+
+ //UPGRADE_ISSUE: Class 'java.lang.InheritableThreadLocal' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ private class ThreadLocalRequest:InheritableThreadLocal
+ {
+ virtual public System.Web.HttpRequest Request
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpRequest) base.get_Renamed();
+ }
+
+ }
+ virtual public System.Web.HttpRequest User
+ {
+ set
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ base.set_Renamed(value);
+ }
+
+ }
+
+ //UPGRADE_NOTE: The equivalent of
method 'java.lang.ThreadLocal.initialValue' is not an override
method. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1143'"
+ public System.Object initialValue()
+ {
+ return null;
+ }
+ }
+
+
+ /*
+ * The currentResponse ThreadLocal variable is used to make the
currentResponse available to any call in any part of an
+ * application. This enables API's for actions that require the response
to be much simpler. For example, the logout()
+ * method in the Authenticator class requires the currentResponse to kill
the JSESSIONID cookie.
+ */
+ private static ThreadLocalResponse currentResponse = new
ThreadLocalResponse();
+
+ //UPGRADE_ISSUE: Class 'java.lang.InheritableThreadLocal' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ private class ThreadLocalResponse:InheritableThreadLocal
+ {
+ virtual public System.Web.HttpResponse Response
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpResponse) base.get_Renamed();
+ }
+
+ }
+ virtual public System.Web.HttpResponse User
+ {
+ set
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ base.set_Renamed(value);
+ }
+
+ }
+
+ //UPGRADE_NOTE: The equivalent of
method 'java.lang.ThreadLocal.initialValue' is not an override
method. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1143'"
+ public System.Object initialValue()
+ {
+ return null;
+ }
+ }
+
+
+
+
+ public Authenticator()
+ {
+ }
+
+ /// <summary> Clears all threadlocal variables from the thread. This
should ONLY be called after
+ /// all possible ESAPI operations have concluded. If you clear too
early, many calls will
+ /// fail, including logging, which requires the user identity.
+ /// </summary>
+ public virtual void clearCurrent()
+ {
+ currentUser.User = null;
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentResponse.set_Renamed(null);
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentRequest.set_Renamed(null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#createAccount(java.lang.String,
java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'createUser'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual User createUser(System.String accountName, System.String
password1, System.String password2)
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ if (accountName == null)
+ {
+ throw new AuthenticationAccountsException("Account creation
failed", "Attempt to create user with null accountName");
+ }
+ if (userMap.Contains(accountName.ToLower()))
+ {
+ throw new AuthenticationAccountsException("Account creation
failed", "Duplicate user creation denied for " + accountName);
+ }
+ User user = new User(accountName, password1, password2);
+ userMap[accountName.ToLower()] = user;
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "New
user created: " + accountName);
+ saveUsers();
+ return user;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IAuthenticator#exists(java.lang.String)
+ */
+ public virtual bool exists(System.String accountName)
+ {
+ User user = getUser(accountName);
+ return user != null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#generateStrongPassword(int,
char[])
+ */
+ public virtual System.String generateStrongPassword()
+ {
+ return generateStrongPassword("");
+ }
+
+ private System.String generateStrongPassword(System.String oldPassword)
+ {
+ IRandomizer r = ESAPI.randomizer();
+ int letters = r.getRandomInteger(4, 6); // inclusive, exclusive
+ int digits = 7 - letters;
+ System.String passLetters = r.getRandomString(letters,
Encoder.CHAR_PASSWORD_LETTERS);
+ System.String passDigits = r.getRandomString(digits,
Encoder.CHAR_PASSWORD_DIGITS);
+ System.String passSpecial = r.getRandomString(1,
Encoder.CHAR_PASSWORD_SPECIALS);
+ System.String newPassword = passLetters + passSpecial + passDigits;
+ return newPassword;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#generateStrongPassword(int,
char[])
+ */
+ public virtual System.String generateStrongPassword(System.String
oldPassword, IUser user)
+ {
+ System.String newPassword = generateStrongPassword(oldPassword);
+ if (newPassword != null)
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Generated
strong password for " + user.AccountName);
+ return newPassword;
+ }
+
+ /*
+ * Returns the currently logged user as set by the setCurrentUser()
methods. Must not log in this method because the
+ * logger calls getCurrentUser() and this could cause a loop.
+ *
+ * @see org.owasp.esapi.interfaces.IAuthenticator#getCurrentUser()
+ */
+ public virtual User getCurrentUser()
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ User user = (User) currentUser.get_Renamed();
+ if (user == null)
+ user = anonymous;
+ return user;
+ }
+
+ /// <summary> Gets the user object with the matching account name or
null if there is no match.
+ ///
+ /// </summary>
+ /// <param name="accountName">the account name
+ /// </param>
+ /// <returns> the user, or null if not matched.
+ /// </returns>
+ //UPGRADE_NOTE: Synchronized keyword was removed from method 'getUser'.
Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual User getUser(System.String accountName)
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ User user = (User) userMap[accountName.ToLower()];
+ return user;
+ }
+ }
+
+ /// <summary> Gets the user names.
+ ///
+ /// </summary>
+ /// <returns> list of user account names
+ /// </returns>
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'getUserNames'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual SupportClass.SetSupport getUserNames()
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ //UPGRADE_TODO: Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'"
+ //UPGRADE_TODO: Method 'java.util.Map.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'"
+ return new SupportClass.HashSetSupport(new
SupportClass.HashSetSupport(userMap.Keys));
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#hashPassword(java.lang.String,
java.lang.String)
+ */
+ public virtual System.String hashPassword(System.String password,
System.String accountName)
+ {
+ System.String salt = accountName.ToLower();
+ return ESAPI.encryptor().hash(password, salt);
+ }
+
+ /// <summary> Load users.
+ ///
+ /// </summary>
+ /// <returns> the hash map
+ /// </returns>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ protected internal virtual void loadUsersIfNecessary()
+ {
+ if (userDB == null)
+ userDB = new System.IO.FileInfo(((SecurityConfiguration)
ESAPI.securityConfiguration()).ResourceDirectory.FullName + "\\"
+ "users.txt");
+
+ // We only check at most every checkInterval milliseconds
+ long now = (System.DateTime.Now.Ticks - 621355968000000000) / 10000;
+ if (now - lastChecked < checkInterval)
+ {
+ return ;
+ }
+ lastChecked = now;
+
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.io.File.lastModified' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ long lastModified = ((userDB.LastWriteTime.Ticks - 621355968000000000)
/ 10000);
+ if (this.lastModified == lastModified)
+ {
+ return ;
+ }
+ loadUsersImmediately();
+ }
+
+ protected internal virtual void loadUsersImmediately()
+ {
+ // file was touched so reload it
+ lock (this)
+ {
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Loading
users from " + userDB.FullName, null);
+
+ // FIXME: AAA Necessary?
+ // add the Anonymous user to the database
+ // map.put(anonymous.getAccountName(), anonymous);
+
+ System.IO.StreamReader reader = null;
+ try
+ {
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.Hashtable map = new System.Collections.Hashtable();
+ //UPGRADE_TODO: The differences in the expected value of parameters
for constructor 'java.io.BufferedReader.BufferedReader' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ //UPGRADE_WARNING: At least one expression was used more than once in
the target
code. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'"
+ //UPGRADE_TODO: Constructor 'java.io.FileReader.FileReader' was
converted to 'System.IO.StreamReader' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'"
+ reader = new System.IO.StreamReader(new
System.IO.StreamReader(userDB.FullName,
System.Text.Encoding.Default).BaseStream, new
System.IO.StreamReader(userDB.FullName,
System.Text.Encoding.Default).CurrentEncoding);
+ System.String line = null;
+ while ((line = reader.ReadLine()) != null)
+ {
+ if (line.Length > 0 && line[0] != '#')
+ {
+ User user = new User(line);
+ if (!user.AccountName.Equals("anonymous"))
+ {
+ if (map.ContainsKey(user.AccountName))
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
in user file. Skipping duplicate user: " + user, null);
+ }
+ map[user.AccountName] = user;
+ }
+ }
+ }
+ userMap = map;
+ this.lastModified = (System.DateTime.Now.Ticks - 621355968000000000)
/ 10000;
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "User
file reloaded: " + map.Count, null);
+ }
+ catch (System.Exception e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Failure
loading user file: " + userDB.FullName, e);
+ }
+ finally
+ {
+ try
+ {
+ if (reader != null)
+ {
+ reader.Close();
+ }
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Failure
closing user file: " + userDB.FullName, e);
+ }
+ }
+ }
+ }
+
+ /// <summary> Utility method to extract credentials and verify them.
+ ///
+ /// </summary>
+ /// <param name="request">
+ /// </param>
+ /// <param name="response">
+ /// </param>
+ /// <returns>
+ /// </returns>
+ /// <throws> AuthenticationException </throws>
+ /// <throws> </throws>
+ private User loginWithUsernameAndPassword(System.Web.HttpRequest
request, System.Web.HttpResponse response)
+ {
+
+ // FIXME: AAA the login servlet path should also be a configuration -
this
+ // should check (if loginrequest && parameters then do
+ // loginWithPassword)
+
+ //UPGRADE_TODO: Method 'javax.servlet.ServletRequest.getParameter' was
converted to 'System.Web.HttpRequest' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'"
+ System.String username =
request[ESAPI.securityConfiguration().UsernameParameterName];
+ //UPGRADE_TODO: Method 'javax.servlet.ServletRequest.getParameter' was
converted to 'System.Web.HttpRequest' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'"
+ System.String password =
request[ESAPI.securityConfiguration().PasswordParameterName];
+
+ // if a logged-in user is requesting to login, log them out first
+ User user = getCurrentUser();
+ if (user != null && !user.Anonymous)
+ {
+
logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "User
requested relogin. Performing logout then authentication");
+ user.logout();
+ }
+
+ // now authenticate with username and password
+ if (username == null || password == null)
+ {
+ if (username == null)
+ username = "unspecified user";
+ throw new AuthenticationCredentialsException("Authentication
failed", "Authentication failed for " + username + " because of null
username or password");
+ }
+ user = getUser(username);
+ if (user == null)
+ {
+ throw new AuthenticationCredentialsException("Authentication
failed", "Authentication failed because user " + username + " doesn't
exist");
+ }
+ user.loginWithPassword(password);
+ return user;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#removeUser(java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'removeUser'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual void removeUser(System.String accountName)
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ User user = getUser(accountName);
+ if (user == null)
+ {
+ throw new AuthenticationAccountsException("Remove user
failed", "Can't remove invalid accountName " + accountName);
+ }
+ userMap.Remove(accountName.ToLower());
+ saveUsers();
+ }
+ }
+
+ /// <summary> Saves the user database to the file system. In this
implementation you must call save to commit any changes to
+ /// the user file. Otherwise changes will be lost when the program ends.
+ ///
+ /// </summary>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'saveUsers'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ protected internal virtual void saveUsers()
+ {
+ lock (this)
+ {
+ System.IO.StreamWriter writer = null;
+ try
+ {
+ //UPGRADE_WARNING: At least one expression was used more than once in
the target
code. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'"
+ //UPGRADE_TODO: Constructor 'java.io.FileWriter.FileWriter' was
converted to 'System.IO.StreamWriter' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriterFileWriter_javaioFile'"
+ //UPGRADE_TODO: Class 'java.io.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriter'"
+ writer = new System.IO.StreamWriter(new
System.IO.StreamWriter(userDB.FullName, false,
System.Text.Encoding.Default).BaseStream, new
System.IO.StreamWriter(userDB.FullName, false,
System.Text.Encoding.Default).Encoding);
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'"
+ writer.WriteLine("# This is the user file associated with the ESAPI
library from http://www.owasp.org");
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'"
+ writer.WriteLine("# accountName | hashedPassword | roles | locked |
enabled | rememberToken | csrfToken | oldPasswordHashes |
lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime |
expirationTime | failedLoginCount");
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln'"
+ writer.WriteLine();
+ saveUsers(writer);
+ writer.Flush();
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "User
file written to disk");
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
saving user file " + userDB.FullName, e);
+ throw new AuthenticationException("Internal Error", "Problem saving
user file " + userDB.FullName, e);
+ }
+ finally
+ {
+ if (writer != null)
+ {
+ //UPGRADE_NOTE: Exceptions thrown by the equivalent in .NET of
method 'java.io.PrintWriter.close' may be
different. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1099'"
+ writer.Close();
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.io.File.lastModified' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ lastModified = ((userDB.LastWriteTime.Ticks - 621355968000000000) /
10000);
+ lastChecked = lastModified;
+ }
+ }
+ }
+ }
+
+ /// <summary> Save users.
+ ///
+ /// </summary>
+ /// <param name="writer">the writer
+ /// </param>
+ /// <throws> IOException </throws>
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'saveUsers'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ protected internal virtual void saveUsers(System.IO.StreamWriter writer)
+ {
+ lock (this)
+ {
+ System.Collections.IEnumerator i = getUserNames().GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String accountName = (System.String) i.Current;
+ User u = getUser(accountName);
+ if (u != null && !u.Anonymous)
+ {
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'"
+ writer.WriteLine(u.save());
+ }
+ else
+ {
+ new AuthenticationCredentialsException("Problem saving
user", "Skipping save of user " + accountName);
+ }
+ }
+ }
+ }
+
+ /// <summary> This method should be called for every HTTP request, to
login the current user either from the session of HTTP
+ /// request. This method will set the current user so that
getCurrentUser() will work properly. This method also
+ /// checks that the user's access is still enabled, unlocked, and
unexpired before allowing login. For convenience
+ /// this method also returns the current user.
+ ///
+ /// </summary>
+ /// <param name="request">the request
+ /// </param>
+ /// <param name="response">the response
+ /// </param>
+ /// <returns> the user
+ /// </returns>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ public virtual User login(System.Web.HttpRequest request,
System.Web.HttpResponse response)
+ {
+
+ if (request == null || response == null)
+ {
+ throw new AuthenticationCredentialsException("Invalid
request", "Request or response objects were null");
+ }
+ // save the current request and response in the threadlocal variables
+ setCurrentHTTP(request, response);
+
+ if (!ESAPI.httpUtilities().SecureChannel)
+ {
+ new AuthenticationCredentialsException("Session
exposed", "Authentication attempt made over non-SSL connection. Check
web.xml and server configuration");
+ }
+ User user = null;
+
+ // if there's a user in the session then use that
+ user = UserFromSession;
+
+ if (user != null)
+ {
+ user.setLastHostAddress(request.Params["HTTP_HOST"]);
+ user.setFirstRequest(false);
+ }
+ else
+ {
+ // try to verify credentials
+ user = loginWithUsernameAndPassword(request, response);
+ user.setFirstRequest(true);
+ }
+
+ // don't let anonymous user log in
+ if (user.Anonymous)
+ {
+ user.logout();
+ throw new AuthenticationLoginException("Login failed", "Anonymous user
cannot be set to current user");
+ }
+
+ // don't let disabled users log in
+ if (!user.Enabled)
+ {
+ user.logout();
+ System.DateTime tempAux = System.DateTime.Now;
+ //UPGRADE_NOTE: ref keyword was added to struct-type
parameters. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1303'"
+ user.setLastFailedLoginTime(ref tempAux);
+ throw new AuthenticationLoginException("Login failed", "Disabled user
cannot be set to current user: " + user.AccountName);
+ }
+
+ // don't let locked users log in
+ if (user.Locked)
+ {
+ user.logout();
+ System.DateTime tempAux2 = System.DateTime.Now;
+ //UPGRADE_NOTE: ref keyword was added to struct-type
parameters. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1303'"
+ user.setLastFailedLoginTime(ref tempAux2);
+ throw new AuthenticationLoginException("Login failed", "Locked user
cannot be set to current user: " + user.AccountName);
+ }
+
+ // don't let expired users log in
+ if (user.Expired)
+ {
+ user.logout();
+ System.DateTime tempAux3 = System.DateTime.Now;
+ //UPGRADE_NOTE: ref keyword was added to struct-type
parameters. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1303'"
+ user.setLastFailedLoginTime(ref tempAux3);
+ throw new AuthenticationLoginException("Login failed", "Expired user
cannot be set to current user: " + user.AccountName);
+ }
+
+ setCurrentUser(user);
+ return user;
+ }
+
+
+ /// <summary> Log out the current user.</summary>
+ public virtual void logout()
+ {
+ User user = getCurrentUser();
+ user.logout();
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#setCurrentUser(org.owasp.esapi.User)
+ */
+ public virtual void setCurrentUser(IUser user)
+ {
+ currentUser.User = user;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#setCurrentHTTP(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void setCurrentHTTP(System.Web.HttpRequest request,
System.Web.HttpResponse response)
+ {
+ if (request == null || response == null)
+ {
+ new AuthenticationCredentialsException("Invalid request or
response", "Request or response objects were null");
+ return ;
+ }
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentRequest.set_Renamed(request);
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentResponse.set_Renamed(response);
+ }
+
+
+
+ /*
+ * This implementation simply verifies that account names are at least 5
characters long. This helps to defeat a
+ * brute force attack, however the real strength comes from the name
length and complexity.
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#validateAccountNameStrength(java.lang.String)
+ */
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#verifyAccountNameStrength(java.lang.String)
+ */
+ public virtual void verifyAccountNameStrength(System.String context,
System.String newAccountName)
+ {
+ if (newAccountName == null)
+ {
+ throw new AuthenticationCredentialsException("Invalid account
name", "Attempt to create account with a null account name");
+ }
+ // FIXME: ENHANCE make the lengths configurable?
+ if (!ESAPI.validator().isValidDataFromBrowser(context, "AccountName",
newAccountName))
+ {
+ throw new AuthenticationCredentialsException("Invalid account
name", "New account name is not valid: " + newAccountName);
+ }
+ }
+
+ /*
+ * This implementation checks: - for any 3 character substrings of the
old password - for use of a length *
+ * character sets > 16 (where character sets are upper, lower, digit, and
special (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#validatePasswordStrength(java.lang.String)
+ */
+ public virtual void verifyPasswordStrength(System.String newPassword,
System.String oldPassword)
+ {
+ System.String oPassword = (oldPassword == null)?"":oldPassword;
+
+ // can't change to a password that contains any 3 character substring
of old password
+ int length = oPassword.Length;
+ for (int i = 0; i < length - 2; i++)
+ {
+ System.String sub = oPassword.Substring(i, (i + 3) - (i));
+ if (newPassword.IndexOf(sub) > - 1)
+ throw new AuthenticationCredentialsException("Invalid password", "New
password cannot contain pieces of old password");
+ }
+
+ // new password must have enough character sets and length
+ int charsets = 0;
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_LOWERS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_UPPERS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_DIGITS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_SPECIALS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ int strength = newPassword.Length * charsets;
+
+ System.Console.Out.WriteLine(" >>> PW: " + newPassword + "-->" +
strength);
+
+ if (strength < 16)
+ {
+ // FIXME: enhance - make password strength configurable
+ throw new AuthenticationCredentialsException("Invalid password", "New
password is not long and complex enough");
+ }
+ }
+ static Authenticator()
+ {
+ logger = Logger.getLogger("ESAPI", "Authenticator");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/ESAPI.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,255 @@
+/// <summary> </summary>
+using System;
+using IAccessController = org.owasp.esapi.interfaces.IAccessController;
+using IAuthenticator = org.owasp.esapi.interfaces.IAuthenticator;
+using IEncoder = org.owasp.esapi.interfaces.IEncoder;
+using IEncryptor = org.owasp.esapi.interfaces.IEncryptor;
+using IExecutor = org.owasp.esapi.interfaces.IExecutor;
+using IHTTPUtilities = org.owasp.esapi.interfaces.IHTTPUtilities;
+using IIntrusionDetector = org.owasp.esapi.interfaces.IIntrusionDetector;
+using IRandomizer = org.owasp.esapi.interfaces.IRandomizer;
+using ISecurityConfiguration =
org.owasp.esapi.interfaces.ISecurityConfiguration;
+using IValidator = org.owasp.esapi.interfaces.IValidator;
+namespace org.owasp.esapi
+{
+
+ /// <author> rdawes
+ ///
+ /// </author>
+ public class ESAPI
+ {
+ /// <param name="accessController">the accessController to set
+ /// </param>
+ public static IAccessController AccessController
+ {
+ set
+ {
+ ESAPI.accessController_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="authenticator">the authenticator to set
+ /// </param>
+ public static IAuthenticator Authenticator
+ {
+ set
+ {
+ ESAPI.authenticator_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="encoder">the encoder to set
+ /// </param>
+ public static IEncoder Encoder
+ {
+ set
+ {
+ ESAPI.encoder_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="encryptor">the encryptor to set
+ /// </param>
+ public static IEncryptor Encryptor
+ {
+ set
+ {
+ ESAPI.encryptor_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="executor">the executor to set
+ /// </param>
+ public static IExecutor Executor
+ {
+ set
+ {
+ ESAPI.executor_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="httpUtilities">the httpUtilities to set
+ /// </param>
+ public static IHTTPUtilities HttpUtilities
+ {
+ set
+ {
+ ESAPI.httpUtilities_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="intrusionDetector">the intrusionDetector to set
+ /// </param>
+ public static IIntrusionDetector IntrusionDetector
+ {
+ set
+ {
+ ESAPI.intrusionDetector_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="randomizer">the randomizer to set
+ /// </param>
+ public static IRandomizer Randomizer
+ {
+ set
+ {
+ ESAPI.randomizer_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="securityConfiguration">the securityConfiguration to set
+ /// </param>
+ public static ISecurityConfiguration SecurityConfiguration
+ {
+ set
+ {
+ ESAPI.securityConfiguration_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="validator">the validator to set
+ /// </param>
+ public static IValidator Validator
+ {
+ set
+ {
+ ESAPI.validator_Renamed_Field = value;
+ }
+
+ }
+
+ private static IAccessController accessController_Renamed_Field = null;
+
+ private static IAuthenticator authenticator_Renamed_Field = null;
+
+ private static IEncoder encoder_Renamed_Field = null;
+
+ private static IEncryptor encryptor_Renamed_Field = null;
+
+ private static IExecutor executor_Renamed_Field = null;
+
+ private static IHTTPUtilities httpUtilities_Renamed_Field = null;
+
+ private static IIntrusionDetector intrusionDetector_Renamed_Field = null;
+
+ // private static ILogger logger = null;
+
+ private static IRandomizer randomizer_Renamed_Field = null;
+
+ private static ISecurityConfiguration
securityConfiguration_Renamed_Field = null;
+
+ private static IValidator validator_Renamed_Field = null;
+
+ /// <summary> prevent instantiation of this class</summary>
+ private ESAPI()
+ {
+ }
+
+ /// <returns> the accessController
+ /// </returns>
+ public static IAccessController accessController()
+ {
+ if (ESAPI.accessController_Renamed_Field == null)
+ ESAPI.accessController_Renamed_Field = new AccessController();
+ return ESAPI.accessController_Renamed_Field;
+ }
+
+ /// <returns> the authenticator
+ /// </returns>
+ public static IAuthenticator authenticator()
+ {
+ if (ESAPI.authenticator_Renamed_Field == null)
+ ESAPI.authenticator_Renamed_Field = new Authenticator();
+ return ESAPI.authenticator_Renamed_Field;
+ }
+
+ /// <returns> the encoder
+ /// </returns>
+ public static IEncoder encoder()
+ {
+ if (ESAPI.encoder_Renamed_Field == null)
+ ESAPI.encoder_Renamed_Field = new Encoder();
+ return ESAPI.encoder_Renamed_Field;
+ }
+
+ /// <returns> the encryptor
+ /// </returns>
+ public static IEncryptor encryptor()
+ {
+ if (ESAPI.encryptor_Renamed_Field == null)
+ ESAPI.encryptor_Renamed_Field = new Encryptor();
+ return ESAPI.encryptor_Renamed_Field;
+ }
+
+ /// <returns> the executor
+ /// </returns>
+ public static IExecutor executor()
+ {
+ if (ESAPI.executor_Renamed_Field == null)
+ ESAPI.executor_Renamed_Field = new Executor();
+ return ESAPI.executor_Renamed_Field;
+ }
+
+ /// <returns> the httpUtilities
+ /// </returns>
+ public static IHTTPUtilities httpUtilities()
+ {
+ if (ESAPI.httpUtilities_Renamed_Field == null)
+ ESAPI.httpUtilities_Renamed_Field = new HTTPUtilities();
+ return ESAPI.httpUtilities_Renamed_Field;
+ }
+
+ /// <returns> the intrusionDetector
+ /// </returns>
+ public static IIntrusionDetector intrusionDetector()
+ {
+ if (ESAPI.intrusionDetector_Renamed_Field == null)
+ ESAPI.intrusionDetector_Renamed_Field = new IntrusionDetector();
+ return ESAPI.intrusionDetector_Renamed_Field;
+ }
+
+ // /**
+ // * @return the logger
+ // */
+ // public static ILogger getLogger() {
+ // if (ESAPI.logger == null)
+ // return Logger();
+ // return ESAPI.logger;
+ // }
+ //
+ // /**
+ // * @param logger the logger to set
+ // */
+ // public static void setLogger(ILogger logger) {
+ // ESAPI.logger = logger;
+ // }
+ //
+ /// <returns> the randomizer
+ /// </returns>
+ public static IRandomizer randomizer()
+ {
+ if (ESAPI.randomizer_Renamed_Field == null)
+ ESAPI.randomizer_Renamed_Field = new Randomizer();
+ return ESAPI.randomizer_Renamed_Field;
+ }
+
+ /// <returns> the securityConfiguration
+ /// </returns>
+ public static ISecurityConfiguration securityConfiguration()
+ {
+ if (ESAPI.securityConfiguration_Renamed_Field == null)
+ ESAPI.securityConfiguration_Renamed_Field = new
SecurityConfiguration();
+ return ESAPI.securityConfiguration_Renamed_Field;
+ }
+
+ /// <returns> the validator
+ /// </returns>
+ public static IValidator validator()
+ {
+ if (ESAPI.validator_Renamed_Field == null)
+ ESAPI.validator_Renamed_Field = new Validator();
+ return ESAPI.validator_Renamed_Field;
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Encoder.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,931 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EncodingException = org.owasp.esapi.errors.EncodingException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+//UPGRADE_TODO: The type 'sun.text.Normalizer' could not be found. If it
was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using Normalizer = sun.text.Normalizer;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IEncoder interface. This
implementation takes
+ /// a whitelist approach, encoding everything not specifically identified
in a
+ /// list of "immune" characters. Several methods follow the approach in
the <a
+ ///
href="http://www.microsoft.com/downloads/details.aspx?familyid=efb9c819-53ff-4f82-bfaf-e11625130c25&displaylang=en">Microsoft
+ /// AntiXSS Library</a>.
+ /// <p>
+ /// The canonicalization algorithm is complex, as it has to be able to
recognize
+ /// encoded characters that might affect downstream interpreters without
being
+ /// told what encodings are possible. The stream is read one character at
a time.
+ /// If an encoded character is encountered, it is canonicalized and
pushed back
+ /// onto the stream. If the next character is encoded, then a intrusion
exception
+ /// is thrown for the double-encoding which is assumed to be an attack.
This assumption is
+ /// a bit aggressive as some double-encoded characters may be sent by
ordinary users
+ /// through cut-and-paste.
+ /// <p>
+ /// If an encoded character is recognized, but does not parse properly,
the response is
+ /// to eat the character, stripping it from the input.
+ /// <p>
+ /// Currently the implementation supports:
+ /// <ul><li>HTML Entity Encoding (including
non-terminated)</li><li>Percent Encoding</li></ul>
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IEncoder">
+ /// </seealso>
+ public class Encoder : org.owasp.esapi.interfaces.IEncoder
+ {
+
+ /// <summary>Encoding types </summary>
+ public const int NO_ENCODING = 0;
+ public const int URL_ENCODING = 1;
+ public const int PERCENT_ENCODING = 2;
+ public const int ENTITY_ENCODING = 3;
+
+ /// <summary>The base64 encoder. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'base64Encoder '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_TODO: Class 'sun.misc.BASE64Encoder' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ //UPGRADE_TODO: Constructor 'sun.misc.BASE64Encoder.BASE64Encoder' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ private static readonly BASE64Encoder base64Encoder = new
BASE64Encoder();
+
+ /// <summary>The base64 decoder. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'base64Decoder '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_TODO: Class 'sun.misc.BASE64Decoder' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ //UPGRADE_TODO: Constructor 'sun.misc.BASE64Decoder.BASE64Decoder' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ private static readonly BASE64Decoder base64Decoder = new
BASE64Decoder();
+
+ /// <summary>The IMMUNE HTML. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_HTML'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_HTML = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE HTMLATTR. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_HTMLATTR'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_HTMLATTR = new
char[]{',', '.', '-', '_'};
+
+ /// <summary>The IMMUNE JAVASCRIPT. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_JAVASCRIPT'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_JAVASCRIPT = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE VBSCRIPT. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_VBSCRIPT'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_VBSCRIPT = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE XML. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_XML'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_XML = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE XMLATTR. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_XMLATTR'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_XMLATTR = new
char[]{',', '.', '-', '_'};
+
+ /// <summary>The IMMUNE XPATH. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_XPATH'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_XPATH = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary>The Constant CHAR_LOWERS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_LOWERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_LOWERS = new
char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
+
+ /// <summary>The Constant CHAR_UPPERS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_UPPERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_UPPERS = new
char[]{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'};
+
+ /// <summary>The Constant CHAR_DIGITS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_DIGITS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_DIGITS = new
char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};
+
+ /// <summary>The Constant CHAR_SPECIALS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_SPECIALS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_SPECIALS = new
char[]{'.', '-', '_', '!', '@', '$', '^', '*', '=', '~', '|', '+', '?'};
+
+ /// <summary>The Constant CHAR_LETTERS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_LETTERS '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'CHAR_LETTERS' was moved to
static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal static readonly char[] CHAR_LETTERS;
+
+ /// <summary>The Constant CHAR_ALPHANUMERICS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_ALPHANUMERICS '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'CHAR_ALPHANUMERICS' was moved to
static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal static readonly char[] CHAR_ALPHANUMERICS;
+
+ // FIXME: ENHANCE make all character sets configurable
+ /// <summary> Password character set, is alphanumerics (without l, i, I,
o, O, and 0)
+ /// selected specials like + (bad for URL encoding, | is like i and 1,
+ /// etc...)
+ /// </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_LOWERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_LOWERS = new
char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_UPPERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_UPPERS = new
char[]{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_DIGITS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_DIGITS = new
char[]{'2', '3', '4', '5', '6', '7', '8', '9'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_SPECIALS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_SPECIALS = new
char[]{'_', '.', '!', '@', '$', '*', '=', '-', '?'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_LETTERS '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'CHAR_PASSWORD_LETTERS' was moved
to static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal static readonly char[] CHAR_PASSWORD_LETTERS;
+
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private static System.Collections.Hashtable characterToEntityMap;
+
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private static System.Collections.Hashtable entityToCharacterMap;
+
+ public Encoder()
+ {
+ System.Array.Sort(Encoder.IMMUNE_HTML);
+ System.Array.Sort(Encoder.IMMUNE_HTMLATTR);
+ System.Array.Sort(Encoder.IMMUNE_JAVASCRIPT);
+ System.Array.Sort(Encoder.IMMUNE_VBSCRIPT);
+ System.Array.Sort(Encoder.IMMUNE_XML);
+ System.Array.Sort(Encoder.IMMUNE_XMLATTR);
+ System.Array.Sort(Encoder.IMMUNE_XPATH);
+ System.Array.Sort(Encoder.CHAR_LOWERS);
+ System.Array.Sort(Encoder.CHAR_UPPERS);
+ System.Array.Sort(Encoder.CHAR_DIGITS);
+ System.Array.Sort(Encoder.CHAR_SPECIALS);
+ System.Array.Sort(Encoder.CHAR_LETTERS);
+ System.Array.Sort(Encoder.CHAR_ALPHANUMERICS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_LOWERS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_UPPERS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_DIGITS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_SPECIALS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_LETTERS);
+ initializeMaps();
+ }
+
+ /// <summary> Simplifies percent-encoded and entity-encoded characters
to their
+ /// simplest form so that they can be properly validated. Attackers
+ /// frequently use encoding schemes to disguise their attacks and bypass
+ /// validation routines.
+ ///
+ /// Handling multiple encoding schemes simultaneously is difficult, and
+ /// requires some special consideration. In particular, the problem of
+ /// double-encoding is difficult for parsers, and combining several
encoding
+ /// schemes in double-encoding makes it even harder. Consider decoding
+ ///
+ /// <PRE>
+ /// &lt;
+ /// </PRE>
+ ///
+ /// or
+ ///
+ /// <PRE>
+ /// %26lt;
+ /// </PRE>
+ ///
+ /// or
+ ///
+ /// <PRE>
+ /// &lt;
+ /// </PRE>.
+ ///
+ /// This implementation disallows ALL double-encoded characters and
throws an
+ /// IntrusionException when they are detected. Also, named entities that
are
+ /// not known are simply removed.
+ ///
+ /// Note that most data from the browser is likely to be encoded with URL
+ /// encoding (FIXME: RFC). The web server will decode the URL and form
data
+ /// once, so most encoded data received in the application must have been
+ /// double-encoded by the attacker. However, some HTTP inputs are not
decoded
+ /// by the browser, so this routine allows a single level of decoding.
+ ///
+ /// </summary>
+ /// <throws> IntrusionException </throws>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IValidator.canonicalize(java.lang.String)">
+ /// </seealso>
+ public virtual System.String canonicalize(System.String input)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ EncodedStringReader reader = new EncodedStringReader(this, input);
+ while (reader.hasNext())
+ {
+ EncodedCharacter c = reader.NextCharacter;
+ if (c != null)
+ {
+ sb.Append(c.Unencoded);
+ }
+ }
+ return sb.ToString();
+ }
+
+ /// <summary> Normalizes special characters down to ASCII using the
Normalizer built
+ /// into Java.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IValidator.normalize(java.lang.String)">
+ /// </seealso>
+ public virtual System.String normalize(System.String input)
+ {
+ // Split any special characters into two parts, the base character and
+ // the modifier
+
+ System.String separated = Normalizer.normalize(input,
Normalizer.DECOMP, 0); // Java 1.4
+ // String separated = Normalizer.normalize(input, Form.NFD); // Java
1.6
+
+ // remove any character that is not ASCII
+ return separated.replaceAll("[^\\p{ASCII}]", "");
+ }
+
+ /// <summary> Checks if the character is contained in the provided array
of characters.
+ ///
+ /// </summary>
+ /// <param name="array">the array
+ /// </param>
+ /// <param name="element">the element
+ /// </param>
+ /// <returns> true, if is contained
+ /// </returns>
+ private bool isContained(char[] array, char element)
+ {
+ for (int i = 0; i < array.Length; i++)
+ {
+ if (element == array[i])
+ return true;
+ }
+ return false;
+
+ // FIXME: ENHANCE Performance enhancement here but character arrays must
+ // be sorted, which they're currently not.
+ // return( Arrays.binarySearch(array, element) >= 0 );
+ }
+
+ /// <summary> HTML Entity encode utility method. To avoid
double-encoding, this method
+ /// logs a warning if HTML entity encoded characters are passed in as
input.
+ /// Double-encoded characters in the input cause an exception to be
thrown.
+ ///
+ /// </summary>
+ /// <param name="input">the input
+ /// </param>
+ /// <param name="immune">the immune
+ /// </param>
+ /// <param name="base">the base
+ /// </param>
+ /// <returns> the string
+ /// </returns>
+ private System.String entityEncode(System.String input, char[]
base_Renamed, char[] immune)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ EncodedStringReader reader = new EncodedStringReader(this, input);
+ while (reader.hasNext())
+ {
+ EncodedCharacter c = reader.NextCharacter;
+ if (c != null)
+ {
+ if (isContained(base_Renamed, c.Unencoded) || isContained(immune,
c.Unencoded))
+ {
+ sb.Append(c.Unencoded);
+ }
+ else
+ {
+ sb.Append(c.getEncoded(ENTITY_ENCODING));
+ }
+ }
+ }
+ return sb.ToString();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForHTML(java.lang.String)
+ */
+ public virtual System.String encodeForHTML(System.String input)
+ {
+ // FIXME: ENHANCE - should this just strip out nonprintables? Why send
+ //  to the browser?
+ // FIXME: Enhance - Add a configuration for masking **** out SSN and
credit
+ // card
+
+ System.String encoded = entityEncode(input, Encoder.CHAR_ALPHANUMERICS,
IMMUNE_HTML);
+ encoded = encoded.replaceAll("\r", "<BR>");
+ encoded = encoded.replaceAll("\n", "<BR>");
+ return encoded;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForHTMLAttribute(java.lang.String)
+ */
+ public virtual System.String encodeForHTMLAttribute(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_HTMLATTR);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForJavaScript(java.lang.String)
+ */
+ public virtual System.String encodeForJavascript(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS,
Encoder.IMMUNE_JAVASCRIPT);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForVisualBasicScript(java.lang.String)
+ */
+ public virtual System.String encodeForVBScript(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_VBSCRIPT);
+ }
+
+ /// <summary> This method is not recommended. The use PreparedStatement
is the normal
+ /// and preferred approach. However, if for some reason this is
impossible,
+ /// then this method is provided as a weaker alternative. The best
approach
+ /// is to make sure any single-quotes are double-quoted. Another possible
+ /// approach is to use the {escape} syntax described in the JDBC
+ /// specification in section 1.5.6 (see
+ ///
http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html).
+ /// However, this syntax does not work with all drivers, and requires
+ /// modification of all queries.
+ ///
+ /// </summary>
+ /// <param name="input">the input
+ /// </param>
+ /// <returns> the string
+ /// </returns>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IEncoder.encodeForSQL(java.lang.String)">
+ /// </seealso>
+ public virtual System.String encodeForSQL(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+ return canonical.replaceAll("'", "''");
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForLDAP(java.lang.String)
+ */
+ public virtual System.String encodeForLDAP(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+
+ // FIXME: ENHANCE this is a negative list -- make positive?
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ for (int i = 0; i < canonical.Length; i++)
+ {
+ char c = canonical[i];
+ switch (c)
+ {
+
+ case '\\':
+ sb.Append("\\5c");
+ break;
+
+ case '*':
+ sb.Append("\\2a");
+ break;
+
+ case '(':
+ sb.Append("\\28");
+ break;
+
+ case ')':
+ sb.Append("\\29");
+ break;
+
+ case '\u0000':
+ sb.Append("\\00");
+ break;
+
+ default:
+ sb.Append(c);
+ break;
+
+ }
+ }
+ return sb.ToString();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForDN(java.lang.String)
+ */
+ public virtual System.String encodeForDN(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ if ((canonical.Length > 0) && ((canonical[0] == ' ') || (canonical[0]
== '#')))
+ {
+ sb.Append('\\'); // add the leading backslash if needed
+ }
+ for (int i = 0; i < canonical.Length; i++)
+ {
+ char c = canonical[i];
+ switch (c)
+ {
+
+ case '\\':
+ sb.Append("\\\\");
+ break;
+
+ case ',':
+ sb.Append("\\,");
+ break;
+
+ case '+':
+ sb.Append("\\+");
+ break;
+
+ case '"':
+ sb.Append("\\\"");
+ break;
+
+ case '<':
+ sb.Append("\\<");
+ break;
+
+ case '>':
+ sb.Append("\\>");
+ break;
+
+ case ';':
+ sb.Append("\\;");
+ break;
+
+ default:
+ sb.Append(c);
+ break;
+
+ }
+ }
+ // add the trailing backslash if needed
+ if ((canonical.Length > 1) && (canonical[input.Length - 1] == ' '))
+ {
+ sb.Insert(sb.Length - 1, '\\');
+ }
+ return sb.ToString();
+ }
+
+ /// <summary> This implementation encodes almost everything and may
overencode. The
+ /// difficulty is that XPath has no built in mechanism for escaping
+ /// characters. It is possible to use XQuery in a parameterized way to
+ /// prevent injection. For more information, refer to <a
+ ///
href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
+ /// article</a> which specifies the following list of characters as the
most
+ /// dangerous: ^&"*';<>(). <a
+ ///
href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
+ /// paper</a> suggests disallowing ' and " in queries.
+ ///
+ /// </summary>
+ /// <param name="input">the input
+ /// </param>
+ /// <returns> the string
+ /// </returns>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IEncoder.encodeForXPath(java.lang.String)">
+ /// </seealso>
+ public virtual System.String encodeForXPath(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_XPATH);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForXML(java.lang.String)
+ */
+ public virtual System.String encodeForXML(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_XML);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForXMLAttribute(java.lang.String)
+ */
+ public virtual System.String encodeForXMLAttribute(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_XMLATTR);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForURL(java.lang.String)
+ */
+ public virtual System.String encodeForURL(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+
+ try
+ {
+ return URLEncoder.encode(canonical,
ESAPI.securityConfiguration().CharacterEncoding);
+ }
+ catch (System.IO.IOException ex)
+ {
+ throw new EncodingException("Encoding failure", "Encoding not
supported", ex);
+ }
+ catch (System.Exception e)
+ {
+ throw new EncodingException("Encoding failure", "Problem URL decoding
input", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#decodeFromURL(java.lang.String)
+ */
+ public virtual System.String decodeFromURL(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+ try
+ {
+ return URLDecoder.decode(canonical,
ESAPI.securityConfiguration().CharacterEncoding);
+ }
+ catch (System.IO.IOException ex)
+ {
+ throw new EncodingException("Decoding failed", "Encoding not
supported", ex);
+ }
+ catch (System.Exception e)
+ {
+ throw new EncodingException("Decoding failed", "Problem URL decoding
input", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForBase64(byte[])
+ */
+ public virtual System.String encodeForBase64(sbyte[] input, bool wrap)
+ {
+ //UPGRADE_TODO: Method 'sun.misc.CharacterEncoder.encode' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ System.String b64 = base64Encoder.encode(input);
+ // remove line-feeds and carriage-returns inserted in output
+ if (!wrap)
+ {
+ b64 = b64.replaceAll("\r", "").replaceAll("\n", "");
+ }
+ return b64;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#decodeFromBase64(java.lang.String)
+ */
+ public virtual sbyte[] decodeFromBase64(System.String input)
+ {
+ //UPGRADE_TODO: Method 'sun.misc.CharacterDecoder.decodeBuffer' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ return base64Decoder.decodeBuffer(input);
+ }
+
+ // FIXME: ENHANCE - change formatting here to more like -- "quot", "34",
//
+ // quotation mark
+ private void initializeMaps()
+ {
+ System.String[] entityNames = new
System.String[]{"quot", "amp", "lt", "gt", "nbsp", "iexcl", "cent", "pound", "curren", "yen", "brvbar", "sect", "uml", "copy", "ordf", "laquo", "not", "shy", "reg", "macr", "deg", "plusmn", "sup2", "sup3", "acute", "micro", "para", "middot", "cedil", "sup1", "ordm", "raquo", "frac14", "frac12", "frac34", "iquest", "Agrave", "Aacute", "Acirc", "Atilde", "Auml", "Aring", "AElig", "Ccedil", "Egrave", "Eacute", "Ecirc", "Euml", "Igrave", "Iacute", "Icirc", "Iuml", "ETH", "Ntilde", "Ograve", "Oacute", "Ocirc", "Otilde", "Ouml", "times", "Oslash", "Ugrave", "Uacute", "Ucirc", "Uuml", "Yacute", "THORN", "szlig", "agrave", "aacute", "acirc", "atilde", "auml", "aring", "aelig", "ccedil", "egrave", "eacute", "ecirc", "euml", "igrave", "iacute", "icirc", "iuml", "eth", "ntilde", "ograve", "oacute", "ocirc", "otilde", "ouml", "divide", "oslash", "ugrave", "uacute", "ucirc", "uuml", "yacute", "thorn", "yuml", "OElig", "oelig", "Scaron", "scaron", "Yuml", "fnof", "circ", "tilde", "Alpha", "Beta", "Gamma", "Delta", "Epsilon", "Zeta", "Eta", "Theta", "Iota", "Kappa", "Lambda", "Mu", "Nu", "Xi", "Omicron", "Pi", "Rho", "Sigma", "Tau", "Upsilon", "Phi", "Chi", "Psi", "Omega", "alpha", "beta", "gamma", "delta", "epsilon", "zeta", "eta", "theta", "iota", "kappa", "lambda", "mu", "nu", "xi", "omicron", "pi", "rho", "sigmaf", "sigma", "tau", "upsilon", "phi", "chi", "psi", "omega", "thetasym", "upsih", "piv", "ensp", "emsp", "thinsp", "zwnj", "zwj", "lrm", "rlm", "ndash", "mdash", "lsquo", "rsquo", "sbquo", "ldquo", "rdquo", "bdquo", "dagger", "Dagger", "bull", "hellip", "permil", "prime", "Prime", "lsaquo", "rsaquo", "oline", "frasl", "euro", "image", "weierp", "real", "trade", "alefsym", "larr", "uarr", "rarr", "darr", "harr", "crarr", "lArr", "uArr", "rArr", "dArr", "hArr", "forall", "part", "exist", "empty", "nabla", "isin", "notin", "ni", "prod", "sum", "minus", "lowast", "radic", "prop", "infin", "ang", "and", "or", "cap", "cup", "int", "there4", "sim", "cong", "asymp", "ne",
+
"equiv", "le", "ge", "sub", "sup", "nsub", "sube", "supe", "oplus", "otimes", "perp", "sdot", "lceil", "rceil", "lfloor", "rfloor", "lang", "rang", "loz", "spades", "clubs", "hearts", "diams"};
+
+ char[] entityValues = new char[]{(char) (34), (char) (38), (char) (60),
(char) (62), (char) (160), (char) (161), (char) (162), (char) (163), (char)
(164), (char) (165), (char) (166), (char) (167), (char) (168), (char)
(169), (char) (170), (char) (171), (char) (172), (char) (173), (char)
(174), (char) (175), (char) (176), (char) (177), (char) (178), (char)
(179), (char) (180), (char) (181), (char) (182), (char) (183), (char)
(184), (char) (185), (char) (186), (char) (187), (char) (188), (char)
(189), (char) (190), (char) (191), (char) (192), (char) (193), (char)
(194), (char) (195), (char) (196), (char) (197), (char) (198), (char)
(199), (char) (200), (char) (201), (char) (202), (char) (203), (char)
(204), (char) (205), (char) (206), (char) (207), (char) (208), (char)
(209), (char) (210), (char) (211), (char) (212), (char) (213), (char)
(214), (char) (215), (char) (216), (char) (217), (char) (218), (char)
(219), (char) (220), (char) (221), (char) (222), (char) (223), (char)
(224), (char) (225), (char) (226), (char) (227), (char) (228), (char)
(229), (char) (230), (char) (231), (char) (232), (char) (233), (char)
(234), (char) (235), (char) (236), (char) (237), (char) (238), (char)
(239), (char) (240), (char) (241), (char) (242), (char) (243), (char)
(244), (char) (245), (char) (246), (char) (247), (char) (248), (char)
(249), (char) (250), (char) (251), (char) (252), (char) (253), (char)
(254), (char) (255), (char) (338), (char) (339), (char) (352), (char)
(353), (char) (376), (char) (402), (char) (710), (char) (732), (char)
(913), (char) (914), (char) (915), (char) (916), (char) (917), (char)
(918), (char) (919), (char) (920), (char) (921), (char) (922), (char)
(923), (char) (924), (char) (925), (char) (926), (char) (927), (char)
(928), (char) (929), (char) (931), (char) (932), (char) (933), (char)
(934), (char) (935), (char) (936), (char) (937), (char) (945), (char)
(946), (char) (947), (char) (948), (char) (949), (char) (950), (char)
(951), (char) (952), (char) (953), (char) (954), (char) (955),
+ (char) (956), (char) (957), (char) (958), (char) (959), (char) (960),
(char) (961), (char) (962), (char) (963), (char) (964), (char) (965),
(char) (966), (char) (967), (char) (968), (char) (969), (char) (977),
(char) (978), (char) (982), (char) (8194), (char) (8195), (char) (8201),
(char) (8204), (char) (8205), (char) (8206), (char) (8207), (char) (8211),
(char) (8212), (char) (8216), (char) (8217), (char) (8218), (char) (8220),
(char) (8221), (char) (8222), (char) (8224), (char) (8225), (char) (8226),
(char) (8230), (char) (8240), (char) (8242), (char) (8243), (char) (8249),
(char) (8250), (char) (8254), (char) (8260), (char) (8364), (char) (8465),
(char) (8472), (char) (8476), (char) (8482), (char) (8501), (char) (8592),
(char) (8593), (char) (8594), (char) (8595), (char) (8596), (char) (8629),
(char) (8656), (char) (8657), (char) (8658), (char) (8659), (char) (8660),
(char) (8704), (char) (8706), (char) (8707), (char) (8709), (char) (8711),
(char) (8712), (char) (8713), (char) (8715), (char) (8719), (char) (8721),
(char) (8722), (char) (8727), (char) (8730), (char) (8733), (char) (8734),
(char) (8736), (char) (8743), (char) (8744), (char) (8745), (char) (8746),
(char) (8747), (char) (8756), (char) (8764), (char) (8773), (char) (8776),
(char) (8800), (char) (8801), (char) (8804), (char) (8805), (char) (8834),
(char) (8835), (char) (8836), (char) (8838), (char) (8839), (char) (8853),
(char) (8855), (char) (8869), (char) (8901), (char) (8968), (char) (8969),
(char) (8970), (char) (8971), (char) (9001), (char) (9002), (char) (9674),
(char) (9824), (char) (9827), (char) (9829), (char) (9830)};
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ characterToEntityMap = new
System.Collections.Hashtable(entityNames.Length);
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ entityToCharacterMap = new
System.Collections.Hashtable(entityValues.Length);
+ for (int i = 0; i < entityNames.Length; i++)
+ {
+ System.String e = entityNames[i];
+ System.Char c = entityValues[i];
+ entityToCharacterMap[e] = c;
+ characterToEntityMap[c] = e;
+ }
+ }
+
+ [STAThread]
+ public static void Main(System.String[] args)
+ {
+ // Encoder encoder = new Encoder();
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test <>
+ // test") ); } catch( Exception e1 ) { System.out.println(" !" +
+ // e1.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test %41 %42
+ // test") ); } catch( Exception e2 ) { System.out.println(" !" +
+ // e2.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test %26%42
+ // test") ); } catch( Exception e2 ) { System.out.println(" !" +
+ // e2.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test %26amp;
+ // test") ); } catch( Exception e3 ) { System.out.println(" !" +
+ // e3.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test &
+ // test") ); } catch( Exception e4 ) { System.out.println(" !" +
+ // e4.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test
+ // &amp; test") ); } catch( Exception e5 ) { System.out.println(" !"
+ // + e5.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test &#ridi;
+ // test") ); } catch( Exception e6 ) { e6.printStackTrace() ; }
+ //try {
+ // System.out.println(">>" + encoder.encodeForHTML("test
 test"));
+ //} catch (Exception e7) {
+ // System.out.println(" !" + e7.getMessage());
+ //}
+ }
+
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to
class 'EncodedStringReader' to access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ private class EncodedStringReader
+ {
+ private void InitBlock(Encoder enclosingInstance)
+ {
+ this.enclosingInstance = enclosingInstance;
+ }
+ private Encoder enclosingInstance;
+ virtual public EncodedCharacter NextCharacter
+ {
+ get
+ {
+
+ // get the current character and move past it
+ testCharacter = nextCharacter;
+ EncodedCharacter c = null;
+ c = peekNextCharacter(input[nextCharacter]);
+ // System.out.println( nextCharacter + ":" + (int)c.getUnencoded() +
+ // " -> " + testCharacter );
+ nextCharacter = testCharacter;
+ if (c == null)
+ return null;
+
+ // if the current character is encoded, check for double-encoded
+ // characters
+ if (c.isEncoded())
+ {
+ testCharacter--;
+ EncodedCharacter next = peekNextCharacter(c.Unencoded);
+ if (next != null)
+ {
+ if (next.isEncoded())
+ {
+ throw new IntrusionException("Validation error", "Input contains
double encoded characters.");
+ }
+ else
+ {
+ // System.out.println("Not double-encoded");
+ }
+ }
+ }
+ return c;
+ }
+
+ }
+ public Encoder Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+
+ internal System.String input = null;
+ internal int nextCharacter = 0;
+ internal int testCharacter = 0;
+
+ public EncodedStringReader(Encoder enclosingInstance, System.String
input)
+ {
+ InitBlock(enclosingInstance);
+ // System.out.println( "***" + input );
+ if (input == null)
+ {
+ this.input = "";
+ }
+ else
+ {
+ this.input = input;
+ }
+ }
+
+ public virtual bool hasNext()
+ {
+ return nextCharacter < input.Length;
+ }
+
+ private EncodedCharacter peekNextCharacter(char currentCharacter)
+ {
+ // if we're on the last character
+ if (testCharacter == input.Length - 1)
+ {
+ testCharacter++;
+ return new EncodedCharacter(enclosingInstance, currentCharacter);
+ }
+ else if (currentCharacter == '&')
+ {
+ // if parsing an entity returns null - then we should skip it by
+ // returning null here
+ EncodedCharacter encoded = parseEntity(input, testCharacter);
+ return encoded;
+ }
+ else if (currentCharacter == '%')
+ {
+ // if parsing a % encoded character returns null, then just
+ // return the % and keep going
+ EncodedCharacter encoded = parsePercent(input, testCharacter);
+ if (encoded != null)
+ {
+ return encoded;
+ }
+ // FIXME: AAA add UTF-7 decoding
+ // FIXME: others?
+ }
+ testCharacter++;
+ return new EncodedCharacter(enclosingInstance, currentCharacter);
+ }
+
+ // return a character or null if no good character can be parsed.
+ public virtual EncodedCharacter parsePercent(System.String s, int
startIndex)
+ {
+ // FIXME: AAA check if these can be longer than 2 characters?
+ // consume as many as possible?
+ System.String possible = s.Substring(startIndex + 1, (startIndex + 3)
- (startIndex + 1));
+ try
+ {
+ //UPGRADE_TODO: Method 'java.lang.Integer.parseInt' was converted
to 'System.Convert.ToInt32' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'"
+ int c = System.Convert.ToInt32(possible, 16);
+ testCharacter += 3;
+ return new EncodedCharacter(enclosingInstance, "%" + possible, (char)
c, org.owasp.esapi.Encoder.PERCENT_ENCODING);
+ }
+ catch (System.FormatException e)
+ {
+ // System.out.println("Found % but there was no encoded character
following it");
+ return null;
+ }
+ }
+
+ /// <summary> Return a character or null if no good character can be
parsed. Badly
+ /// formed characters that simply can't be parsed are dropped, such as
+ /// &#ridi; for which there is no reasonable translation. Characters
that
+ /// aren't terminated by a semicolon are also dropped. Note that this is
+ /// legal html
+ ///
+ /// <PRE>
+ /// <body onload="&#x61ler&#116('xss body')">
+ /// </PRE>
+ /// </summary>
+ public virtual EncodedCharacter parseEntity(System.String s, int
startIndex)
+ {
+ // FIXME: AAA - figure out how to handle non-semicolon terminated
+ // characters
+ //UPGRADE_WARNING: Method 'java.lang.String.indexOf' was converted
to 'System.String.IndexOf' which may throw an
exception. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1101'"
+ int semiIndex = input.IndexOf(";", startIndex + 1);
+ if (semiIndex != - 1)
+ {
+ if (semiIndex - startIndex <= 8)
+ {
+ System.String possible = input.Substring(startIndex + 1, (semiIndex)
- (startIndex + 1)).ToLower();
+ // System.out.println( " " + possible + " -> " +
+ // testCharacter );
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.Char entity = (System.Char)
org.owasp.esapi.Encoder.entityToCharacterMap[possible];
+ //UPGRADE_TODO: The 'System.Char' structure does not have an
equivalent to
NULL. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1291'"
+ if (entity != null)
+ {
+ testCharacter += possible.Length + 2;
+ return new EncodedCharacter(enclosingInstance, "&" + possible
+ ";", entity, org.owasp.esapi.Encoder.ENTITY_ENCODING);
+ }
+ else if (possible[0] == '#')
+ {
+ // advance past this either way
+ testCharacter += possible.Length + 2;
+ try
+ {
+ // FIXME: Enhance - consider supporting #x encoding
+ int c = System.Int32.Parse(possible.Substring(1));
+ return new EncodedCharacter(enclosingInstance, "&#" + (char) c
+ ";", (char) c, org.owasp.esapi.Encoder.ENTITY_ENCODING);
+ }
+ catch (System.FormatException e)
+ {
+ // invalid character - return null
+
org.owasp.esapi.Encoder.logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Invalid
numeric entity encoding &" + possible + ";");
+ }
+ }
+ }
+ }
+ // System.out.println("Found & but there was no entity following it");
+ testCharacter++;
+ return new EncodedCharacter(enclosingInstance, "&", '&',
org.owasp.esapi.Encoder.NO_ENCODING);
+ }
+ }
+
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to
class 'EncodedCharacter' to access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ //UPGRADE_NOTE: The access modifier for this class or class field has
been changed in order to prevent compilation errors due to the visibility
level. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1296'"
+ public class EncodedCharacter
+ {
+ private void InitBlock(Encoder enclosingInstance)
+ {
+ this.enclosingInstance = enclosingInstance;
+ }
+ private Encoder enclosingInstance;
+ virtual public char Unencoded
+ {
+ get
+ {
+ return character;
+ }
+
+ }
+ public Encoder Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+
+ internal System.String raw = ""; // the core of the encoded
representation (without
+ // the prefix or suffix)
+ internal char character = (char) (0);
+ internal int originalEncoding;
+
+ public EncodedCharacter(Encoder enclosingInstance, char character)
+ {
+ InitBlock(enclosingInstance);
+ this.raw = "" + character;
+ this.character = character;
+ }
+
+ public virtual bool isEncoded()
+ {
+ return (raw.Length != 1);
+ }
+
+ public EncodedCharacter(Encoder enclosingInstance, System.String raw,
char character, int originalEncoding)
+ {
+ InitBlock(enclosingInstance);
+ this.raw = raw;
+ this.character = character;
+ this.originalEncoding = originalEncoding;
+ }
+
+ public virtual System.String getEncoded(int encoding)
+ {
+ switch (encoding)
+ {
+
+ case Encoder.NO_ENCODING:
+ return "" + character;
+
+ case Encoder.URL_ENCODING:
+ // FIXME: look up rules
+ if (System.Char.IsWhiteSpace(character))
+ return "+";
+ if (System.Char.IsLetterOrDigit(character))
+ return "" + character;
+ return "%" + (int) character;
+
+ case Encoder.PERCENT_ENCODING:
+ return "%" + (int) character;
+
+ case Encoder.ENTITY_ENCODING:
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.String entityName = (System.String)
org.owasp.esapi.Encoder.characterToEntityMap[character];
+ if (entityName != null)
+ return "&" + entityName + ";";
+ return "&#" + (int) character + ";";
+
+ default:
+ return null;
+
+ }
+ }
+ }
+ static Encoder()
+ {
+ logger = Logger.getLogger("ESAPI", "Encoder");
+ CHAR_LETTERS = Randomizer.union(CHAR_LOWERS, CHAR_UPPERS);
+ CHAR_ALPHANUMERICS = Randomizer.union(CHAR_LETTERS, CHAR_DIGITS);
+ CHAR_PASSWORD_LETTERS = Randomizer.union(CHAR_PASSWORD_LOWERS,
CHAR_PASSWORD_UPPERS);
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/EncryptedProperties.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,212 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IEncryptedProperties
interface. This
+ /// implementation wraps a normal properties file, and creates surrogates
for the
+ /// getProperty and setProperty methods that perform encryption and
decryption based on the Encryptor.
+ /// A very simple main program is provided that can be used to create an
+ /// encrypted properties file. A better approach would be to allow
unencrypted
+ /// properties in the file and to encrypt them the first time the file is
+ /// accessed.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IEncryptedProperties">
+ /// </seealso>
+ public class EncryptedProperties :
org.owasp.esapi.interfaces.IEncryptedProperties
+ {
+
+ /// <summary>The properties. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'properties '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_ISSUE: Class hierarchy differences
between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'"
+ //UPGRADE_TODO: Format of property file may need to be
changed. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1089'"
+ private System.Collections.Specialized.NameValueCollection properties =
new System.Collections.Specialized.NameValueCollection();
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.EncryptedProperties'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary> Instantiates a new encrypted properties.</summary>
+ public EncryptedProperties()
+ {
+ // hidden
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncryptedProperties#getProperty(java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'getProperty'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual System.String getProperty(System.String key)
+ {
+ lock (this)
+ {
+ try
+ {
+ return ESAPI.encryptor().decrypt(properties.Get(key));
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Property retrieval failure", "Couldn't
decrypt property", e);
+ }
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncryptedProperties#setProperty(java.lang.String,
+ * java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'setProperty'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual System.String setProperty(System.String key,
System.String value_Renamed)
+ {
+ lock (this)
+ {
+ try
+ {
+ System.Object tempObject;
+ //UPGRADE_TODO: Method 'java.util.Properties.setProperty' was
converted to 'System.Collections.Specialized.NameValueCollection.Item'
which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiessetProperty_javalangString_javalangString'"
+ tempObject = properties[key];
+ properties[key] = ESAPI.encryptor().encrypt(value_Renamed);
+ return (System.String) tempObject;
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Property setting failure", "Couldn't
encrypt property", e);
+ }
+ }
+ }
+
+ /// <summary> Key set.
+ ///
+ /// </summary>
+ /// <returns> the set
+ /// </returns>
+ public virtual SupportClass.SetSupport keySet()
+ {
+ return new SupportClass.HashSetSupport(properties);
+ }
+
+ /// <summary> Load.
+ ///
+ /// </summary>
+ /// <param name="in">the in
+ ///
+ /// </param>
+ /// <throws> IOException </throws>
+ /// <summary> Signals that an I/O exception has occurred.
+ /// </summary>
+ public virtual void load(System.IO.Stream in_Renamed)
+ {
+ //UPGRADE_TODO: Method 'java.util.Properties.load' was converted
to 'System.Collections.Specialized.NameValueCollection' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiesload_javaioInputStream'"
+ properties = new
System.Collections.Specialized.NameValueCollection(System.Configuration.ConfigurationSettings.AppSettings);
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Encrypted
properties loaded successfully");
+ }
+
+ /// <summary> Store.
+ ///
+ /// </summary>
+ /// <param name="out">the out
+ /// </param>
+ /// <param name="comments">the comments
+ ///
+ /// </param>
+ /// <throws> IOException </throws>
+ /// <summary> Signals that an I/O exception has occurred.
+ /// </summary>
+ public virtual void store(System.IO.Stream out_Renamed, System.String
comments)
+ {
+ //UPGRADE_ISSUE: Method 'java.util.Properties.store' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilPropertiesstore_javaioOutputStream_javalangString'"
+ properties.store(out_Renamed, comments);
+ }
+
+ /// <summary> The main method.
+ ///
+ /// </summary>
+ /// <param name="args">the arguments
+ ///
+ /// </param>
+ /// <throws> Exception </throws>
+ /// <summary> the exception
+ /// </summary>
+ [STAThread]
+ public static void Main(System.String[] args)
+ {
+ // FIXME: AAA verify that this still works
+ System.IO.FileInfo f = new System.IO.FileInfo(args[0]);
+
Logger.getLogger("EncryptedProperties", "main").logDebug(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Loading
encrypted properties from " + f.FullName);
+ bool tmpBool;
+ if (System.IO.File.Exists(f.FullName))
+ tmpBool = true;
+ else
+ tmpBool = System.IO.Directory.Exists(f.FullName);
+ if (!tmpBool)
+ throw new System.IO.IOException("Properties file not found: " +
f.FullName);
+
Logger.getLogger("EncryptedProperties", "main").logDebug(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Encrypted
properties found in " + f.FullName);
+ EncryptedProperties ep = new EncryptedProperties();
+ //UPGRADE_TODO: Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'"
+ System.IO.FileStream in_Renamed = new System.IO.FileStream(f.FullName,
System.IO.FileMode.Open, System.IO.FileAccess.Read);
+ ep.load(in_Renamed);
+
+ //UPGRADE_TODO: The differences in the expected value of parameters
for constructor 'java.io.BufferedReader.BufferedReader' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ //UPGRADE_WARNING: At least one expression was used more than once in
the target
code. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'"
+ System.IO.StreamReader br = new System.IO.StreamReader(new
System.IO.StreamReader(System.Console.OpenStandardInput(),
System.Text.Encoding.Default).BaseStream, new
System.IO.StreamReader(System.Console.OpenStandardInput(),
System.Text.Encoding.Default).CurrentEncoding);
+ System.String key = null;
+ do
+ {
+ System.Console.Out.Write("Enter key: ");
+ key = br.ReadLine();
+ System.Console.Out.Write("Enter value: ");
+ System.String value_Renamed = br.ReadLine();
+ if (key != null && key.Length > 0 && value_Renamed.Length > 0)
+ {
+ ep.setProperty(key, value_Renamed);
+ }
+ }
+ while (key != null && key.Length > 0);
+
+ //UPGRADE_TODO: Constructor 'java.io.FileOutputStream.FileOutputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileOutputStreamFileOutputStream_javaioFile'"
+ System.IO.FileStream out_Renamed = new System.IO.FileStream(f.FullName,
System.IO.FileMode.Create);
+ ep.store(out_Renamed, "Encrypted Properties File");
+ out_Renamed.Close();
+
+ System.Collections.IEnumerator i = ep.keySet().GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String k = (System.String) i.Current;
+ System.String value_Renamed = ep.getProperty(k);
+ System.Console.Out.WriteLine(" " + k + "=" + value_Renamed);
+ }
+ }
+ static EncryptedProperties()
+ {
+ logger = Logger.getLogger("ESAPI", "EncryptedProperties");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Encryptor.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,329 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using System.Text;
+using RedCorona.Cryptography;
+using System.Security.Cryptography;
+
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+using IntegrityException = org.owasp.esapi.errors.IntegrityException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IEncryptor interface. This
implementation
+ /// layers on the JCE provided cryptographic package. Algorithms used are
+ /// configurable in the ESAPI.properties file.
+ ///
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IEncryptor">
+ /// </seealso>
+ public class Encryptor : org.owasp.esapi.interfaces.IEncryptor
+ {
+ virtual public long TimeStamp
+ {
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#getTimeStamp()
+ */
+
+ get
+ {
+ //UPGRADE_TODO: Method 'java.util.Date.getTime' was converted
to 'System.DateTime.Ticks' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'"
+ return System.DateTime.Now.Ticks;
+ }
+
+ }
+
+ /// <summary>The private key. </summary>
+ internal SupportClass.PrivateKeySupport privateKey = null;
+
+ /// <summary>The public key. </summary>
+ internal SupportClass.PublicKeySupport publicKey = null;
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Encryptor'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ // FIXME: AAA need global scrub of what methods need to log
+
+ //UPGRADE_ISSUE: Class 'javax.crypto.spec.PBEParameterSpec' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxcryptospecPBEParameterSpec'"
+ internal PKCSKeyGenerator parameterSpec = null;
+ internal System.Security.Cryptography.SymmetricAlgorithm secretKey =
null;
+ internal System.String encryptAlgorithm = "PBEWithMD5AndDES";
+ internal System.String signatureAlgorithm = "SHAwithDSA";
+ internal System.String hashAlgorithm = "SHA-512";
+ internal System.String randomAlgorithm = "SHA1PRNG";
+ internal System.String encoding = "UTF-8";
+
+ public Encryptor()
+ {
+
+ // FIXME: AAA - need support for key and salt changing. What's best
interface?
+ sbyte[] salt = ESAPI.securityConfiguration().MasterSalt;
+ char[] pass = ESAPI.securityConfiguration().MasterPassword;
+
+ // setup algorithms
+ encryptAlgorithm = ESAPI.securityConfiguration().EncryptionAlgorithm;
+ signatureAlgorithm =
ESAPI.securityConfiguration().DigitalSignatureAlgorithm;
+ randomAlgorithm = ESAPI.securityConfiguration().RandomAlgorithm;
+ hashAlgorithm = ESAPI.securityConfiguration().HashAlgorithm;
+
+ try
+ {
+ //UPGRADE_NOTE: Cryptographic classes that handle keys behave
differently in the .NET
Framework. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1288'"
+ //UPGRADE_TODO: A transformation string might not be supported by the
classes in the System.Security.Cryptography
namespace. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1287'"
+ System.Security.Cryptography.SymmetricAlgorithm kf =
System.Security.Cryptography.SymmetricAlgorithm.Create(encryptAlgorithm);
+ new System.Security.Cryptography.PasswordDeriveBytes(new String(pass),
null);
+ //UPGRADE_TODO: Method 'javax.crypto.SecretKeyFactory.generateSecret'
was converted
to 'System.Security.Cryptography.SymmetricAlgorithm.GenerateKey' which has
a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxcryptoSecretKeyFactorygenerateSecret_javasecurityspecKeySpec'"
+ secretKey = kf.GenerateKey();
+ encoding = ESAPI.securityConfiguration().CharacterEncoding;
+
+ // Set up signing keypair using the master password and salt
+ // FIXME: Enhance - make DSA configurable
+ //UPGRADE_ISSUE: Class 'java.security.KeyPairGenerator' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ //UPGRADE_ISSUE: Method 'java.security.KeyPairGenerator.getInstance'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.security.SecureRandom.getInstance' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ SupportClass.SecureRandomSupport random = new
SupportClass.SecureRandomSupport();
+ sbyte[] seed =
SupportClass.ToSByteArray(SupportClass.ToByteArray(hash(new
System.String(pass), new
System.String(SupportClass.ToCharArray(SupportClass.ToByteArray(salt))))));
+ random.SetSeed(SupportClass.ToByteArray(seed));
+ //UPGRADE_ISSUE: Method 'java.security.KeyPairGenerator.initialize'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ keyGen.initialize(1024, random);
+ //UPGRADE_TODO: The class 'java.security.KeyPair' was converted
to 'SupportClass.KeyPairSupport', which is not
serializable. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1277'"
+ //UPGRADE_ISSUE:
Method 'java.security.KeyPairGenerator.generateKeyPair' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ SupportClass.KeyPairSupport pair = keyGen.generateKeyPair();
+ privateKey = pair.Private;
+ publicKey = pair.Public;
+ }
+ catch (System.Exception e)
+ {
+ // can't throw this exception in initializer, but this will log it
+ new EncryptionException("Encryption failure", "Error creating
Encryptor", e);
+ }
+ }
+
+ /// <summary> Hashes the data using the specified algorithm and the Java
MessageDigest class. This method
+ /// first adds the salt, then the data, and then rehashes 1024 times to
help strengthen weak passwords.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IEncryptor.hash(java.lang.String,java.lang.String)">
+ /// </seealso>
+ public virtual System.String hash(System.String plaintext, System.String
salt)
+ {
+ sbyte[] bytes = null;
+ try
+ {
+ SupportClass.MessageDigestSupport digest =
SupportClass.MessageDigestSupport.GetInstance(hashAlgorithm);
+ digest.Reset();
+
digest.Update(SupportClass.ToByteArray(ESAPI.securityConfiguration().MasterSalt));
+ digest.Update(SupportClass.ToByteArray(salt));
+ digest.Update(SupportClass.ToByteArray(plaintext));
+
+ // rehash a number of times to help strengthen weak passwords
+ // FIXME: ENHANCE make iterations configurable
+ bytes = digest.DigestData();
+ for (int i = 0; i < 1024; i++)
+ {
+ digest.Reset();
+ bytes = digest.DigestData(bytes);
+ }
+ System.String encoded = ESAPI.encoder().encodeForBase64(bytes, false);
+ return encoded;
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Internal error", "Can't find hash
algorithm " + hashAlgorithm, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#encrypt(java.lang.String)
+ */
+ public virtual System.String encrypt(System.String plaintext)
+ {
+ // Note - Cipher is not threadsafe so we create one locally
+ try
+ {
+ SupportClass.CryptoSupport encrypter = new
SupportClass.CryptoSupport(encryptAlgorithm);
+ ICryptoTransform parameterSpec =
PKCSKeyGenerator.Generate(this.secretKey, (new
ASCIIEncoding().GetBytes(salt)), 20, 1);
+
+
//encrypter.CryptoInit(System.Security.Cryptography.CryptoStreamMode.Write,
secretKey, parameterSpec);
+ //UPGRADE_TODO: Method 'java.lang.String.getBytes' was converted
to 'System.Text.Encoding.GetEncoding(string).GetBytes(string)' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javalangStringgetBytes_javalangString'"
+ sbyte[] output =
SupportClass.ToSByteArray(System.Text.Encoding.GetEncoding(encoding).GetBytes(plaintext));
+ parameterSpec.TransformBlock(ouput, 0, output.Length);
+ sbyte[] enc = encrypter.CryptoDoFinal(output);
+ return ESAPI.encoder().encodeForBase64(enc, false);
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new EncryptionException("Decryption failure", "Decryption
problem: " + e.Message, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#decrypt(java.lang.String)
+ */
+ public virtual System.String decrypt(System.String ciphertext)
+ {
+ // Note - Cipher is not threadsafe so we create one locally
+ try
+ {
+ SupportClass.CryptoSupport decrypter = new
SupportClass.CryptoSupport(encryptAlgorithm);
+
decrypter.CryptoInit(System.Security.Cryptography.CryptoStreamMode.Read,
secretKey, parameterSpec);
+ sbyte[] dec = ESAPI.encoder().decodeFromBase64(ciphertext);
+ sbyte[] output = decrypter.CryptoDoFinal(dec);
+ //UPGRADE_TODO: The differences in the Format of parameters for
constructor 'java.lang.String.String' may cause compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ return
System.Text.Encoding.GetEncoding(encoding).GetString(SupportClass.ToByteArray(output));
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new EncryptionException("Decryption failed", "Decryption
problem: " + e.Message, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#sign(java.lang.String)
+ */
+ public virtual System.String sign(System.String data)
+ {
+ System.String signatureAlgorithm = "SHAwithDSA";
+ try
+ {
+ SupportClass.DigitalSignature signer =
SupportClass.DigitalSignature.GetInstance(signatureAlgorithm);;
+ //UPGRADE_TODO: Method 'java.security.Signature.initSign' was
converted to 'SupportClass.DigitalSignature.Signing' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitSign_javasecurityPrivateKey'"
+ signer.Signing();
+ signer.Update(SupportClass.ToByteArray(data));
+ //UPGRADE_TODO: Method 'java.security.Signature.sign' was converted
to 'SupportClass.DigitalSignature.Sign' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignaturesign'"
+ sbyte[] bytes = SupportClass.ToSByteArray(signer.Sign());
+ return ESAPI.encoder().encodeForBase64(bytes, true);
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Signature failure", "Can't find
signature algorithm " + signatureAlgorithm, e);
+ }
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncryptor#verifySignature(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool verifySignature(System.String signature,
System.String data)
+ {
+ try
+ {
+ sbyte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
+ SupportClass.DigitalSignature signer =
SupportClass.DigitalSignature.GetInstance(signatureAlgorithm);;
+ //UPGRADE_TODO: Method 'java.security.Signature.initVerify' was
converted to 'SupportClass.DigitalSignature.Verification' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitVerify_javasecurityPublicKey'"
+ signer.Verification();
+ signer.Update(SupportClass.ToByteArray(data));
+ //UPGRADE_TODO: Method 'java.security.Signature.verify' was converted
to 'SupportClass.DigitalSignature.Verify' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureverify_byte[]'"
+ return signer.Verify(SupportClass.ToByteArray(bytes));
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ new EncryptionException("Invalid signature", "Problem verifying
signature: " + e.Message, e);
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#seal(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual System.String seal(System.String data, long expiration)
+ {
+ try
+ {
+ return this.encrypt(expiration + ":" + data);
+ }
+ catch (EncryptionException e)
+ {
+ throw new IntegrityException(e.UserMessage, e.LogMessage, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#verifySeal(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool verifySeal(System.String seal, System.String data)
+ {
+ System.String plaintext = null;
+ try
+ {
+ plaintext = decrypt(seal);
+ }
+ catch (EncryptionException e)
+ {
+ new EncryptionException("Invalid seal", "Seal did not decrypt
properly", e);
+ return false;
+ }
+
+ int index = plaintext.IndexOf(":");
+ if (index == - 1)
+ {
+ new EncryptionException("Invalid seal", "Seal did not contain properly
formatted separator");
+ return false;
+ }
+
+ System.String timestring = plaintext.Substring(0, (index) - (0));
+ //UPGRADE_TODO: Method 'java.util.Date.getTime' was converted
to 'System.DateTime.Ticks' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'"
+ long now = System.DateTime.Now.Ticks;
+ long expiration = System.Int64.Parse(timestring);
+ if (now > expiration)
+ {
+ new EncryptionException("Invalid seal", "Seal expiration date has
expired");
+ return false;
+ }
+
+ System.String sealedValue = plaintext.Substring(index + 1);
+ if (!sealedValue.Equals(data))
+ {
+ new EncryptionException("Invalid seal", "Seal data does not match");
+ return false;
+ }
+ return true;
+ }
+ static Encryptor()
+ {
+ logger = Logger.getLogger("ESAPI", "Encryptor");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Executor.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,151 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using ExecutorException = org.owasp.esapi.errors.ExecutorException;
+using IValidator = org.owasp.esapi.interfaces.IValidator;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the Executor interface. This
implementation is very restrictive. Commands must exactly
+ /// equal the canonical path to an executable on the system. Valid
characters for parameters are alphanumeric,
+ /// forward-slash, and dash.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IExecutor">
+ /// </seealso>
+ public class Executor : org.owasp.esapi.interfaces.IExecutor
+ {
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Executor'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ public Executor()
+ {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IExecutor#executeSystemCommand(java.lang.String,
java.util.List, java.io.File,
+ * int)
+ */
+ public virtual System.String executeSystemCommand(System.IO.FileInfo
executable, System.Collections.IList params_Renamed, System.IO.FileInfo
workdir, int timeoutSeconds)
+ {
+ System.IO.StreamReader br = null;
+ try
+ {
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Initiating
executable: " + executable + " " +
SupportClass.CollectionToString(params_Renamed) + " in " + workdir);
+ IValidator validator = ESAPI.validator();
+
+ // command must exactly match the canonical path and must actually
exist on the file system
+ if (!executable.FullName.Equals(executable.FullName))
+ {
+ throw new ExecutorException("Execution failure", "Invalid path to
executable file: " + executable);
+ }
+ bool tmpBool;
+ if (System.IO.File.Exists(executable.FullName))
+ tmpBool = true;
+ else
+ tmpBool = System.IO.Directory.Exists(executable.FullName);
+ if (!tmpBool)
+ {
+ throw new ExecutorException("Execution failure", "No such
executable: " + executable);
+ }
+
+ // parameters must only contain alphanumerics, dash, and forward slash
+ // FIXME: ENHANCE make configurable regexes? Update comments!
+ System.Collections.IEnumerator i = params_Renamed.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String param = (System.String) i.Current;
+ if (!validator.isValidDataFromBrowser("fixme", "SystemCommand",
param))
+ {
+ throw new ExecutorException("Execution failure", "Illegal characters
in parameter to executable: " + param);
+ }
+ }
+
+ // working directory must exist
+ bool tmpBool2;
+ if (System.IO.File.Exists(workdir.FullName))
+ tmpBool2 = true;
+ else
+ tmpBool2 = System.IO.Directory.Exists(workdir.FullName);
+ if (!tmpBool2)
+ {
+ throw new ExecutorException("Execution failure", "No such working
directory for running executable: " + workdir.FullName);
+ }
+
+ params_Renamed.Insert(0, executable.FullName);
+ System.String[] command = (System.String[])
SupportClass.ICollectionSupport.ToArray(params_Renamed, new
System.String[0]);
+ //UPGRADE_ISSUE: Method 'java.lang.Runtime.exec' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangRuntimeexec_javalangString[]_javalangString[]_javaioFile'"
+ System.Diagnostics.Process process =
System.Diagnostics.Process.GetCurrentProcess().exec(command, new
System.String[0], workdir);
+
+ // FIXME: Future - this is how to implement this in Java 1.5+
+ // ProcessBuilder pb = new ProcessBuilder(params);
+ // Map env = pb.environment();
+ // Security check - clear environment variables!
+ // env.clear();
+ // pb.directory(workdir);
+ // pb.redirectErrorStream(true);
+ // FIXME: ENHANCE need a timer
+ // Process process = pb.start();
+ System.IO.Stream is_Renamed = process.StandardInput.BaseStream;
+ System.IO.StreamReader isr = new System.IO.StreamReader(is_Renamed,
System.Text.Encoding.Default);
+ //UPGRADE_TODO: The differences in the expected value of parameters
for constructor 'java.io.BufferedReader.BufferedReader' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ br = new System.IO.StreamReader(isr.BaseStream, isr.CurrentEncoding);
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ System.String line;
+ while ((line = br.ReadLine()) != null)
+ {
+ sb.Append(line + "\n");
+ }
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "System
command successful: " + SupportClass.CollectionToString(params_Renamed));
+ return sb.ToString();
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new ExecutorException("Execution failure", "Exception thrown
during execution of system command: " + e.Message, e);
+ }
+ finally
+ {
+ try
+ {
+ if (br != null)
+ {
+ br.Close();
+ }
+ }
+ catch (System.IO.IOException e)
+ {
+ // give up
+ }
+ }
+ }
+ static Executor()
+ {
+ logger = Logger.getLogger("ESAPI", "Executor");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/HTTPUtilities.cs Tue Jun 14 21:31:31
2011
@@ -0,0 +1,668 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+//UPGRADE_TODO: The type 'java.util.regex.Pattern' could not be found. If
it was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using Pattern = java.util.regex.Pattern;
+//UPGRADE_TODO: The type 'org.apache.commons.fileupload.FileItem' could
not be found. If it was not included in the conversion, there may be
compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using FileItem = org.apache.commons.fileupload.FileItem;
+//UPGRADE_TODO: The type 'org.apache.commons.fileupload.ProgressListener'
could not be found. If it was not included in the conversion, there may be
compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using ProgressListener = org.apache.commons.fileupload.ProgressListener;
+//UPGRADE_TODO: The
type 'org.apache.commons.fileupload.disk.DiskFileItemFactory' could not be
found. If it was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using DiskFileItemFactory =
org.apache.commons.fileupload.disk.DiskFileItemFactory;
+//UPGRADE_TODO: The
type 'org.apache.commons.fileupload.servlet.ServletFileUpload' could not be
found. If it was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using ServletFileUpload =
org.apache.commons.fileupload.servlet.ServletFileUpload;
+using AccessControlException =
org.owasp.esapi.errors.AccessControlException;
+using AuthenticationException =
org.owasp.esapi.errors.AuthenticationException;
+using EncodingException = org.owasp.esapi.errors.EncodingException;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+using ValidationException = org.owasp.esapi.errors.ValidationException;
+using ValidationUploadException =
org.owasp.esapi.errors.ValidationUploadException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IHTTPUtilities interface.
This implementation
+ /// uses the Apache Commons FileUploader library, which in turn uses the
Apache
+ /// Commons IO library.
+ /// <P>
+ /// To simplify the interface, this class uses the current request and
response that
+ /// are tracked by ThreadLocal variables in the Authenticator. This means
that you
+ /// must have called ESAPI.authenticator().setCurrentHTTP(null, response)
before
+ /// calling these methods. This is done automatically by the
Authenticator.login() method.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IHTTPUtilities">
+ /// </seealso>
+ public class HTTPUtilities : org.owasp.esapi.interfaces.IHTTPUtilities
+ {
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to
class 'AnonymousClassProgressListener' to access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ private class AnonymousClassProgressListener : ProgressListener
+ {
+ public
AnonymousClassProgressListener(System.Web.SessionState.HttpSessionState
session, HTTPUtilities enclosingInstance)
+ {
+ InitBlock(session, enclosingInstance);
+ }
+ private void InitBlock(System.Web.SessionState.HttpSessionState
session, HTTPUtilities enclosingInstance)
+ {
+ this.session = session;
+ this.enclosingInstance = enclosingInstance;
+ }
+ //UPGRADE_NOTE: Final variable session was copied into class
AnonymousClassProgressListener. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1023'"
+ private System.Web.SessionState.HttpSessionState session;
+ private HTTPUtilities enclosingInstance;
+ public HTTPUtilities Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+ private long megaBytes = - 1;
+ private long progress = 0;
+
+ public virtual void update(long pBytesRead, long pContentLength, int
pItems)
+ {
+ if (pItems == 0)
+ return ;
+ long mBytes = pBytesRead / 1000000;
+ if (megaBytes == mBytes)
+ return ;
+ megaBytes = mBytes;
+ //UPGRADE_WARNING: Data types in Visual C# might be different. Verify
the accuracy of narrowing
conversions. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'"
+ progress = (long) (((double) pBytesRead / (double) pContentLength) *
100);
+ session.Add("progress", System.Convert.ToString(progress));
+ // logger.logSuccess(Logger.SECURITY, " Item " + pItems + " (" +
progress + "% of " + pContentLength + " bytes]");
+ }
+ }
+ private void InitBlock()
+ {
+ maxBytes = ESAPI.securityConfiguration().AllowedFileUploadSize;
+ }
+ /// <summary> Returns true if the request was transmitted over an SSL
enabled
+ /// connection. This implementation ignores the built-in isSecure()
method
+ /// and uses the URL to determine if the request was transmitted over
SSL.
+ /// </summary>
+ virtual public bool SecureChannel
+ {
+ get
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ return (SupportClass.GetRequestURL(request)[4] == 's');
+ }
+
+ }
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.HTTPUtilities'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary>The max bytes. </summary>
+ //UPGRADE_NOTE: The initialization of 'maxBytes' was moved to
method 'InitBlock'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal int maxBytes;
+
+ public HTTPUtilities()
+ {
+ InitBlock();
+ }
+
+ // FIXME: Enhance - consider adding addQueryChecksum(String href) that
would just verify that none of the parameters in the querystring have
changed. Could do the same for forms.
+ // FIXME: Enhance - also verifyQueryChecksum()
+
+
+
+ // FIXME: need to make this easier to add to forms.
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.addCSRFToken(java.lang.String)">
+ /// </seealso>
+ public virtual System.String addCSRFToken(System.String href)
+ {
+ User user = ESAPI.authenticator().getCurrentUser();
+
+ // FIXME: AAA getCurrentUser should never return null
+ if (user.Anonymous || user == null)
+ {
+ return href;
+ }
+
+ if ((href.IndexOf('?') != - 1) || (href.IndexOf('&') != - 1))
+ {
+ return href + "&" + user.CSRFToken;
+ }
+ else
+ {
+ return href + "?" + user.CSRFToken;
+ }
+ }
+
+
+ /// <summary> Adds a cookie to the HttpServletResponse that uses Secure
and HttpOnly
+ /// flags. This implementation does not use the addCookie method because
+ /// it does not support HttpOnly, so it just creates a cookie header
manually.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.safeAddCookie(java.lang.String,">
+ /// java.lang.String, java.util.Date, java.lang.String,
+ /// java.lang.String, javax.servlet.http.HttpServletResponse)
+ /// </seealso>
+ public virtual void safeAddCookie(System.String name, System.String
value_Renamed, int maxAge, System.String domain, System.String path)
+ {
+ // verify name matches
+ Pattern cookieName = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPCookieName");
+ if (!cookieName.matcher(name).matches())
+ {
+ throw new ValidationException("Invalid cookie", "Attempt to set a
cookie name (" + name + ") that violates the global rule in
ESAPI.properties (" + cookieName.pattern() + ")");
+ }
+
+ // verify value matches
+ Pattern cookieValue = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPCookieValue");
+ if (!cookieValue.matcher(value_Renamed).matches())
+ {
+ throw new ValidationException("Invalid cookie", "Attempt to set a
cookie value (" + value_Renamed + ") that violates the global rule in
ESAPI.properties (" + cookieValue.pattern() + ")");
+ }
+
+ // FIXME: AAA need to validate domain and path! Otherwise response
splitting etc.. Can use Cookie object?
+
+ // create the special cookie header
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+ // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
+ // FIXME: AAA test if setting a separate set-cookie header for each
cookie works!
+ System.String header = name + "=" + value_Renamed;
+ if (maxAge != - 1)
+ header += ("; Max-Age=" + maxAge);
+ if (domain != null)
+ header += ("; Domain=" + domain);
+ if (path != null)
+ header += ("; Path=" + path);
+ header += "; Secure; HttpOnly";
+ response.AppendHeader("Set-Cookie", header);
+ }
+
+ /*
+ * Adds a header to an HttpServletResponse after checking for special
+ * characters (such as CRLF injection) that could enable attacks like
+ * response splitting and other header-based attacks that nobody has
thought
+ * of yet.
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#safeAddHeader(java.lang.String,
+ * java.lang.String, java.lang.String,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void safeAddHeader(System.String name, System.String
value_Renamed)
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ // FIXME: AAA consider using the regex for header names and header
values here
+ Pattern headerName = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPHeaderName");
+ if (!headerName.matcher(name).matches())
+ {
+ throw new ValidationException("Invalid header", "Attempt to set a
header name that violates the global rule in ESAPI.properties: " + name);
+ }
+ Pattern headerValue = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPHeaderValue");
+ if (!headerValue.matcher(value_Renamed).matches())
+ {
+ throw new ValidationException("Invalid header", "Attempt to set a
header value that violates the global rule in ESAPI.properties: " +
value_Renamed);
+ }
+ response.AppendHeader(name, value_Renamed);
+ }
+
+ //FIXME: AAA add these to the interface
+ /// <summary> Return exactly what was sent to prevent URL rewriting. URL
rewriting is intended to be a session management
+ /// scheme that doesn't require cookies, but exposes the sessionid in
many places, including the URL bar,
+ /// favorites, HTML files in cache, logs, and cut-and-paste links. For
these reasons, session rewriting is
+ /// more dangerous than the evil cookies it was intended to replace.
+ ///
+ /// </summary>
+ /// <param name="url">
+ /// </param>
+ /// <returns>
+ /// </returns>
+ public virtual System.String safeEncodeURL(System.String url)
+ {
+ return url;
+ }
+
+ /// <summary> Return exactly what was sent to prevent URL rewriting. URL
rewriting is intended to be a session management
+ /// scheme that doesn't require cookies, but exposes the sessionid in
many places, including the URL bar,
+ /// favorites, HTML files in cache, logs, and cut-and-paste links. For
these reasons, session rewriting is
+ /// more dangerous than the evil cookies it was intended to replace.
+ ///
+ /// </summary>
+ /// <param name="url">
+ /// </param>
+ /// <returns>
+ /// </returns>
+ public virtual System.String safeEncodeRedirectURL(System.String url)
+ {
+ return url;
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#changeSessionIdentifier(javax.servlet.http.HttpServletRequest)
+ */
+ public virtual System.Web.SessionState.HttpSessionState
changeSessionIdentifier()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.IDictionary temp = new
System.Collections.Hashtable();
+ System.Web.SessionState.HttpSessionState session =
System.Web.HttpContext.Current.Session;
+
+ // make a copy of the session content
+ System.Collections.IEnumerator e = Session.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Enumeration.hasMoreElements' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'"
+ while (e != null && e.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Enumeration.nextElement' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'"
+ System.String name = (System.String) e.Current;
+ System.Object value_Renamed = session[name];
+ temp[name] = value_Renamed;
+ }
+
+ // invalidate the old session and create a new one
+ //UPGRADE_TODO: Method 'javax.servlet.http.HttpSession.invalidate' was
converted to 'System.Web.SessionState.HttpSessionState.Abandon' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpSessioninvalidate'"
+ session.Abandon();
+ //UPGRADE_TODO:
Method 'javax.servlet.http.HttpServletRequest.getSession' was converted
to 'System.Web.HttpContext.Current.Session' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletRequestgetSession_boolean'"
+ System.Web.SessionState.HttpSessionState newSession =
System.Web.HttpContext.Current.Session;
+
+ // copy back the session content
+ //UPGRADE_TODO: Method 'java.util.Map.entrySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'"
+ System.Collections.IEnumerator i = new
SupportClass.HashSetSupport(temp).GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.Collections.DictionaryEntry entry =
(System.Collections.DictionaryEntry) i.Current;
+ newSession.Add((System.String) entry.Key, entry.Value);
+ }
+ return newSession;
+ }
+
+
+
+ // FIXME: ENHANCE - add configuration for entry pages that don't require
a token
+ /*
+ * This implementation uses the parameter name to store the token.
+ * (non-Javadoc)
+ * @see org.owasp.esapi.interfaces.IHTTPUtilities#verifyCSRFToken()
+ */
+ public virtual void verifyCSRFToken()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ User user = ESAPI.authenticator().getCurrentUser();
+ // FIXME: AAA this is a bad test - need a way to not enforce CSRF token
on entry points
+ // if this is the first request after logging in, let them pass
+ if (user.isFirstRequest())
+ return ;
+
+ //UPGRADE_TODO: Method 'javax.servlet.ServletRequest.getParameter' was
converted to 'System.Web.HttpRequest' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'"
+ if (request[user.CSRFToken] == null)
+ {
+ throw new IntrusionException("Authentication failed", "Attempt to
access application without appropriate token");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#decryptHiddenField(java.lang.String)
+ */
+ public virtual System.String decryptHiddenField(System.String encrypted)
+ {
+ try
+ {
+ return ESAPI.encryptor().decrypt(encrypted);
+ }
+ catch (EncryptionException e)
+ {
+ throw new IntrusionException("Invalid request", "Tampering detected.
Hidden field data did not decrypt properly.", e);
+ }
+ }
+
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#decryptQuueryString(java.lang.String)
+ */
+ public virtual System.Collections.IDictionary
decryptQueryString(System.String encrypted)
+ {
+ // FIXME: AAA needs test cases
+ System.String plaintext = ESAPI.encryptor().decrypt(encrypted);
+ return queryToMap(plaintext);
+ }
+
+ /// <throws> EncryptionException </throws>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.decryptStateFromCookie()">
+ /// </seealso>
+ public virtual System.Collections.IDictionary decryptStateFromCookie()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpCookie[] cookies = SupportClass.GetCookies(request);
+ System.Web.HttpCookie c = null;
+ for (int i = 0; i < cookies.Length; i++)
+ {
+ if (cookies[i].Name.Equals("state"))
+ {
+ c = cookies[i];
+ }
+ }
+ System.String encrypted = c.Value;
+ System.String plaintext = ESAPI.encryptor().decrypt(encrypted);
+
+ return queryToMap(plaintext);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#encryptHiddenField(java.lang.String)
+ */
+ public virtual System.String encryptHiddenField(System.String
value_Renamed)
+ {
+ return ESAPI.encryptor().encrypt(value_Renamed);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#encryptQueryString(java.lang.String)
+ */
+ public virtual System.String encryptQueryString(System.String query)
+ {
+ return ESAPI.encryptor().encrypt(query);
+ }
+
+ /// <throws> EncryptionException </throws>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.encryptStateInCookie(java.util.Map)">
+ /// </seealso>
+ public virtual void encryptStateInCookie(System.Collections.IDictionary
cleartext)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ //UPGRADE_TODO: Method 'java.util.Map.entrySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'"
+ System.Collections.IEnumerator i = new
SupportClass.HashSetSupport(cleartext).GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ try
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.Collections.DictionaryEntry entry =
(System.Collections.DictionaryEntry) i.Current;
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Object.toString' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String name =
ESAPI.encoder().encodeForURL(entry.Key.ToString());
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Object.toString' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String value_Renamed =
ESAPI.encoder().encodeForURL(entry.Value.ToString());
+ sb.Append(name + "=" + value_Renamed);
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ if (i.MoveNext())
+ sb.Append("&");
+ }
+ catch (EncodingException e)
+ {
+
logger.logError(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
encrypting state in cookie - skipping entry", e);
+ }
+ }
+ // FIXME: AAA - add a check to see if cookie length will exceed 2K limit
+ System.String encrypted = ESAPI.encryptor().encrypt(sb.ToString());
+ try
+ {
+ this.safeAddCookie("state", encrypted, - 1, null, null);
+ }
+ catch (ValidationException e)
+ {
+ throw new EncryptionException("Error generating encrypted cookie",
e.LogMessage, e);
+ }
+ }
+
+ /// <summary> Uses the Apache Commons FileUploader to parse the
multipart HTTP request
+ /// and extract any files therein. Note that the progress of any uploads
is
+ /// put into a session attribute, where it can be retrieved with a simple
+ /// JSP.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.safeGetFileUploads(javax.servlet.http.HttpServletRequest,">
+ /// java.io.File, java.io.File, int)
+ /// </seealso>
+ public virtual void getSafeFileUploads(System.IO.FileInfo tempDir,
System.IO.FileInfo finalDir)
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ try
+ {
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'session '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ System.Web.SessionState.HttpSessionState session =
System.Web.HttpContext.Current.Session;
+ if (!ServletFileUpload.isMultipartContent(request))
+ {
+ throw new ValidationUploadException("Upload failed", "Not a multipart
request");
+ }
+
+ // this factory will store ALL files in the temp directory,
+ // regardless of size
+ DiskFileItemFactory factory = new DiskFileItemFactory(0, tempDir);
+ ServletFileUpload upload = new ServletFileUpload(factory);
+ upload.setSizeMax(maxBytes);
+
+ // Create a progress listener
+ ProgressListener progressListener = new
AnonymousClassProgressListener(session, this);
+ upload.setProgressListener(progressListener);
+
+ System.Collections.IList items = upload.parseRequest(request);
+ System.Collections.IEnumerator i = items.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ FileItem item = (FileItem) i.Current;
+ if (!item.isFormField() && item.getName() != null
&& !(item.getName().equals("")))
+ {
+ System.String[] fparts = item.getName().split("[\\/\\\\]");
+ System.String filename = fparts[fparts.Length - 1];
+
+ if (!ESAPI.validator().isValidFileName("upload", filename))
+ {
+ throw new ValidationUploadException("Upload only simple filenames
with the following extensions " +
SupportClass.CollectionToString(ESAPI.securityConfiguration().AllowedFileExtensions), "Upload
failed isValidFileName check");
+ }
+
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "File
upload requested: " + filename);
+ System.IO.FileInfo f = new System.IO.FileInfo(finalDir.FullName
+ "\\" + filename);
+ bool tmpBool;
+ if (System.IO.File.Exists(f.FullName))
+ tmpBool = true;
+ else
+ tmpBool = System.IO.Directory.Exists(f.FullName);
+ if (tmpBool)
+ {
+ System.String[] parts = filename.split("\\.");
+ System.String extension = "";
+ if (parts.Length > 1)
+ {
+ extension = parts[parts.Length - 1];
+ }
+ System.String filenm = filename.Substring(0, (filename.Length -
extension.Length) - (0));
+ //UPGRADE_ISSUE: Method 'java.io.File.createTempFile' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaioFilecreateTempFile_javalangString_javalangString_javaioFile'"
+ f = File.createTempFile(filenm, "." + extension, finalDir);
+ }
+ item.write(f);
+ // delete temporary file
+ item.delete();
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "File
successfully uploaded: " + f);
+ session.Add("progress", System.Convert.ToString(0));
+ }
+ }
+ }
+ catch (System.Exception e)
+ {
+ if (e is ValidationUploadException)
+ throw (ValidationException) e;
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new ValidationUploadException("Upload failure", "Problem during
upload:" + e.Message, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#killAllCookies(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void killAllCookies()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpCookie[] cookies = SupportClass.GetCookies(request);
+ if (cookies != null)
+ {
+ for (int i = 0; i < cookies.Length; i++)
+ {
+ System.Web.HttpCookie cookie = cookies[i];
+ killCookie(cookie.Name);
+ }
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#killCookie(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void killCookie(System.String name)
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ System.Web.HttpCookie[] cookies = SupportClass.GetCookies(request);
+ if (cookies != null)
+ {
+ for (int i = 0; i < cookies.Length; i++)
+ {
+ System.Web.HttpCookie cookie = cookies[i];
+ if (cookie.Name.Equals(name))
+ {
+ System.String path = request.ApplicationPath;
+ System.String header = name + "=deleted; Max-Age=0; Path=" + path;
+ response.AppendHeader("Set-Cookie", header);
+ }
+ }
+ }
+ }
+
+ private System.Collections.IDictionary queryToMap(System.String query)
+ {
+ //UPGRADE_ISSUE: Class hierarchy differences
between 'java.util.TreeMap' and 'System.Collections.SortedList' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'"
+ //UPGRADE_TODO: Constructor 'java.util.TreeMap.TreeMap' was converted
to 'System.Collections.SortedList' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeMapTreeMap'"
+ System.Collections.SortedList map = new System.Collections.SortedList();
+ System.String[] parts = query.split("&");
+ for (int j = 0; j < parts.Length; j++)
+ {
+ try
+ {
+ System.String[] nvpair = parts[j].split("=");
+ System.String name = ESAPI.encoder().decodeFromURL(nvpair[0]);
+ System.String value_Renamed =
ESAPI.encoder().decodeFromURL(nvpair[1]);
+ map[name] = value_Renamed;
+ }
+ catch (EncodingException e)
+ {
+ // skip and continue
+ }
+ }
+ return map;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#safeSendForward(java.lang.String)
+ */
+ public virtual void safeSendForward(System.String context,
System.String location)
+ {
+ // FIXME: should this be configurable? What is a good forward policy?
+ // I think not allowing forwards to public URLs is good, as it bypasses
many access controls
+
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ if (!location.StartsWith("WEB-INF"))
+ {
+ throw new AccessControlException("Forward failed", "Bad forward
location: " + location);
+ }
+ //UPGRADE_TODO: Interface 'javax.servlet.RequestDispatcher' was
converted to 'System.Web.HttpServerUtility' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcher'"
+ //UPGRADE_ISSUE:
Method 'javax.servlet.ServletRequest.getRequestDispatcher' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetRequestDispatcher_javalangString'"
+ System.Web.HttpServerUtility dispatcher =
request.getRequestDispatcher(location);
+ //UPGRADE_TODO: Method 'javax.servlet.RequestDispatcher.forward' was
converted to 'System.Web.HttpServerUtility.Transfer' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcherforward_javaxservletServletRequest_javaxservletServletResponse'"
+ //UPGRADE_TODO: Reference conversion may require user
modification. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'"
+ Server.Transfer();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#safeSendRedirect(java.lang.String)
+ */
+ public virtual void safeSendRedirect(System.String context,
System.String location)
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ if (!ESAPI.validator().isValidRedirectLocation(context, location))
+ {
+ throw new ValidationException("Redirect failed", "Bad redirect
location: " + location);
+ }
+ //UPGRADE_TODO: Reference conversion may require user
modification. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'"
+ response.Redirect(SupportClass.GetRealPath(location, "MyVROOT"));
+ }
+
+ /// <summary> Set the character encoding on every HttpServletResponse in
order to limit
+ /// the ways in which the input data can be represented. This prevents
+ /// malicious users from using encoding and multi-byte escape sequences
to
+ /// bypass input validation routines. The default is text/html;
charset=UTF-8
+ /// character encoding, which is the default in early versions of HTML
and
+ /// HTTP. See RFC 2047 (http://ds.internic.net/rfc/rfc2045.txt) for more
+ /// information about character encoding and MIME.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.safeSetContentType(java.lang.String)">
+ /// </seealso>
+ public virtual void safeSetContentType()
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ response.ContentType = ((SecurityConfiguration)
ESAPI.securityConfiguration()).ResponseContentType;
+ }
+
+ /// <summary> Set headers to protect sensitive information against being
cached in the
+ /// browser.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.setNoCacheHeaders(javax.servlet.http.HttpServletResponse)">
+ /// </seealso>
+ public virtual void setNoCacheHeaders()
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+
+ // HTTP 1.1
+ response.AppendHeader("Cache-Control", "no-store");
+ response.AppendHeader("Cache-Control", "no-cache");
+ response.AppendHeader("Cache-Control", "must-revalidate");
+
+ // HTTP 1.0
+ response.AppendHeader("Pragma", "no-cache");
+ //UPGRADE_TODO:
Method 'javax.servlet.http.HttpServletResponse.setDateHeader' was converted
to 'System.Web.HttpResponse.AppendHeader' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletResponsesetDateHeader_javalangString_long'"
+ response.AppendHeader("Expires", new System.DateTime(-
1).ToString("r"));
+ }
+ static HTTPUtilities()
+ {
+ logger = Logger.getLogger("ESAPI", "HTTPUtilities");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/IntrusionDetector.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,166 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EnterpriseSecurityException =
org.owasp.esapi.errors.EnterpriseSecurityException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IIntrusionDetector
interface. This
+ /// implementation monitors EnterpriseSecurityExceptions to see if any
user
+ /// exceeds a configurable threshold in a configurable time period. For
example,
+ /// it can monitor to see if a user exceeds 10 input validation issues in
a 1
+ /// minute period. Or if there are more than 3 authentication problems in
a 10
+ /// second period. More complex implementations are certainly possible,
such as
+ /// one that establishes a baseline of expected behavior, and then detects
+ /// deviations from that baseline.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IIntrusionDetector">
+ /// </seealso>
+ public class IntrusionDetector :
org.owasp.esapi.interfaces.IIntrusionDetector
+ {
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.IntrusionDetector'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ public IntrusionDetector()
+ {
+ }
+
+ // FIXME: ENHANCE consider allowing both per-user and per-application
quotas
+ // e.g. number of failed logins per hour is a per-application quota
+
+
+ /// <summary> This implementation uses an exception store in each User
object to track
+ /// exceptions.
+ ///
+ /// </summary>
+ /// <param name="e">the e
+ ///
+ /// </param>
+ /// <throws> IntrusionException </throws>
+ /// <summary> the intrusion exception
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IIntrusionDetector.addException(org.owasp.esapi.errors.EnterpriseSecurityException)">
+ /// </seealso>
+ public virtual void addException(System.Exception e)
+ {
+ if (e is EnterpriseSecurityException)
+ {
+ logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY,
((EnterpriseSecurityException) e).LogMessage, e);
+ }
+ else
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY,
e.Message, e);
+ }
+
+ // add the exception to the current user, which may trigger a detector
+ User user = ESAPI.authenticator().getCurrentUser();
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Class.getName' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String eventName = e.GetType().FullName;
+
+ // FIXME: AAA Rethink this - IntrusionExceptions which shouldn't get
added to the IntrusionDetector
+ if (e is IntrusionException)
+ {
+ return ;
+ }
+
+ // add the exception to the user's store, handle IntrusionException if
thrown
+ try
+ {
+ user.addSecurityEvent(eventName);
+ }
+ catch (IntrusionException ex)
+ {
+ Threshold quota = ESAPI.securityConfiguration().getQuota(eventName);
+ System.Collections.IEnumerator i = quota.actions.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String action = (System.String) i.Current;
+ System.String message = "User exceeded quota of " + quota.count + "
per " + quota.interval + " seconds for event " + eventName + ". Taking
actions " + SupportClass.CollectionToString(quota.actions);
+ takeSecurityAction(action, message);
+ }
+ }
+ }
+
+ /// <summary> Adds the event to the IntrusionDetector.
+ ///
+ /// </summary>
+ /// <param name="event">the event
+ /// </param>
+ /// <throws> IntrusionException the intrusion exception </throws>
+ public virtual void addEvent(System.String eventName)
+ {
+
logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Security
event " + eventName + " received");
+
+ // add the event to the current user, which may trigger a detector
+ User user = ESAPI.authenticator().getCurrentUser();
+ try
+ {
+ user.addSecurityEvent("event." + eventName);
+ }
+ catch (IntrusionException ex)
+ {
+ Threshold quota = ESAPI.securityConfiguration().getQuota("event." +
eventName);
+ System.Collections.IEnumerator i = quota.actions.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String action = (System.String) i.Current;
+ System.String message = "User exceeded quota of " + quota.count + "
per " + quota.interval + " seconds for event " + eventName + ". Taking
actions " + SupportClass.CollectionToString(quota.actions);
+ takeSecurityAction(action, message);
+ }
+ }
+ }
+
+
+ /*
+ * FIXME: Enhance - future actions might include SNMP traps, email,
pager, etc...
+ */
+ private void takeSecurityAction(System.String action, System.String
message)
+ {
+ if (action.Equals("log"))
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "INTRUSION
- " + message);
+ }
+ if (action.Equals("disable"))
+ {
+ ESAPI.authenticator().getCurrentUser().disable();
+ }
+ if (action.Equals("logout"))
+ {
+ ((Authenticator) ESAPI.authenticator()).logout();
+ }
+ }
+ static IntrusionDetector()
+ {
+ logger = Logger.getLogger("ESAPI", "IntrusionDetector");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Logger.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,320 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using System.Diagnostics;
+
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the ILogger interface. This
implementation uses the Java logging package, and marks each
+ /// log message with the currently logged in user and the word "SECURITY"
for security related events.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.ILogger">
+ /// </seealso>
+ public class Logger : org.owasp.esapi.interfaces.ILogger
+ {
+
+ // FIXME: ENHANCE somehow make configurable so that successes and
failures are logged according to a configuration.
+
+ /// <summary>The application name. </summary>
+ private System.String applicationName = null;
+
+ /// <summary>The module name. </summary>
+ private System.String moduleName = null;
+
+ private EventLogEntryType Level = EventLogEntryType.Error;
+
+ /// <summary> Hide the constructor.
+ ///
+ /// </summary>
+ /// <param name="applicationName">the application name
+ /// </param>
+ /// <param name="moduleName">the module name
+ /// </param>
+ /// <param name="jlogger">the jlogger
+ /// </param>
+ private Logger(System.String applicationName, System.String moduleName)
+ {
+ this.applicationName = applicationName;
+ this.moduleName = moduleName;
+ if (!EventLog.SourceExists(applicationName)) {
+ EventLog.CreateEventSource(applicationName, moduleName);
+ }
+ }
+
+ /// <summary> Formats an HTTP request into a log suitable string. This
implementation logs the remote host IP address (or
+ /// hostname if available), the request method (GET/POST), the URL, and
all the querystring and form parameters. All
+ /// the paramaters are presented as though they were in the URL even if
they were in a form. Any parameters that
+ /// match items in the parameterNamesToObfuscate are shown as eight
asterisks.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.ILogger.formatHttpRequestForLog(javax.servlet.http.HttpServletRequest)">
+ /// </seealso>
+ public virtual void logHTTPRequest(System.String type,
System.Web.HttpRequest request, System.Collections.IList
parameterNamesToObfuscate)
+ {
+ System.Text.StringBuilder params_Renamed = new
System.Text.StringBuilder();
+ //UPGRADE_TODO: Method 'java.util.Map.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'"
+ //UPGRADE_ISSUE: Method 'javax.servlet.ServletRequest.getParameterMap'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'"
+ System.Collections.IEnumerator i = new
SupportClass.HashSetSupport(request.getParameterMap().Keys).GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String key = (System.String) i.Current;
+ //UPGRADE_ISSUE: Method 'javax.servlet.ServletRequest.getParameterMap'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'"
+ System.String[] value_Renamed = (System.String[])
request.getParameterMap()[key];
+ for (int j = 0; j < value_Renamed.Length; j++)
+ {
+ params_Renamed.Append(key + "=");
+ if (parameterNamesToObfuscate.Contains(key))
+ {
+ params_Renamed.Append("********");
+ }
+ else
+ {
+ params_Renamed.Append(value_Renamed[j]);
+ }
+ if (j < value_Renamed.Length - 1)
+ {
+ params_Renamed.Append("&");
+ }
+ }
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ if (i.MoveNext())
+ params_Renamed.Append("&");
+ }
+ System.String msg = request.HttpMethod + " " +
SupportClass.GetRequestURL(request) + (params_Renamed.Length > 0?"?" +
params_Renamed:"");
+ logSuccess(type, msg);
+ }
+
+ /// <summary> Gets the logger.
+ ///
+ /// </summary>
+ /// <param name="applicationName">the application name
+ /// </param>
+ /// <param name="moduleName">the module name
+ /// </param>
+ /// <returns> the logger
+ /// </returns>
+ public static Logger getLogger(System.String applicationName,
System.String moduleName)
+ {
+ return new Logger(applicationName, moduleName);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logTrace(short,
java.lang.String, java.lang.String, java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logTrace(System.String type, System.String message,
System.Exception throwable)
+ {
+ log(EventLogEntryType.Warning, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logTrace(java.lang.String,
java.lang.String)
+ */
+ public virtual void logTrace(System.String type, System.String message)
+ {
+ log(EventLogEntryType.Warning, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logDebug(short,
java.lang.String, java.lang.String, java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logDebug(System.String type, System.String message,
System.Exception throwable)
+ {
+ log(EventLogEntryType.Information, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logDebug(java.lang.String,
java.lang.String)
+ */
+ public virtual void logDebug(System.String type, System.String message)
+ {
+ log(EventLogEntryType.Information, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logError(short,
java.lang.String, java.lang.String, java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logError(System.String type, System.String message,
System.Exception throwable)
+ {
+ log(EventLogEntryType.Error, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logError(java.lang.String,
java.lang.String)
+ */
+ public virtual void logError(System.String type, System.String message)
+ {
+ log(EventLogEntryType.Error, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logSuccess(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ public virtual void logSuccess(System.String type, System.String
message)
+ {
+ log(EventLogEntryType.SuccessAudit, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logSuccess(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logSuccess(System.String type, System.String
message, System.Exception throwable)
+ {
+ log(EventLogEntryType.SuccessAudit, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logWarning(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logWarning(System.String type, System.String
message, System.Exception throwable)
+ {
+ log(EventLogEntryType.Warning, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logWarning(java.lang.String,
java.lang.String)
+ */
+ public virtual void logWarning(System.String type, System.String
message)
+ {
+ log(EventLogEntryType.Warning, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logCritical(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logCritical(System.String type, System.String
message, System.Exception throwable)
+ {
+ log(EventLogEntryType.Error, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logCritical(java.lang.String,
java.lang.String)
+ */
+ public virtual void logCritical(System.String type, System.String
message)
+ {
+ log(EventLogEntryType.Error, type, message, null);
+ }
+
+ /// <summary> Log the message after optionally encoding any special
characters that might inject into an HTML based log viewer.
+ ///
+ /// </summary>
+ /// <param name="message">the message
+ /// </param>
+ /// <param name="level">the level
+ /// </param>
+ /// <param name="type">the type
+ /// </param>
+ /// <param name="throwable">the throwable
+ /// </param>
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ private void log(EventLogEntryType level, System.String type,
System.String message, System.Exception throwable)
+ {
+ User user = ESAPI.authenticator().getCurrentUser();
+
+ System.String clean = message;
+ if (((SecurityConfiguration)
ESAPI.securityConfiguration()).LogEncodingRequired)
+ {
+ clean = ESAPI.encoder().encodeForHTML(message);
+ if (!message.Equals(clean))
+ {
+ clean += " (Encoded)";
+ }
+ }
+ if (throwable != null)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Class.getName' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String fqn = throwable.GetType().FullName;
+ int index = fqn.LastIndexOf('.');
+ if (index > 0)
+ fqn = fqn.Substring(index + 1);
+ StackTraceElement ste = throwable.getStackTrace()[0];
+ clean += ("\n " + fqn + " @ " + ste.getClassName() + "." +
ste.getMethodName() + "(" + ste.getFileName() + ":" + ste.getLineNumber()
+ ")");
+ }
+ System.String msg = "";
+ if (user != null)
+ {
+ msg = type + ": " + user.AccountName + "/" + user.getLastHostAddress()
+ " -- " + clean;
+ }
+
+ // FIXME: AAA need to configure Java logger not to show throwables
+ // jlogger.logp(level, applicationName, moduleName, msg, throwable);
+ EventLog.WriteEntry(applicationName, msg, level);
+ }
+
+ /// <summary> This special method doesn't include the current user's
identity, and is only used during system initialization to
+ /// prevent loops with the Authenticator.
+ ///
+ /// </summary>
+ /// <param name="level">
+ /// </param>
+ /// <param name="message">
+ /// </param>
+ /// <param name="throwable">
+ /// </param>
+ // FIXME: this needs to go - note potential log injection problem
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logSpecial(System.String message, System.Exception
throwable)
+ {
+ // String clean = ESAPI.encoder().encodeForHTML(message);
+ // if (!message.equals(clean)) {
+ // clean += "(Encoded)";
+ // }
+ System.String msg = "SECURITY" + ": " + "esapi" + "/" + "none" + " -- "
+ message;
+ EventLog.WriteEntry(applicationName, msg, level);
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/PKCSKeyGenerator.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,78 @@
+//*************************************************************************
+//
+// PKCSKeyGenerator.cs
+// Derive key material using PKCS #1 v1.5 algorithm with MD5 hash
+//
+// Portions Copyright (C) 2005. Michel I. Gallant
+// Portions copyright 2006 Richard Smith
+// Adapted from
http://www.jensign.com/JavaScience/dotnet/DeriveKeyM/index.html
+//
+//*************************************************************************
+//
+// DeriveKeyM.cs
+//
+// Derive a key from a pswd and Salt using MD5 and PKCS #5 v1.5 approach
+// see also: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
+// see also:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBE
+//
+//**************************************************************************
+
+using System;
+using System.IO;
+using System.Text;
+using System.Security.Cryptography;
+
+namespace RedCorona.Cryptography {
+ public class PKCSKeyGenerator {
+ byte[] key = new byte[8], iv = new byte[8];
+ DESCryptoServiceProvider des = new DESCryptoServiceProvider();
+
+ public byte[] Key { get { return key; } }
+ public byte[] IV { get { return IV; } }
+ public ICryptoTransform Encryptor { get { return
des.CreateEncryptor(key, iv); } }
+
+ public PKCSKeyGenerator(){}
+ public PKCSKeyGenerator(String keystring, byte[] salt, int
md5iterations, int segments){
+ Generate(keystring, salt, md5iterations, segments);
+ }
+
+ public ICryptoTransform Generate(String keystring, byte[] salt, int
md5iterations, int segments){
+ int HASHLENGTH = 16; //MD5 bytes
+ byte[] keymaterial = new byte[HASHLENGTH*segments] ; //to store
contatenated Mi hashed results
+
+ // --- get secret password bytes ----
+ byte[] psbytes;
+ psbytes = Encoding.UTF8.GetBytes(keystring);
+
+ // --- contatenate salt and pswd bytes into fixed data array ---
+ byte[] data00 = new byte[psbytes.Length + salt.Length] ;
+ Array.Copy(psbytes, data00, psbytes.Length); //copy the pswd bytes
+ Array.Copy(salt, 0, data00, psbytes.Length, salt.Length) ;
//concatenate the salt bytes
+
+ // ---- do multi-hashing and contatenate results D1, D2 ... into
keymaterial bytes ----
+ MD5 md5 = new MD5CryptoServiceProvider();
+ byte[] result = null;
+ byte[] hashtarget = new byte[HASHLENGTH + data00.Length]; //fixed
length initial hashtarget
+
+ for(int j=0; j<segments; j++) {
+ // ---- Now hash consecutively for md5iterations times ------
+ if(j == 0) result = data00; //initialize
+ else {
+ Array.Copy(result, hashtarget, result.Length);
+ Array.Copy(data00, 0, hashtarget, result.Length, data00.Length) ;
+ result = hashtarget;
+ }
+
+ for(int i=0; i<md5iterations; i++)
+ result = md5.ComputeHash(result);
+
+ Array.Copy(result, 0, keymaterial, j*HASHLENGTH, result.Length);
//contatenate to keymaterial
+ }
+
+ Array.Copy(keymaterial, 0, key, 0, 8);
+ Array.Copy(keymaterial, 8, iv, 0, 8);
+
+ return Encryptor;
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Randomizer.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,240 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implemenation of the IRandomizer interface. This
implementation builds on the JCE provider to provide a
+ /// cryptographically strong source of entropy. The specific algorithm
used is configurable in ESAPI.properties.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams
+ /// </author>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IRandomizer">
+ /// </seealso>
+ public class Randomizer : org.owasp.esapi.interfaces.IRandomizer
+ {
+ virtual public bool RandomBoolean
+ {
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IRandomizer#getRandomBoolean()
+ */
+
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.util.Random.nextBoolean' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilRandomnextBoolean'"
+ return secureRandom.nextBoolean();
+ }
+
+ }
+ virtual public System.String RandomGUID
+ {
+ get
+ {
+ // create random string to seed the GUID
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ try
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.net.InetAddress.getLocalHost' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+
sb.Append(System.Net.Dns.GetHostByName(System.Net.Dns.GetHostName()).AddressList[0].ToString());
+ }
+ catch (System.Exception e)
+ {
+ sb.Append("0.0.0.0");
+ }
+ sb.Append(":");
+ sb.Append(System.Convert.ToString((System.DateTime.Now.Ticks -
621355968000000000) / 10000));
+ sb.Append(":");
+ sb.Append(this.getRandomString(20, Encoder.CHAR_ALPHANUMERICS));
+
+ // hash the random string to get some random bytes
+ System.String hash = ESAPI.encryptor().hash(sb.ToString(), "salt");
+ sbyte[] array = null;
+ try
+ {
+ array = ESAPI.encoder().decodeFromBase64(hash);
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
decoding hash while creating GUID: " + hash);
+ }
+
+ // convert to printable hexadecimal characters
+ System.Text.StringBuilder hex = new System.Text.StringBuilder();
+ for (int j = 0; j < array.Length; ++j)
+ {
+ int b = array[j] & 0xFF;
+ if (b < 0x10)
+ hex.Append('0');
+ hex.Append(System.Convert.ToString(b, 16));
+ }
+ System.String raw = hex.ToString().ToUpper();
+
+ // convert to standard GUID format
+ System.Text.StringBuilder result = new System.Text.StringBuilder();
+ result.Append(raw.Substring(0, (8) - (0)));
+ result.Append("-");
+ result.Append(raw.Substring(8, (12) - (8)));
+ result.Append("-");
+ result.Append(raw.Substring(12, (16) - (12)));
+ result.Append("-");
+ result.Append(raw.Substring(16, (20) - (16)));
+ result.Append("-");
+ result.Append(raw.Substring(20));
+ return result.ToString();
+ }
+
+ }
+
+ /// <summary>The sr. </summary>
+ private SupportClass.SecureRandomSupport secureRandom = null;
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Randomizer'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary> Hide the constructor for the Singleton pattern.</summary>
+ public Randomizer()
+ {
+ System.String algorithm = ESAPI.securityConfiguration().RandomAlgorithm;
+ try
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.security.SecureRandom.getInstance' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ secureRandom = new SupportClass.SecureRandomSupport();
+ }
+ catch (System.Exception e)
+ {
+ // Can't throw an exception from the constructor, but this will get
+ // it logged and tracked
+ new EncryptionException("Error creating randomizer", "Can't find
random algorithm " + algorithm, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IRandomizer#getRandomString(int,
char[])
+ */
+ public virtual System.String getRandomString(int length, char[]
characterSet)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ for (int loop = 0; loop < length; loop++)
+ {
+ int index = secureRandom.Next(characterSet.Length);
+ sb.Append(characterSet[index]);
+ }
+ System.String nonce = sb.ToString();
+ return nonce;
+ }
+
+
+ /// <summary> FIXME: ENHANCE document whether this is inclusive or not
+ /// (non-Javadoc)
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IRandomizer.getRandomInteger(int, int)">
+ /// </seealso>
+ public virtual int getRandomInteger(int min, int max)
+ {
+ return secureRandom.Next(max - min) + min;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IRandomizer#getRandomReal(float, float)
+ */
+ public virtual float getRandomReal(float min, float max)
+ {
+ float factor = max - min;
+ return (float) secureRandom.NextDouble() * factor + min;
+ }
+
+ /// <summary> Returns an unguessable random filename with the specified
extension.</summary>
+ public virtual System.String getRandomFilename(System.String extension)
+ {
+ return this.getRandomString(12, Encoder.CHAR_ALPHANUMERICS) + "." +
extension;
+ }
+
+ /// <summary> Union two character arrays.
+ ///
+ /// </summary>
+ /// <param name="c1">the c1
+ /// </param>
+ /// <param name="c2">the c2
+ /// </param>
+ /// <returns> the char[]
+ /// </returns>
+ public static char[] union(char[] c1, char[] c2)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ for (int i = 0; i < c1.Length; i++)
+ {
+ if (!contains(sb, c1[i]))
+ sb.Append(c1[i]);
+ }
+ for (int i = 0; i < c2.Length; i++)
+ {
+ if (!contains(sb, c2[i]))
+ sb.Append(c2[i]);
+ }
+ char[] c3 = new char[sb.Length];
+ int i2;
+ int j;
+ i2 = 0;
+ j = 0;
+ while (i2 < sb.Length)
+ {
+ c3[j] = sb[i2];
+ i2++;
+ j++;
+ }
+ System.Array.Sort(c3);
+ return c3;
+ }
+
+ /// <summary> Contains.
+ ///
+ /// </summary>
+ /// <param name="sb">the sb
+ /// </param>
+ /// <param name="c">the c
+ /// </param>
+ /// <returns> true, if successful
+ /// </returns>
+ public static bool contains(System.Text.StringBuilder sb, char c)
+ {
+ for (int i = 0; i < sb.Length; i++)
+ {
+ if (sb[i] == c)
+ return true;
+ }
+ return false;
+ }
+ static Randomizer()
+ {
+ logger = Logger.getLogger("ESAPI", "Randomizer");
+ }
+ }
+}
=======================================
***Additional files exist in this changeset.***
Author: juan.c...@owasp.org
Date: Tue Jun 14 21:31:31 2011
Log: [No log message]
http://code.google.com/p/owasp-java-waf/source/detail?r=5
Added:
/branches/2.0
/branches/2.0/2.0
/branches/2.0/AssemblyInfo.cs
/branches/2.0/Global.asax
/branches/2.0/Global.asax.cs
/branches/2.0/Global.asax.resx
/branches/2.0/SupportClass.cs
/branches/2.0/UpgradeLog.XML
/branches/2.0/Web.config
/branches/2.0/_ConversionReport.htm
/branches/2.0/_ConversionReport_Files
/branches/2.0/_ConversionReport_Files/ConversionReport.css
/branches/2.0/_ConversionReport_Files/ConversionReport_Blank.gif
/branches/2.0/_ConversionReport_Files/ConversionReport_Minus.gif
/branches/2.0/_ConversionReport_Files/ConversionReport_Plus.gif
/branches/2.0/_UpgradeReport_Files
/branches/2.0/_UpgradeReport_Files/UpgradeReport.css
/branches/2.0/_UpgradeReport_Files/UpgradeReport.xslt
/branches/2.0/_UpgradeReport_Files/UpgradeReport_Minus.gif
/branches/2.0/_UpgradeReport_Files/UpgradeReport_Plus.gif
/branches/2.0/bin
/branches/2.0/build.xml
/branches/2.0/obj
/branches/2.0/obj/Debug
/branches/2.0/obj/Debug/TempPE
/branches/2.0/obj/Debug/owasp-esapi-ASP-11.csproj.GenerateResource.Cache
/branches/2.0/obj/Debug/owasp_esapi_ASP_11.Global.resources
/branches/2.0/obj/owasp-esapi-ASP-11.csproj.FileListAbsolute.txt
/branches/2.0/owasp-esapi-ASP-1.1.xml
/branches/2.0/owasp-esapi-ASP-11.csproj
/branches/2.0/owasp-esapi-ASP-11.csproj.user
/branches/2.0/owasp-esapi-ASP-11.sln
/branches/2.0/owasp-esapi-ASP-11.suo
/branches/2.0/src
/branches/2.0/src/org
/branches/2.0/src/org/owasp
/branches/2.0/src/org/owasp/esapi
/branches/2.0/src/org/owasp/esapi/AccessController.cs
/branches/2.0/src/org/owasp/esapi/AccessReferenceMap.cs
/branches/2.0/src/org/owasp/esapi/Authenticator.cs
/branches/2.0/src/org/owasp/esapi/ESAPI.cs
/branches/2.0/src/org/owasp/esapi/Encoder.cs
/branches/2.0/src/org/owasp/esapi/EncryptedProperties.cs
/branches/2.0/src/org/owasp/esapi/Encryptor.cs
/branches/2.0/src/org/owasp/esapi/Executor.cs
/branches/2.0/src/org/owasp/esapi/HTTPUtilities.cs
/branches/2.0/src/org/owasp/esapi/IntrusionDetector.cs
/branches/2.0/src/org/owasp/esapi/Logger.cs
/branches/2.0/src/org/owasp/esapi/PKCSKeyGenerator.cs
/branches/2.0/src/org/owasp/esapi/Randomizer.cs
/branches/2.0/src/org/owasp/esapi/SecurityConfiguration.cs
/branches/2.0/src/org/owasp/esapi/Threshold.cs
/branches/2.0/src/org/owasp/esapi/User.cs
/branches/2.0/src/org/owasp/esapi/Validator.cs
/branches/2.0/src/org/owasp/esapi/doc-files
/branches/2.0/src/org/owasp/esapi/doc-files/Architecture.jpg
/branches/2.0/src/org/owasp/esapi/doc-files/OWASPTopTen.jpg
/branches/2.0/src/org/owasp/esapi/errors
/branches/2.0/src/org/owasp/esapi/errors/AccessControlException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationAccountsException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationCredentialsException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationHostException.cs
/branches/2.0/src/org/owasp/esapi/errors/AuthenticationLoginException.cs
/branches/2.0/src/org/owasp/esapi/errors/AvailabilityException.cs
/branches/2.0/src/org/owasp/esapi/errors/CertificateException.cs
/branches/2.0/src/org/owasp/esapi/errors/EncodingException.cs
/branches/2.0/src/org/owasp/esapi/errors/EncryptionException.cs
/branches/2.0/src/org/owasp/esapi/errors/EnterpriseSecurityException.cs
/branches/2.0/src/org/owasp/esapi/errors/ExecutorException.cs
/branches/2.0/src/org/owasp/esapi/errors/IntegrityException.cs
/branches/2.0/src/org/owasp/esapi/errors/IntrusionException.cs
/branches/2.0/src/org/owasp/esapi/errors/ValidationAvailabilityException.cs
/branches/2.0/src/org/owasp/esapi/errors/ValidationException.cs
/branches/2.0/src/org/owasp/esapi/errors/ValidationUploadException.cs
/branches/2.0/src/org/owasp/esapi/errors/package.html
/branches/2.0/src/org/owasp/esapi/filters
/branches/2.0/src/org/owasp/esapi/filters/ESAPIFilter.cs
/branches/2.0/src/org/owasp/esapi/interfaces
/branches/2.0/src/org/owasp/esapi/interfaces/IAccessController.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IAccessReferenceMap.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IAuthenticator.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IEncoder.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IEncryptedProperties.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IEncryptor.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IExecutor.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IHTTPUtilities.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IIntrusionDetector.cs
/branches/2.0/src/org/owasp/esapi/interfaces/ILogger.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IRandomizer.cs
/branches/2.0/src/org/owasp/esapi/interfaces/ISecurityConfiguration.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IUser.cs
/branches/2.0/src/org/owasp/esapi/interfaces/IValidator.cs
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/AccessController.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/AccessReferenceMap.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/Authenticator.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/HTTPUtilities.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/IntrusionDetector.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/doc-files/Validator.jpg
/branches/2.0/src/org/owasp/esapi/interfaces/package.html
/branches/2.0/src/org/owasp/esapi/package.html
/branches/2.0/test
/branches/2.0/test/org
/branches/2.0/test/org/owasp
/branches/2.0/test/org/owasp/esapi
/branches/2.0/test/org/owasp/esapi/AccessControllerTest.cs
/branches/2.0/test/org/owasp/esapi/AccessReferenceMapTest.cs
/branches/2.0/test/org/owasp/esapi/AllTests.cs
/branches/2.0/test/org/owasp/esapi/AuthenticatorTest.cs
/branches/2.0/test/org/owasp/esapi/EncoderTest.cs
/branches/2.0/test/org/owasp/esapi/EncryptedPropertiesTest.cs
/branches/2.0/test/org/owasp/esapi/EncryptorTest.cs
/branches/2.0/test/org/owasp/esapi/ExecutorTest.cs
/branches/2.0/test/org/owasp/esapi/HTTPUtilitiesTest.cs
/branches/2.0/test/org/owasp/esapi/IntrusionDetectorTest.cs
/branches/2.0/test/org/owasp/esapi/LoggerTest.cs
/branches/2.0/test/org/owasp/esapi/RandomizerTest.cs
/branches/2.0/test/org/owasp/esapi/UserTest.cs
/branches/2.0/test/org/owasp/esapi/ValidatorTest.cs
/branches/2.0/test/org/owasp/esapi/errors
/branches/2.0/test/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.cs
/branches/2.0/test/org/owasp/esapi/http
/branches/2.0/test/org/owasp/esapi/http/TestHttpServletRequest.cs
/branches/2.0/test/org/owasp/esapi/http/TestHttpServletResponse.cs
/branches/2.0/test/org/owasp/esapi/http/TestHttpSession.cs
/branches/2.0/test/org/owasp/esapi/http/TestServletInputStream.cs
/branches/2.0/test/org/owasp/esapi/http/package.html
/branches/2.0/test/testresources
/branches/2.0/test/testresources/DataAccessRules.txt
/branches/2.0/test/testresources/ESAPI.resources
/branches/2.0/test/testresources/FileAccessRules.txt
/branches/2.0/test/testresources/FunctionAccessRules.txt
/branches/2.0/test/testresources/ServiceAccessRules.txt
/branches/2.0/test/testresources/URLAccessRules.txt
/branches/2.0/test/testresources/antisamy.xml
/branches/2.0/test/testresources/keystore
/branches/2.0/test/testresources/multipart.txt
/branches/2.0/test/testresources/users.txt
=======================================
--- /dev/null
+++ /branches/2.0/AssemblyInfo.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,62 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+
+// General Information about an assembly is controlled through the
following
+// set of attributes. Change these attribute values to modify the
information
+// associated with an assembly.
+
+// TODO: Review the values of the assembly attributes
+
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+
+// Version information for an assembly consists of the following four
values:
+//
+// Major Version
+// Minor Version
+// Revision
+// Build Number
+//
+// You can specify all the values or you can default the Revision and
Build Numbers
+// by using the '*' as shown below:
+
+[assembly: AssemblyVersion("1.0.*")]
+
+//
+// In order to sign your assembly you must specify a key to use. Refer to
the
+// Microsoft .NET Framework documentation for more information on assembly
signing.
+//
+// Use the attributes below to control which key is used for signing.
+//
+// Notes:
+// (*) If no key is specified, the assembly is not signed.
+// (*) KeyName refers to a key that has been installed in the Crypto
Service
+// Provider (CSP) on your machine. KeyFile refers to a file which
contains
+// a key.
+// (*) If the KeyFile and the KeyName values are both specified, the
+// following processing occurs:
+// (1) If the KeyName can be found in the CSP, that key is used.
+// (2) If the KeyName does not exist and the KeyFile does exist, the
key
+// in the KeyFile is installed into the CSP and used.
+// (*) In order to create a KeyFile, you can use the sn.exe (Strong
Name) utility.
+// When specifying the KeyFile, the location of the KeyFile should be
+// relative to the project output directory which is
+// %Project Directory%\obj\<configuration>. For example, if your
KeyFile is
+// located in the project directory, you would specify the
AssemblyKeyFile
+// attribute as [assembly: AssemblyKeyFile("..\..\mykey.snk")]
+// (*) Delay Signing is an advanced option - see the Microsoft .NET
Framework
+// documentation for more information on this.
+//
+
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyDelaySign(false)]
+[assembly: AssemblyKeyFile("")]
+[assembly: AssemblyKeyName("")]
+
+
=======================================
--- /dev/null
+++ /branches/2.0/Global.asax Tue Jun 14 21:31:31 2011
@@ -0,0 +1,1 @@
+<%@ Application Codebehind="Global.asax.cs"
Inherits="owasp_esapi_ASP_11.Global" %>
=======================================
--- /dev/null
+++ /branches/2.0/Global.asax.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,80 @@
+using System;
+using System.Collections;
+using System.ComponentModel;
+using System.Web;
+using System.Web.SessionState;
+
+namespace owasp_esapi_ASP_11
+{
+ /// <summary>
+ /// Summary description for Global.
+ /// </summary>
+ public class Global : System.Web.HttpApplication
+ {
+ /// <summary>
+ /// Required designer variable.
+ /// </summary>
+ private System.ComponentModel.IContainer components = null;
+
+ public Global()
+ {
+ InitializeComponent();
+ }
+
+ protected void Application_Start(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ protected void Session_Start(Object sender, EventArgs e)
+ {
+
+ }
+
+ protected void Application_BeginRequest(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ protected void Application_EndRequest(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ protected void Application_AuthenticateRequest(Object sender, EventArgs
e)
+ {
+
+ }
+
+ protected void Application_Error(Object sender, EventArgs e)
+ {
+
+ }
+
+ protected void Session_End(Object sender, EventArgs e)
+ {
+
+ }
+
+ protected void Application_End(Object sender, EventArgs e)
+ {
+
+
+ }
+
+ #region Web Form Designer generated code
+ /// <summary>
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ /// </summary>
+ private void InitializeComponent()
+ {
+ this.components = new System.ComponentModel.Container();
+ }
+ #endregion
+ }
+}
+
=======================================
--- /dev/null
+++ /branches/2.0/Global.asax.resx Tue Jun 14 21:31:31 2011
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<root>
+ <xsd:schema id="root" xmlns=""
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+ <xsd:element name="root" msdata:IsDataSet="true">
+ <xsd:complexType>
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:element name="data">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" type="xsd:string" minOccurs="0"
msdata:Ordinal="1" />
+ <xsd:element name="comment" type="xsd:string" minOccurs="0"
msdata:Ordinal="2" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" />
+ <xsd:attribute name="type" type="xsd:string" />
+ <xsd:attribute name="mimetype" type="xsd:string" />
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="resheader">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" type="xsd:string" minOccurs="0"
msdata:Ordinal="1" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" use="required" />
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ <resheader name="ResMimeType">
+ <value>text/microsoft-resx</value>
+ </resheader>
+ <resheader name="Version">
+ <value>1.0.0.0</value>
+ </resheader>
+ <resheader name="Reader">
+ <value>System.Resources.ResXResourceReader, System.Windows.Forms,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+ </resheader>
+ <resheader name="Writer">
+ <value>System.Resources.ResXResourceWriter, System.Windows.Forms,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+ </resheader>
+</root>
+
=======================================
--- /dev/null
+++ /branches/2.0/SupportClass.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,3177 @@
+//
+// In order to convert some functionality to Visual C#, the Java Language
Conversion Assistant
+// creates "support classes" that duplicate the original functionality.
+//
+// Support classes replicate the functionality of the original code, but
in some cases they are
+// substantially different architecturally. Although every effort is made
to preserve the
+// original architecture of the application in the converted project, the
user should be aware that
+// the primary goal of these support classes is to replicate
functionality, and that at times
+// the architecture of the resulting solution may differ somewhat.
+//
+
+using System;
+
+ /// <summary>
+ /// This interface should be implemented by any class whose instances are
intended
+ /// to be executed by a thread.
+ /// </summary>
+ public interface IThreadRunnable
+ {
+ /// <summary>
+ /// This method has to be implemented in order that starting of the
thread causes the object's
+ /// run method to be called in that separately executing thread.
+ /// </summary>
+ void Run();
+ }
+
+/// <summary>
+/// Contains conversion support elements such as classes, interfaces and
static methods.
+/// </summary>
+public class SupportClass
+{
+ /// <summary>
+ /// Represents a collection ob objects that contains no duplicate
elements.
+ /// </summary>
+ public interface SetSupport : System.Collections.ICollection,
System.Collections.IList
+ {
+ /// <summary>
+ /// Adds a new element to the Collection if it is not already present.
+ /// </summary>
+ /// <param name="obj">The object to add to the collection.</param>
+ /// <returns>Returns true if the object was added to the collection,
otherwise false.</returns>
+ new bool Add(System.Object obj);
+
+ /// <summary>
+ /// Adds all the elements of the specified collection to the Set.
+ /// </summary>
+ /// <param name="c">Collection of objects to add.</param>
+ /// <returns>true</returns>
+ bool AddAll(System.Collections.ICollection c);
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// Converts the specified collection to its string representation.
+ /// </summary>
+ /// <param name="c">The collection to convert to string.</param>
+ /// <returns>A string representation of the specified
collection.</returns>
+ public static System.String
CollectionToString(System.Collections.ICollection c)
+ {
+ System.Text.StringBuilder s = new System.Text.StringBuilder();
+
+ if (c != null)
+ {
+
+ System.Collections.ArrayList l = new System.Collections.ArrayList(c);
+
+ bool isDictionary = (c is System.Collections.BitArray || c is
System.Collections.Hashtable || c is System.Collections.IDictionary || c is
System.Collections.Specialized.NameValueCollection || (l.Count > 0 && l[0]
is System.Collections.DictionaryEntry));
+ for (int index = 0; index < l.Count; index++)
+ {
+ if (l[index] == null)
+ s.Append("null");
+ else if (!isDictionary)
+ s.Append(l[index]);
+ else
+ {
+ isDictionary = true;
+ if (c is System.Collections.Specialized.NameValueCollection)
+
s.Append(((System.Collections.Specialized.NameValueCollection)c).GetKey
(index));
+ else
+ s.Append(((System.Collections.DictionaryEntry) l[index]).Key);
+ s.Append("=");
+ if (c is System.Collections.Specialized.NameValueCollection)
+
s.Append(((System.Collections.Specialized.NameValueCollection)c).GetValues(index)[0]);
+ else
+ s.Append(((System.Collections.DictionaryEntry) l[index]).Value);
+
+ }
+ if (index < l.Count - 1)
+ s.Append(", ");
+ }
+
+ if(isDictionary)
+ {
+ if(c is System.Collections.ArrayList)
+ isDictionary = false;
+ }
+ if (isDictionary)
+ {
+ s.Insert(0, "{");
+ s.Append("}");
+ }
+ else
+ {
+ s.Insert(0, "[");
+ s.Append("]");
+ }
+ }
+ else
+ s.Insert(0, "null");
+ return s.ToString();
+ }
+
+ /// <summary>
+ /// Tests if the specified object is a collection and converts it to its
string representation.
+ /// </summary>
+ /// <param name="obj">The object to convert to string</param>
+ /// <returns>A string representation of the specified object.</returns>
+ public static System.String CollectionToString(System.Object obj)
+ {
+ System.String result = "";
+
+ if (obj != null)
+ {
+ if (obj is System.Collections.ICollection)
+ result = CollectionToString((System.Collections.ICollection)obj);
+ else
+ result = obj.ToString();
+ }
+ else
+ result = "null";
+
+ return result;
+ }
+ /*******************************/
+ /// <summary>
+ /// SupportClass for the HashSet class.
+ /// </summary>
+ [Serializable]
+ public class HashSetSupport : System.Collections.ArrayList, SetSupport
+ {
+ public HashSetSupport() : base()
+ {
+ }
+
+ public HashSetSupport(System.Collections.ICollection c)
+ {
+ this.AddAll(c);
+ }
+
+ public HashSetSupport(int capacity) : base(capacity)
+ {
+ }
+
+ /// <summary>
+ /// Adds a new element to the ArrayList if it is not already present.
+ /// </summary>
+ /// <param name="obj">Element to insert to the ArrayList.</param>
+ /// <returns>Returns true if the new element was inserted, false
otherwise.</returns>
+ new public virtual bool Add(System.Object obj)
+ {
+ bool inserted;
+
+ if ((inserted = this.Contains(obj)) == false)
+ {
+ base.Add(obj);
+ }
+
+ return !inserted;
+ }
+
+ /// <summary>
+ /// Adds all the elements of the specified collection that are not
present to the list.
+ /// </summary>
+ /// <param name="c">Collection where the new elements will be
added</param>
+ /// <returns>Returns true if at least one element was added, false
otherwise.</returns>
+ public bool AddAll(System.Collections.ICollection c)
+ {
+ System.Collections.IEnumerator e = new
System.Collections.ArrayList(c).GetEnumerator();
+ bool added = false;
+
+ while (e.MoveNext() == true)
+ {
+ if (this.Add(e.Current) == true)
+ added = true;
+ }
+
+ return added;
+ }
+
+ /// <summary>
+ /// Returns a copy of the HashSet instance.
+ /// </summary>
+ /// <returns>Returns a shallow copy of the current HashSet.</returns>
+ public override System.Object Clone()
+ {
+ return base.MemberwiseClone();
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// SupportClass for the SortedSet interface.
+ /// </summary>
+ public interface SortedSetSupport : SetSupport
+ {
+ /// <summary>
+ /// Returns a portion of the list whose elements are less than the limit
object parameter.
+ /// </summary>
+ /// <param name="l">The list where the portion will be extracted.</param>
+ /// <param name="limit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are less than
the limit object parameter.</returns>
+ SortedSetSupport HeadSet(System.Object limit);
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater that the
lowerLimit parameter less than the upperLimit parameter.
+ /// </summary>
+ /// <param name="l">The list where the portion will be extracted.</param>
+ /// <param name="limit">The start element of the portion to
extract.</param>
+ /// <param name="limit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection.</returns>
+ SortedSetSupport SubSet(System.Object lowerLimit, System.Object
upperLimit);
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater than the
limit object parameter.
+ /// </summary>
+ /// <param name="l">The list where the portion will be extracted.</param>
+ /// <param name="limit">The start element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are greater
than the limit object parameter.</returns>
+ SortedSetSupport TailSet(System.Object limit);
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// SupportClass for the TreeSet class.
+ /// </summary>
+ [Serializable]
+ public class TreeSetSupport : System.Collections.ArrayList, SetSupport,
SortedSetSupport
+ {
+ private System.Collections.IComparer comparator =
System.Collections.Comparer.Default;
+
+ public TreeSetSupport() : base()
+ {
+ }
+
+ public TreeSetSupport(System.Collections.ICollection c) : base()
+ {
+ this.AddAll(c);
+ }
+
+ public TreeSetSupport(System.Collections.IComparer c) : base()
+ {
+ this.comparator = c;
+ }
+
+ /// <summary>
+ /// Gets the IComparator object used to sort this set.
+ /// </summary>
+ public System.Collections.IComparer Comparator
+ {
+ get
+ {
+ return this.comparator;
+ }
+ }
+
+ /// <summary>
+ /// Adds a new element to the ArrayList if it is not already present and
sorts the ArrayList.
+ /// </summary>
+ /// <param name="obj">Element to insert to the ArrayList.</param>
+ /// <returns>TRUE if the new element was inserted, FALSE
otherwise.</returns>
+ new public bool Add(System.Object obj)
+ {
+ bool inserted;
+ if ((inserted = this.Contains(obj)) == false)
+ {
+ base.Add(obj);
+ this.Sort(this.comparator);
+ }
+ return !inserted;
+ }
+
+ /// <summary>
+ /// Adds all the elements of the specified collection that are not
present to the list.
+ /// </summary>
+ /// <param name="c">Collection where the new elements will be
added</param>
+ /// <returns>Returns true if at least one element was added to the
collection.</returns>
+ public bool AddAll(System.Collections.ICollection c)
+ {
+ System.Collections.IEnumerator e = new
System.Collections.ArrayList(c).GetEnumerator();
+ bool added = false;
+ while (e.MoveNext() == true)
+ {
+ if (this.Add(e.Current) == true)
+ added = true;
+ }
+ this.Sort(this.comparator);
+ return added;
+ }
+
+ /// <summary>
+ /// Determines whether an element is in the the current TreeSetSupport
collection. The IComparer defined for
+ /// the current set will be used to make comparisons between the
elements already inserted in the collection and
+ /// the item specified.
+ /// </summary>
+ /// <param name="item">The object to be locatet in the current
collection.</param>
+ /// <returns>true if item is found in the collection; otherwise,
false.</returns>
+ public override bool Contains(System.Object item)
+ {
+ System.Collections.IEnumerator tempEnumerator = this.GetEnumerator();
+ while (tempEnumerator.MoveNext())
+ if (this.comparator.Compare(tempEnumerator.Current, item) == 0)
+ return true;
+ return false;
+ }
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are less than the limit
object parameter.
+ /// </summary>
+ /// <param name="limit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are less than
the limit object parameter.</returns>
+ public SortedSetSupport HeadSet(System.Object limit)
+ {
+ SortedSetSupport newList = new TreeSetSupport();
+ for (int i = 0; i < this.Count; i++)
+ {
+ if (this.comparator.Compare(this[i], limit) >= 0)
+ break;
+ newList.Add(this[i]);
+ }
+ return newList;
+ }
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater that the
lowerLimit parameter less than the upperLimit parameter.
+ /// </summary>
+ /// <param name="lowerLimit">The start element of the portion to
extract.</param>
+ /// <param name="upperLimit">The end element of the portion to
extract.</param>
+ /// <returns>The portion of the collection.</returns>
+ public SortedSetSupport SubSet(System.Object lowerLimit, System.Object
upperLimit)
+ {
+ SortedSetSupport newList = new TreeSetSupport();
+ int i = 0;
+ while (this.comparator.Compare(this[i], lowerLimit) < 0)
+ i++;
+ for (; i < this.Count; i++)
+ {
+ if (this.comparator.Compare(this[i], upperLimit) >= 0)
+ break;
+ newList.Add(this[i]);
+ }
+ return newList;
+ }
+
+ /// <summary>
+ /// Returns a portion of the list whose elements are greater than the
limit object parameter.
+ /// </summary>
+ /// <param name="limit">The start element of the portion to
extract.</param>
+ /// <returns>The portion of the collection whose elements are greater
than the limit object parameter.</returns>
+ public SortedSetSupport TailSet(System.Object limit)
+ {
+ SortedSetSupport newList = new TreeSetSupport();
+ int i = 0;
+ while (this.comparator.Compare(this[i], limit) < 0)
+ i++;
+ for (; i < this.Count; i++)
+ newList.Add(this[i]);
+ return newList;
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// This class uses a cryptographic Random Number Generator to provide
support for
+ /// strong pseudo-random number generation.
+ /// </summary>
+ [Serializable]
+ public class SecureRandomSupport :
System.Runtime.Serialization.ISerializable
+ {
+ private System.Security.Cryptography.RNGCryptoServiceProvider generator;
+
+ //Serialization
+ public void GetObjectData(System.Runtime.Serialization.SerializationInfo
info, System.Runtime.Serialization.StreamingContext context)
+ {
+ }
+
+ protected
SecureRandomSupport(System.Runtime.Serialization.SerializationInfo info,
System.Runtime.Serialization.StreamingContext context)
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider();
+ }
+
+ /// <summary>
+ /// Initializes a new instance of the random number generator.
+ /// </summary>
+ public SecureRandomSupport()
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider();
+ }
+
+ /// <summary>
+ /// Initializes a new instance of the random number generator with the
given seed.
+ /// </summary>
+ /// <param name="seed">The initial seed for the generator</param>
+ public SecureRandomSupport(byte[] seed)
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider(seed);
+ }
+
+ /// <summary>
+ /// Returns an array of bytes with a sequence of cryptographically
strong random values.
+ /// </summary>
+ /// <param name="randomnumbersarray">The array of bytes to fill.</param>
+ public sbyte[] NextBytes(byte[] randomnumbersarray)
+ {
+ this.generator.GetBytes(randomnumbersarray);
+ return ToSByteArray(randomnumbersarray);
+ }
+
+ /// <summary>
+ /// Returns the given number of seed bytes generated for the first
running of a new instance
+ /// of the random number generator.
+ /// </summary>
+ /// <param name="numberOfBytes">Number of seed bytes to generate.</param>
+ /// <returns>Seed bytes generated</returns>
+ public static byte[] GetSeed(int numberOfBytes)
+ {
+ System.Security.Cryptography.RNGCryptoServiceProvider generatedSeed =
new System.Security.Cryptography.RNGCryptoServiceProvider();
+ byte[] seeds = new byte[numberOfBytes];
+ generatedSeed.GetBytes(seeds);
+ return seeds;
+ }
+
+ /// <summary>
+ /// Returns the given number of seed bytes generated for the first
running of a new instance
+ /// of the random number generator.
+ /// </summary>
+ /// <param name="numberOfBytes">Number of seed bytes to generate.</param>
+ /// <returns>Seed bytes generated.</returns>
+ public byte[] GenerateSeed(int numberOfBytes)
+ {
+ System.Security.Cryptography.RNGCryptoServiceProvider generatedSeed =
new System.Security.Cryptography.RNGCryptoServiceProvider();
+ byte[] seeds = new byte[numberOfBytes];
+ generatedSeed.GetBytes(seeds);
+ return seeds;
+ }
+
+ /// <summary>
+ /// Creates a new instance of the random number generator with the seed
provided by the user.
+ /// </summary>
+ /// <param name="newSeed">Seed to create a new random number
generator.</param>
+ public void SetSeed(byte[] newSeed)
+ {
+ this.generator = new
System.Security.Cryptography.RNGCryptoServiceProvider(newSeed);
+ }
+
+ /// <summary>
+ /// Creates a new instance of the random number generator with the seed
provided by the user.
+ /// </summary>
+ /// <param name="newSeed">Seed to create a new random number
generator.</param>
+ public void SetSeed(long newSeed)
+ {
+ byte[] bytes = new byte[8];
+ for (int index = 7; index > 0; index--)
+ {
+ bytes[index] = (byte) (newSeed - (long) ((newSeed >> 8) << 8));
+ newSeed = (long) (newSeed >> 8);
+ }
+ SetSeed(bytes);
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// Receives a byte array and returns it transformed in an sbyte array
+ /// </summary>
+ /// <param name="byteArray">Byte array to process</param>
+ /// <returns>The transformed array</returns>
+ public static sbyte[] ToSByteArray(byte[] byteArray)
+ {
+ sbyte[] sbyteArray = null;
+ if (byteArray != null)
+ {
+ sbyteArray = new sbyte[byteArray.Length];
+ for(int index=0; index < byteArray.Length; index++)
+ sbyteArray[index] = (sbyte) byteArray[index];
+ }
+ return sbyteArray;
+ }
+
+ /*******************************/
+ /// <summary>
+ /// Converts an array of sbytes to an array of bytes
+ /// </summary>
+ /// <param name="sbyteArray">The array of sbytes to be converted</param>
+ /// <returns>The new array of bytes</returns>
+ public static byte[] ToByteArray(sbyte[] sbyteArray)
+ {
+ byte[] byteArray = null;
+
+ if (sbyteArray != null)
+ {
+ byteArray = new byte[sbyteArray.Length];
+ for(int index=0; index < sbyteArray.Length; index++)
+ byteArray[index] = (byte) sbyteArray[index];
+ }
+ return byteArray;
+ }
+
+ /// <summary>
+ /// Converts a string to an array of bytes
+ /// </summary>
+ /// <param name="sourceString">The string to be converted</param>
+ /// <returns>The new array of bytes</returns>
+ public static byte[] ToByteArray(System.String sourceString)
+ {
+ return System.Text.UTF8Encoding.UTF8.GetBytes(sourceString);
+ }
+
+ /// <summary>
+ /// Converts a array of object-type instances to a byte-type array.
+ /// </summary>
+ /// <param name="tempObjectArray">Array to convert.</param>
+ /// <returns>An array of byte type elements.</returns>
+ public static byte[] ToByteArray(System.Object[] tempObjectArray)
+ {
+ byte[] byteArray = null;
+ if (tempObjectArray != null)
+ {
+ byteArray = new byte[tempObjectArray.Length];
+ for (int index = 0; index < tempObjectArray.Length; index++)
+ byteArray[index] = (byte)tempObjectArray[index];
+ }
+ return byteArray;
+ }
+
+ /*******************************/
+ /// <summary>
+ /// Converts an array of sbytes to an array of chars
+ /// </summary>
+ /// <param name="sByteArray">The array of sbytes to convert</param>
+ /// <returns>The new array of chars</returns>
+ public static char[] ToCharArray(sbyte[] sByteArray)
+ {
+ return System.Text.UTF8Encoding.UTF8.GetChars(ToByteArray(sByteArray));
+ }
+
+ /// <summary>
+ /// Converts an array of bytes to an array of chars
+ /// </summary>
+ /// <param name="byteArray">The array of bytes to convert</param>
+ /// <returns>The new array of chars</returns>
+ public static char[] ToCharArray(byte[] byteArray)
+ {
+ return System.Text.UTF8Encoding.UTF8.GetChars(byteArray);
+ }
+
+ /*******************************/
+ /// <summary>
+ /// This class is a holder for two keys, a private key and a public key.
+ /// </summary>
+ public class KeyPairSupport
+ {
+ private PrivateKeySupport privateKey;
+ private PublicKeySupport publicKey;
+
+ /// <summary>
+ /// Construct a new key pair object with the specified PublicKeySupport
and PrivateKeySupport
+ /// </summary>
+ /// <param name="publicKey">The public key</param>
+ /// <param name="privateKey">The private key</param>
+ public KeyPairSupport(PublicKeySupport publicKey, PrivateKeySupport
privateKey)
+ {
+ this.publicKey = publicKey;
+ this.privateKey = privateKey;
+ }
+
+ /// <summary>
+ /// A reference to the private key component of this key pair
+ /// </summary>
+ public PrivateKeySupport Private
+ {
+ get
+ {
+ return this.privateKey;
+ }
+ }
+
+ /// <summary>
+ /// A reference to the public key component of this key pair
+ /// </summary>
+ public PublicKeySupport Public
+ {
+ get
+ {
+ return this.publicKey;
+ }
+ }
+ }
+
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic
private keys.
+ /// </summary>
+ public class PrivateKeySupport: KeySupport
+ {
+ /// <summary>
+ /// Construct a new private key object
+ /// </summary>
+ public PrivateKeySupport()
+ {
+ }
+ }
+
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic keys.
+ /// </summary>
+ public class KeySupport
+ {
+ private System.Security.Cryptography.KeyedHashAlgorithm algorithm;
+
+ /// <summary>
+ /// Construct to new objects key
+ /// </summary>
+ public KeySupport()
+ {
+ }
+
+ /// <summary>
+ /// Construct to new objects key with the algorithm specified
+ /// </summary>
+ /// <param name="algorithm">the cryptographic algorithm</param>
+ public KeySupport(System.Security.Cryptography.KeyedHashAlgorithm
algorithm)
+ {
+ this.algorithm = algorithm;
+ }
+
+ /// <summary>
+ /// The standard algorithm name for this key
+ /// </summary>
+ /// <returns>the keyed hash algorithm name</returns>
+ public System.String GetAlgorithm()
+ {
+ return this.algorithm.ToString();
+ }
+
+ /// <summary>
+ /// The key to be used in the algorithm.
+ /// </summary>
+ public byte[] Key
+ {
+ get
+ {
+ return this.algorithm.Key;
+ }
+ }
+ }
+
+
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic
public keys.
+ /// </summary>
+ public class PublicKeySupport: KeySupport
+ {
+ /// <summary>
+ /// Construct a new public key object
+ /// </summary>
+ public PublicKeySupport()
+ {
+ }
+ }
+
+ /*******************************/
+ /// <summary>
+ /// Encapsulates the functionality of message digest algorithms such as
SHA-1 or MD5.
+ /// </summary>
+ public class MessageDigestSupport
+ {
+ private System.Security.Cryptography.HashAlgorithm algorithm;
+ private byte[] data = new byte[0];
+ private int position;
+ private System.String algorithmName;
+
+ /// <summary>
+ /// The HashAlgorithm instance that provide the cryptographic hash
algorithm
+ /// </summary>
+ public System.Security.Cryptography.HashAlgorithm Algorithm
+ {
+ get
+ {
+ return this.algorithm;
+ }
+ set
+ {
+ this.algorithm = value;
+ }
+ }
+
+ /// <summary>
+ /// The digest data
+ /// </summary>
+ public byte[] Data
+ {
+ get
+ {
+ return this.data;
+ }
+ set
+ {
+ this.data = value;
+ }
+ }
+
+ /// <summary>
+ /// The name of the cryptographic hash algorithm used in the instance
+ /// </summary>
+ public System.String AlgorithmName
+ {
+ get
+ {
+ return this.algorithmName;
+ }
+ }
+
+ /// <summary>
+ /// Creates a message digest using the specified name to set Algorithm
property.
+ /// </summary>
+ /// <param name="algorithm">The name of the algorithm to use</param>
+ public MessageDigestSupport(System.String algorithm)
+ {
+ if (algorithm.Equals("SHA-1"))
+ {
+ this.algorithmName = "SHA";
+ }
+ else
+ {
+ this.algorithmName = algorithm;
+ }
+ this.Algorithm = (System.Security.Cryptography.HashAlgorithm)
System.Security.Cryptography.CryptoConfig.CreateFromName(this.algorithmName);
+ this.data = new byte[0];
+ this.position = 0;
+ }
+
+ /// <summary>
+ /// Computes the hash value for the internal data digest.
+ /// </summary>
+ /// <returns>The array of signed bytes with the resulting hash
value</returns>
+ public sbyte[] DigestData()
+ {
+ sbyte[] result = ToSByteArray(this.Algorithm.ComputeHash(this.data));
+ this.Reset();
+ return result;
+ }
+
+ /// <summary>
+ /// Performs and update on the digest with the specified array and then
completes the digest
+ /// computation.
+ /// </summary>
+ /// <param name="newData">The array of bytes for final update to the
digest</param>
+ /// <returns>An array of signed bytes with the resulting hash
value</returns>
+ public sbyte[] DigestData(sbyte[] newData)
+ {
+ this.Update(ToByteArray(newData));
+ return this.DigestData();
+ }
+
+
+ /// <summary>
+ /// Computes the hash value for the internal digest and places the
digest returned into the specified buffer
+ /// </summary>
+ /// <param name="buff">The buffer for the output digest</param>
+ /// <param name="offset">Offset into the buffer for the beginning
index</param>
+ /// <param name="length">Total number of bytes for the digest</param>
+ /// <returns>The number of bytes placed into the output buffer</returns>
+ public int DigestData(sbyte[] buffer, int offset, int length)
+ {
+ byte[] result = this.Algorithm.ComputeHash(this.data);
+ int count = 0;
+ if ( length >= this.GetDigestLength() )
+ {
+ if ( buffer.Length >= (length + offset) )
+ {
+ for ( ; count < result.Length ; count++ )
+ {
+ buffer[offset + count] = (sbyte)result[count];
+ }
+ }
+ else
+ {
+ throw new System.ArgumentException("output buffer too small for the
specified offset and length");
+ }
+ }
+ else
+ {
+ throw new System.Exception("Partial digests not returned");
+ }
+ return count;
+ }
+
+ /// <summary>
+ /// Updates the digest data with the specified array of bytes by making
an append
+ /// operation in the internal array of data.
+ /// </summary>
+ /// <param name="newData">The array of bytes for the update
operation</param>
+ public void Update(byte[] newData)
+ {
+ if (position == 0)
+ {
+ this.Data = newData;
+ this.position = this.Data.Length - 1;
+ }
+ else
+ {
+ byte[] oldData = this.Data;
+ this.Data = new byte[newData.Length + position + 1];
+ oldData.CopyTo(this.Data, 0);
+ newData.CopyTo(this.Data, oldData.Length);
+
+ this.position = this.Data.Length - 1;
+ }
+ }
+
+ /// <summary>
+ /// Updates the digest data with the input byte by calling the method
Update with an array.
+ /// </summary>
+ /// <param name="newData">The input byte for the update</param>
+ public void Update(byte newData)
+ {
+ byte[] newDataArray = new byte[1];
+ newDataArray[0] = newData;
+ this.Update(newDataArray);
+ }
+
+ /// <summary>
+ /// Updates the specified count of bytes with the input array of bytes
starting at the
+ /// input offset.
+ /// </summary>
+ /// <param name="newData">The array of bytes for the update
operation</param>
+ /// <param name="offset">The initial position to start from in the array
of bytes</param>
+ /// <param name="count">The number of bytes fot the update</param>
+ public void Update(byte[] newData, int offset, int count)
+ {
+ byte[] newDataArray = new byte[count];
+ System.Array.Copy(newData, offset, newDataArray, 0, count);
+ this.Update(newDataArray);
+ }
+
+ /// <summary>
+ /// Resets the digest data to the initial state.
+ /// </summary>
+ public void Reset()
+ {
+ this.data = null;
+ this.position = 0;
+ }
+
+ /// <summary>
+ /// Returns a string representation of the Message Digest
+ /// </summary>
+ /// <returns>A string representation of the object</returns>
+ public override System.String ToString()
+ {
+ return this.Algorithm.ToString();
+ }
+
+ /// <summary>
+ /// Generates a new instance of the MessageDigestSupport class using the
specified algorithm
+ /// </summary>
+ /// <param name="algorithm">The name of the algorithm to use</param>
+ /// <returns>A new instance of the MessageDigestSupport class</returns>
+ public static MessageDigestSupport GetInstance(System.String algorithm)
+ {
+ return new MessageDigestSupport(algorithm);
+ }
+
+ /// <summary>
+ /// Compares two arrays of signed bytes evaluating equivalence in digest
data
+ /// </summary>
+ /// <param name="firstDigest">An array of signed bytes for
comparison</param>
+ /// <param name="secondDigest">An array of signed bytes for
comparison</param>
+ /// <returns>True if the input digest arrays are equal</returns>
+ public static bool EquivalentDigest(System.SByte[] firstDigest,
System.SByte[] secondDigest)
+ {
+ bool result = false;
+ if (firstDigest.Length == secondDigest.Length)
+ {
+ int index = 0;
+ result = true;
+ while(result && index < firstDigest.Length)
+ {
+ result = firstDigest[index] == secondDigest[index];
+ index++;
+ }
+ }
+
+ return result;
+ }
+
+
+ /// <summary>
+ /// Gets a number of bytes representing the length of the digest
+ /// </summary>
+ /// <returns>The length of the digest in bytes</returns>
+ public int GetDigestLength( )
+ {
+ return this.algorithm.HashSize / 8;
+ }
+ }
+ /*******************************/
+ /// <summary>
+ /// This class offers support for all classes that use cryptographic
classes.
+ /// </summary>
+ public class CryptoSupport
+ {
+ // Used for working space to Cipher.
+ private System.IO.MemoryStream CipherMemoryStream;
+
+ // Used for key storage to Cipher.
+ private System.Security.Cryptography.SymmetricAlgorithm CipherInitKey;
+
+ // The cipher for encrypt and decrypt.
+ private System.Security.Cryptography.CryptoStream Cipher;
+
+ // Used for set mode to Cipher
+ private System.Security.Cryptography.CryptoStreamMode CipherMode;
+
+ // Used for algorithm name storage to Cipher
+ private System.String CipherAlgorithName;
+
+ /// <summary>
+ /// Constructor class.
+ /// </summary>
+ /// <param name="name">The algorithm name input, (for support propose
only).</param>
+ public CryptoSupport(System.String name)
+ {
+ CipherInitKey =
System.Security.Cryptography.SymmetricAlgorithm.Create();
+ CipherAlgorithName = name;
+ }
+
+ /// <summary>
+ /// Initializes this cipher with the public key from the given
certificate.
+ /// </summary>
+ /// <param name="Mode">The cipher is initialized for one of the
following four operations: encryption (Mode = Write)
+ /// or decryption (Mode = Read).</param>
+ /// <param name="Certificate">The certificate of type X.509</param>
+ public void CryptoInit(System.Security.Cryptography.CryptoStreamMode
Mode, System.Security.Cryptography.X509Certificates.X509Certificate
Certificate)
+ {
+ CipherMode = Mode;
+ if(CipherInitKey == null) return;
+ CipherInitKey.Key = Certificate.GetPublicKey();
+ }
+
+ /// <summary>
+ /// Initializes this cipher with a key.
+ /// </summary>
+ /// <param name="Mode">The cipher is initialized for one of the
following four operations: encryption (Mode = Write)
+ /// or decryption (Mode = Read).</param>
+ /// <param name="Key">The key.</param>
+ public void CryptoInit(System.Security.Cryptography.CryptoStreamMode
Mode, System.Object Key)
+ {
+ CipherMode = Mode;
+ if (CipherInitKey == null) return;
+ if (Key is System.Security.Cryptography.SymmetricAlgorithm)
+ // SecretKeySpec
+ CipherInitKey = (System.Security.Cryptography.SymmetricAlgorithm) Key;
+ else if ( Key is SupportClass.KeySupport)
+ // Security.Key
+ CipherInitKey.Key = ((KeySupport) Key).Key;
+ }
+
+ /// <summary>
+ /// Initializes this cipher with a key and a set of algorithm parameters.
+ /// </summary>
+ /// <param name="Mode">The cipher is initialized for one of the
following four operations: encryption (Mode = Write)
+ /// or decryption (Mode = Read).</param>
+ /// <param name="Key">The key.</param>
+ /// <param name="Spec">The algorithm parameters.</param>
+ public void CryptoInit(System.Security.Cryptography.CryptoStreamMode
Mode, System.Object Key, System.Object Spec)
+ {
+ CipherMode = Mode;
+ if (CipherInitKey == null) return;
+ if ((Key is System.Security.Cryptography.SymmetricAlgorithm) && (Spec
is System.Security.Cryptography.SymmetricAlgorithm))
+ {
+ // SecretKeySpec
+ CipherInitKey.Key = ((System.Security.Cryptography.SymmetricAlgorithm)
Key).Key;
+ CipherInitKey.IV = ((System.Security.Cryptography.SymmetricAlgorithm)
Spec).IV;
+ }
+ else if ( Key is SupportClass.KeySupport)
+ // Security.Key
+ CipherInitKey.Key = ((KeySupport) Key).Key;
+ }
+
+ /// <summary>
***The diff for this file has been truncated for email.***
=======================================
--- /dev/null
+++ /branches/2.0/UpgradeLog.XML Tue Jun 14 21:31:31 2011
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type='text/xsl'
href='_UpgradeReport_Files/UpgradeReport.xslt'?><UpgradeLog>
+<Properties><Property Name="Solution" Value="owasp-esapi-ASP-11">
+</Property><Property Name="Solution File" Value="C:\Documents and
Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\owasp-esapi-ASP-11.sln">
+</Property><Property Name="Date" Value="Lunes, 23 de Junio de 2008">
+</Property><Property Name="Time" Value="19:37:39 p.m.">
+</Property></Properties><Event ErrorLevel="0" Project="owasp-esapi-ASP-11"
Source="owasp-esapi-ASP-11.csproj" Description="Scan complete: Upgrade not
required for project files.">
+</Event><Event ErrorLevel="3" Project="owasp-esapi-ASP-11"
Source="owasp-esapi-ASP-11.csproj" Description="Converted">
+</Event><Event ErrorLevel="0" Project="owasp-esapi-ASP-11"
Source="owasp-esapi-ASP-11.csproj" Description="You have completed the
first step in converting your Visual Studio .NET 2003 web project. To
complete the conversion, please select your project in the Solution
Explorer and choose the 'Convert to Web Application' context menu item.">
+</Event></UpgradeLog>
=======================================
--- /dev/null
+++ /branches/2.0/Web.config Tue Jun 14 21:31:31 2011
@@ -0,0 +1,71 @@
+<?xml version="1.0"?>
+<configuration>
+ <system.web>
+ <!-- DYNAMIC DEBUG COMPILATION
+ Set compilation debug="true" to enable ASPX debugging.
Otherwise, setting this value to
+ false will improve runtime performance of this application.
+ Set compilation debug="true" to insert debugging symbols (.pdb
information)
+ into the compiled page. Because this creates a larger file that
executes
+ more slowly, you should set this value to true only when
debugging and to
+ false at all other times. For more information, refer to the
documentation about
+ debugging ASP.NET files.
+ -->
+ <compilation defaultLanguage="c#" debug="true"/>
+ <!-- CUSTOM ERROR MESSAGES
+ Set customErrors mode="On" or "RemoteOnly" to enable custom
error messages, "Off" to disable.
+ Add <error> tags for each of the errors you want to handle.
+
+ "On" Always display custom (friendly) messages.
+ "Off" Always display detailed ASP.NET error information.
+ "RemoteOnly" Display custom (friendly) messages only to users
not running
+ on the local Web server. This setting is recommended for
security purposes, so
+ that you do not display application detail information to
remote clients.
+ -->
+ <customErrors mode="RemoteOnly"/>
+ <!-- AUTHENTICATION
+ This section sets the authentication policies of the
application. Possible modes are "Windows",
+ "Forms", "Passport" and "None"
+
+ "None" No authentication is performed.
+ "Windows" IIS performs authentication (Basic, Digest, or
Integrated Windows) according to
+ its settings for the application. Anonymous access must be
disabled in IIS.
+ "Forms" You provide a custom form (Web page) for users to enter
their credentials, and then
+ you authenticate them in your application. A user credential
token is stored in a cookie.
+ "Passport" Authentication is performed via a centralized
authentication service provided
+ by Microsoft that offers a single logon and core profile
services for member sites.
+ -->
+ <authentication mode="Windows"/>
+ <!-- AUTHORIZATION
+ This section sets the authorization policies of the application.
You can allow or deny access
+ to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
+ (unauthenticated) users.
+ -->
+ <authorization>
+ <allow users="*"/>
+ <!-- Allow all users -->
+ <!-- <allow users="[comma separated list of users]"
+ roles="[comma separated list of roles]"/>
+ <deny users="[comma separated list of users]"
+ roles="[comma separated list of roles]"/>
+ -->
+ </authorization>
+ <!-- APPLICATION-LEVEL TRACE LOGGING
+ Application-level tracing enables trace log output for every
page within an application.
+ Set trace enabled="true" to enable application trace logging.
If pageOutput="true", the
+ trace information will be displayed at the bottom of each page.
Otherwise, you can view the
+ application trace log by browsing the "trace.axd" page from your
web application
+ root.
+ -->
+ <trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
+ <!-- SESSION STATE SETTINGS
+ By default ASP.NET uses cookies to identify which requests
belong to a particular session.
+ If cookies are not available, a session can be tracked by adding
a session identifier to the URL.
+ To disable cookies, set sessionState cookieless="true".
+ -->
+ <sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"/>
+ <!-- GLOBALIZATION
+ This section sets the globalization settings of the application.
+ -->
+ <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
+ <xhtmlConformance mode="Legacy"/></system.web>
+</configuration>
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport.htm Tue Jun 14 21:31:31 2011
@@ -0,0 +1,2170 @@
+<html>
+ <head>
+ <META HTTP-EQUIV="Content-Type" content="text/html; charset=utf-8">
+ <link rel="stylesheet"
href="_ConversionReport_Files\ConversionReport.css">
+ <title>owasp-esapi-ASP-11 Conversion Report</title>
+
+ <script language="javascript">
+ var oMe;
+ function outliner () {
+ oMe = window.event.srcElement
+ //get child element
+ var child = document.all[event.srcElement.getAttribute("child",false)];
+ //if child element exists, expand or collapse it.
+ if (null != child)
+ child.className = child.className
== "collapsed" ? "expanded" : "collapsed";
+ }
+
+ function changepic() {
+ if (oMe.tagName!="IMG") {
+ oMe =oMe.children[0];
+ }
+ var check = oMe.src.toLowerCase();
+ if (check.lastIndexOf("conversionreport_plus.gif") != -1) {
+ oMe.src = "_ConversionReport_Files/ConversionReport_Minus.gif" }
+ else
+ {
+ oMe.src = "_ConversionReport_Files/ConversionReport_Plus.gif"
+ }
+ }
+ </script>
+
+ </head>
+ <body topmargin="0" leftmargin="0" rightmargin="0" onclick="outliner();">
+ <h1>Conversion Report for owasp-esapi-ASP-11</h1>
+
+ <p><span class="note">
+ <b>Time of Conversion: </b>6/23/2008 7:34 PM<br>
+ <b>Total Time Spent: </b>00:03:16<br>
+ </span></p>
+
+ <h2>List of Project Files</h2>
+ <table cellpadding="2" cellspacing="0" width="98%" border="1"
bordercolor="white" class="infotable">
+ <tr>
+ <td nowrap class="header">New Filename</td>
+ <td nowrap class="header">Original Filename</td>
+ <td nowrap class="header">Status</td>
+ <td nowrap class="header">Errors</td>
+ <td nowrap class="header">Warnings</td>
+ <td nowrap class="header">Total Issues</td>
+ </tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="Globals"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="Globals"></a> (Global Issues)</td>
+ <td class="content"></td>
+ <td class="content"></td>
+ <td class="content">0</td>
+ <td class="content">4</td>
+ <td class="content">4</td>
+ </tr>
+ <tr class="collapsed" id="Globals" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr><td colspan="4" class="content">Global conversion issues:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td class="issuehdr">Type</td><td
class="issuehdr">Severity</td><td class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1133'>The
equivalent of java.lang.Object.equals in Visual C# can return a different
value if the two comparison methods differ.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1225'>Type
castings between primitive types may have different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1274'>Interaction
between members of a class may differ because their execution sequence is
different. </a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Global Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1297'>Enumerations
should be started first before accessing their data by calling their
MoveNext method.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Global Note</td><td class="issuecontent"
width="5%">3</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1024'>Anonymous
classes were converted to nested classes.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td colspan=3 class="content"><a href="javascript:changepic();"
child="dir_0"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_0"></a> \src</td>
+ <td class="content">270</td>
+ <td class="content">7</td>
+ <td class="content">277</td>
+ </tr>
+ <tr class="collapsed" id="dir_0" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_1"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_1"></a> \org</td>
+ </tr>
+ <tr class="collapsed" id="dir_1" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_2"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_2"></a> \owasp</td>
+ </tr>
+ <tr class="collapsed" id="dir_2" bgcolor="#ffffff"><td colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_3"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_3"></a> \esapi</td>
+ </tr>
+ <tr class="collapsed" id="dir_3" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc" rules="cols"
class="issuetable">
+ <tr>
+ <td nowrap class="header">New Filename</td>
+ <td nowrap class="header">Original Filename</td>
+ <td nowrap class="header">Status</td>
+ <td nowrap class="header">Errors</td>
+ <td nowrap class="header">Warnings</td>
+ <td nowrap class="header">Total Issues</td>
+ </tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue0"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue0"></a> AccessController.cs</td>
+ <td class="content">AccessController.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">10</td>
+ <td class="content">0</td>
+ <td class="content">10</td>
+ </tr>
+ <tr class="collapsed" id="issue0" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessController.overlap(java.util.Set,java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessController.loadRules(java.io.File):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'>Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessController.Rule.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue1"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue1"></a> AccessReferenceMap.cs</td>
+ <td class="content">AccessReferenceMap.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">16</td>
+ <td class="content">0</td>
+ <td class="content">16</td>
+ </tr>
+ <tr class="collapsed" id="issue1" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.iterator():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'>Method 'java.util.HashMap.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.removeDirectReference(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.update(java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'>Method 'java.util.HashMap.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.getIndirectReference(java.lang.Object):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.getDirectReference(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.AccessReferenceMap.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue2"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue2"></a> Authenticator.cs</td>
+ <td class="content">Authenticator.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">41</td>
+ <td class="content">2</td>
+ <td class="content">43</td>
+ </tr>
+ <tr class="collapsed" id="issue2" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalUser.getUser():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalUser.setUser(org.owasp.esapi.interfaces.IUser):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalRequest.getRequest():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalRequest.setUser(javax.servlet.http.HttpServletRequest):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getResponse():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.setUser(javax.servlet.http.HttpServletResponse):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.clearCurrent():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getCurrentUser():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getCurrentRequest():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getCurrentResponse():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.get'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.getUserNames():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'>Method 'java.util.Map.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.loadUsersIfNecessary():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.loadUsersImmediately():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'>Constructor 'java.io.FileReader.FileReader'
was converted to 'System.IO.StreamReader' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'>Constructor 'java.io.FileReader.FileReader'
was converted to 'System.IO.StreamReader' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the expected value of parameters for
constructor 'java.io.BufferedReader.BufferedReader' may cause compilation
errors. </a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'>At
least one expression was used more than once in the target
code.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.loginWithUsernameAndPassword(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'>Method 'javax.servlet.ServletRequest.getParameter'
was converted to 'System.Web.HttpRequest' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'>Method 'javax.servlet.ServletRequest.getParameter'
was converted to 'System.Web.HttpRequest' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.saveUsers():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.PrintWriter.println' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.PrintWriter.println' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriterFileWriter_javaioFile'>Constructor 'java.io.FileWriter.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriter'>Class 'java.io.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriterFileWriter_javaioFile'>Constructor 'java.io.FileWriter.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriter'>Class 'java.io.FileWriter'
was converted to 'System.IO.StreamWriter' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">10</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">11</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'>At
least one expression was used more than once in the target
code.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.saveUsers(java.io.PrintWriter):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.PrintWriter.println' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'>Method 'java.io.PrintWriter.println'
was converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.setCurrentHTTP(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Method 'java.lang.InheritableThreadLocal.set'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Authenticator.ThreadLocalResponse.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Class 'java.lang.InheritableThreadLocal'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Class 'java.lang.InheritableThreadLocal'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'>Class 'java.lang.InheritableThreadLocal'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue3"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue3"></a> Encoder.cs</td>
+ <td class="content">Encoder.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">15</td>
+ <td class="content">1</td>
+ <td class="content">16</td>
+ </tr>
+ <tr class="collapsed" id="issue3" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.encodeForBase64(byte[],boolean):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Method 'sun.misc.CharacterEncoder.encode'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.decodeFromBase64(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Method 'sun.misc.CharacterDecoder.decodeBuffer'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.initializeMaps():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedStringReader.parsePercent(java.lang.String,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'>Method 'java.lang.Integer.parseInt'
was converted to 'System.Convert.ToInt32' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedStringReader.parseEntity(java.lang.String,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">3</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1291'>The 'System.Char'
structure does not have an equivalent to NULL.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1101'>Method 'java.lang.String.indexOf'
was converted to 'System.String.IndexOf' which may throw an
exception.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedCharacter.getEncoded(int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'>Method 'java.util.HashMap.get'
was converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encoder.EncodedCharacter.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Class 'sun.misc.BASE64Encoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Constructor 'sun.misc.BASE64Encoder.BASE64Encoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Class 'sun.misc.BASE64Decoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'>Constructor 'sun.misc.BASE64Decoder.BASE64Decoder'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'sun.text.Normalizer' could not be found. If it was not included in
the conversion, there may be compiler issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue4"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue4"></a> EncryptedProperties.cs</td>
+ <td class="content">EncryptedProperties.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">11</td>
+ <td class="content">1</td>
+ <td class="content">12</td>
+ </tr>
+ <tr class="collapsed" id="issue4" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.setProperty(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiessetProperty_javalangString_javalangString'>Method 'java.util.Properties.setProperty'
was converted to 'System.Collections.Specialized.NameValueCollection.Item'
which has a different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.load(java.io.InputStream):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiesload_javaioInputStream'>Method 'java.util.Properties.load'
was converted to 'System.Collections.Specialized.NameValueCollection' which
has a different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.store(java.io.OutputStream,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilPropertiesstore_javaioOutputStream_javalangString'>Method 'java.util.Properties.store'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.main(java.lang.String[]):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'>Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileOutputStreamFileOutputStream_javaioFile'>Constructor 'java.io.FileOutputStream.FileOutputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the expected value of parameters for
constructor 'java.io.BufferedReader.BufferedReader' may cause compilation
errors. </a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'>At
least one expression was used more than once in the target
code.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.EncryptedProperties.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1089'>Format
of property file may need to be changed.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue5"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue5"></a> Encryptor.cs</td>
+ <td class="content">Encryptor.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">21</td>
+ <td class="content">0</td>
+ <td class="content">21</td>
+ </tr>
+ <tr class="collapsed" id="issue5" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.Encryptor():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.security.SecureRandom.getInstance' may
return a different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxcryptoSecretKeyFactorygenerateSecret_javasecurityspecKeySpec'>Method 'javax.crypto.SecretKeyFactory.generateSecret'
was converted
to 'System.Security.Cryptography.SymmetricAlgorithm.GenerateKey' which has
a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1277'>The
class 'java.security.KeyPair' was converted
to 'SupportClass.KeyPairSupport', which is not serializable.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1287'>A
transformation string might not be supported by the classes in the
System.Security.Cryptography namespace.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxcryptospecPBEParameterSpec'>Constructor 'javax.crypto.spec.PBEParameterSpec.PBEParameterSpec'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Class 'java.security.KeyPairGenerator'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Method 'java.security.KeyPairGenerator.getInstance'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Method 'java.security.KeyPairGenerator.initialize'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'>Method 'java.security.KeyPairGenerator.generateKeyPair'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.encrypt(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javalangStringgetBytes_javalangString'>Method 'java.lang.String.getBytes'
was converted
to 'System.Text.Encoding.GetEncoding(string).GetBytes(string)' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.decrypt(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the Format of parameters for
constructor 'java.lang.String.String' may cause compilation errors.
</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.sign(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitSign_javasecurityPrivateKey'>Method 'java.security.Signature.initSign'
was converted to 'SupportClass.DigitalSignature.Signing' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignaturesign'>Method 'java.security.Signature.sign'
was converted to 'SupportClass.DigitalSignature.Sign' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.verifySignature(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitVerify_javasecurityPublicKey'>Method 'java.security.Signature.initVerify'
was converted to 'SupportClass.DigitalSignature.Verification' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureverify_byte[]'>Method 'java.security.Signature.verify'
was converted to 'SupportClass.DigitalSignature.Verify' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.verifySeal(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.getTimeStamp():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Encryptor.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxcryptospecPBEParameterSpec'>Class 'javax.crypto.spec.PBEParameterSpec'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> ESAPI.cs</td>
+ <td class="content">ESAPI.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue6" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue7"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue7"></a> Executor.cs</td>
+ <td class="content">Executor.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">5</td>
+ <td class="content">0</td>
+ <td class="content">5</td>
+ </tr>
+ <tr class="collapsed" id="issue7" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Executor.executeSystemCommand(java.io.File,java.util.List,java.io.File,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'>The
differences in the expected value of parameters for
constructor 'java.io.BufferedReader.BufferedReader' may cause compilation
errors. </a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangRuntimeexec_javalangString[]_javalangString[]_javaioFile'>Method 'java.lang.Runtime.exec'
was not converted.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue8"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue8"></a> HTTPUtilities.cs</td>
+ <td class="content">HTTPUtilities.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">33</td>
+ <td class="content">3</td>
+ <td class="content">36</td>
+ </tr>
+ <tr class="collapsed" id="issue8" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.changeSessionIdentifier():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'>Method 'java.util.Enumeration.hasMoreElements'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'>Method 'java.util.Enumeration.nextElement'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpSessioninvalidate'>Method 'javax.servlet.http.HttpSession.invalidate'
was converted to 'System.Web.SessionState.HttpSessionState.Abandon' which
has a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletRequestgetSession_boolean'>Method 'javax.servlet.http.HttpServletRequest.getSession'
was converted to 'System.Web.HttpContext.Current.Session' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'>Method 'java.util.Map.entrySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.verifyCSRFToken():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'>Method 'javax.servlet.ServletRequest.getParameter'
was converted to 'System.Web.HttpRequest' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.encryptStateInCookie(java.util.Map):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Object.toString' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Object.toString' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'>Method 'java.util.Map.entrySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.update(long,long,int):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'>Data
types in Visual C# might be different. Verify the accuracy of narrowing
conversions.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'>Data
types in Visual C# might be different. Verify the accuracy of narrowing
conversions.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Runtime Warning</td><td
class="issuecontent" width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'>Data
types in Visual C# might be different. Verify the accuracy of narrowing
conversions.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.getSafeFileUploads(java.io.File,java.io.File):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaioFilecreateTempFile_javalangString_javalangString_javaioFile'>Method 'java.io.File.createTempFile'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.queryToMap(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeMapTreeMap'>Constructor 'java.util.TreeMap.TreeMap'
was converted to 'System.Collections.SortedList' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.TreeMap'
and 'System.Collections.SortedList' may cause compilation
errors.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.TreeMap'
and 'System.Collections.SortedList' may cause compilation
errors.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.safeSendForward(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcher'>Interface 'javax.servlet.RequestDispatcher'
was converted to 'System.Web.HttpServerUtility' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcherforward_javaxservletServletRequest_javaxservletServletResponse'>Method 'javax.servlet.RequestDispatcher.forward'
was converted to 'System.Web.HttpServerUtility.Transfer' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'>Reference
conversion may require user modification.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetRequestDispatcher_javalangString'>Method 'javax.servlet.ServletRequest.getRequestDispatcher'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.safeSendRedirect(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'>Reference
conversion may require user modification.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.setNoCacheHeaders():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletResponsesetDateHeader_javalangString_long'>Method 'javax.servlet.http.HttpServletResponse.setDateHeader'
was converted to 'System.Web.HttpResponse.AppendHeader' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.HTTPUtilities.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.regex.Pattern' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.FileItem' could not be found. If it was
not included in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.ProgressListener' could not be found.
If it was not included in the conversion, there may be compiler
issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.disk.DiskFileItemFactory' could not be
found. If it was not included in the conversion, there may be compiler
issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'org.apache.commons.fileupload.servlet.ServletFileUpload' could not be
found. If it was not included in the conversion, there may be compiler
issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue9"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue9"></a> IntrusionDetector.cs</td>
+ <td class="content">IntrusionDetector.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">6</td>
+ <td class="content">0</td>
+ <td class="content">6</td>
+ </tr>
+ <tr class="collapsed" id="issue9" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.IntrusionDetector.addException(java.lang.Exception):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Throwable.getMessage' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Class.getName' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.IntrusionDetector.addEvent(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue10"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue10"></a> Logger.cs</td>
+ <td class="content">Logger.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">8</td>
+ <td class="content">0</td>
+ <td class="content">8</td>
+ </tr>
+ <tr class="collapsed" id="issue10" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Logger.logHTTPRequest(java.lang.String,javax.servlet.http.HttpServletRequest,java.util.List):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'>Method 'java.util.Map.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Logger.log(Level,java.lang.String,java.lang.String,java.lang.Throwable):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Class.getName' may return a
different value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Logger.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.logging.Level' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue11"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue11"></a> Randomizer.cs</td>
+ <td class="content">Randomizer.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">3</td>
+ <td class="content">0</td>
+ <td class="content">3</td>
+ </tr>
+ <tr class="collapsed" id="issue11" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Randomizer.Randomizer():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.security.SecureRandom.getInstance' may
return a different value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Randomizer.getRandomBoolean():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilRandomnextBoolean'>Method 'java.util.Random.nextBoolean'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Randomizer.getRandomGUID():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.net.InetAddress.getLocalHost' may
return a different value.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue12"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue12"></a> SecurityConfiguration.cs</td>
+ <td class="content">SecurityConfiguration.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">23</td>
+ <td class="content">0</td>
+ <td class="content">23</td>
+ </tr>
+ <tr class="collapsed" id="issue12" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.getAllowedFileExtensions():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.loadConfiguration():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.lang.Object.toString' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.io.File.lastModified' may return a
different value.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'>Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiesload_javaioInputStream'>Method 'java.util.Properties.load'
was converted to 'System.Collections.Specialized.NameValueCollection' which
has a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">10</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">11</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.getQuota(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.getValidationPatternNames():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'>Class 'java.util.TreeSet'
was converted to 'SupportClass.TreeSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.SecurityConfiguration.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1089'>Format
of property file may need to be changed.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.logging.Level' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.regex.Pattern' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangSystem'>Method 'java.lang.System.getProperty'
was not converted.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'>Class
hierarchy differences between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> Threshold.cs</td>
+ <td class="content">Threshold.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue13" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue14"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue14"></a> User.cs</td>
+ <td class="content">User.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">38</td>
+ <td class="content">0</td>
+ <td class="content">38</td>
+ </tr>
+ <tr class="collapsed" id="issue14" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.User(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.User(java.lang.String,java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.addRoles(java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.dump(java.util.Collection):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getExpirationTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getLastFailedLoginTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getLastLoginTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getLastPasswordChangeTime():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilDateclone'>Method 'java.util.Date.clone'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.getRoles():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilCollections'>Method 'java.util.Collections.unmodifiableSet'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.isSessionAbsoluteTimeout(javax.servlet.http.HttpSession):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservlethttpHttpSessiongetCreationTime'>Method 'javax.servlet.http.HttpSession.getCreationTime'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.isSessionTimeout(javax.servlet.http.HttpSession):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservlethttpHttpSessiongetLastAccessedTime'>Method 'javax.servlet.http.HttpSession.getLastAccessedTime'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.logout():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpSessioninvalidate'>Method 'javax.servlet.http.HttpSession.invalidate'
was converted to 'System.Web.SessionState.HttpSessionState.Abandon' which
has a different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletRequestgetSession_boolean'>Method 'javax.servlet.http.HttpServletRequest.getSession'
was converted to 'System.Web.HttpContext.Current.Session' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.save():</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setExpirationTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setHashedPassword(java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'>The
equivalent in .NET for method 'java.util.List.add' may return a different
value.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setLastFailedLoginTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setLastLoginTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setLastPasswordChangeTime(java.util.Date):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDatetoString'>Method 'java.util.Date.toString'
was converted to 'System.DateTime.ToString' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.setRoles(java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.Event.increment(int,long):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'>Method 'java.util.Date.getTime'
was converted to 'System.DateTime.Ticks' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.User.Event.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDateDate_long'>Constructor 'java.util.Date.Date'
was converted to 'System.DateTime.DateTime' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'>Class 'java.util.HashMap'
was converted to 'System.Collections.Hashtable' which has a different
behavior.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td class="content"><a href="javascript:changepic();"
child="issue15"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="issue15"></a> Validator.cs</td>
+ <td class="content">Validator.java</td>
+ <td class="content">
+ Converted with issues</td> <td class="content">21</td>
+ <td class="content">0</td>
+ <td class="content">21</td>
+ </tr>
+ <tr class="collapsed" id="issue15" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.isValidFileName(java.lang.String,java.lang.String):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.isValidHTTPRequest(javax.servlet.http.HttpServletRequest):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">5</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">6</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'>Method 'java.util.Iterator.hasNext'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">7</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'>Method 'java.util.Iterator.next'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">8</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilArraysasList_javalangObject[]'>Method 'java.util.Arrays.asList'
was converted to 'System.Collections.ArrayList' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">9</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'>Method 'java.util.Enumeration.hasMoreElements'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">10</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'>Method 'java.util.Enumeration.hasMoreElements'
was converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">11</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'>Method 'java.util.Enumeration.nextElement'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">12</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'>Method 'java.util.Enumeration.nextElement'
was converted to 'System.Collections.IEnumerator.Current' which has a
different behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">13</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'>Method 'java.util.Map.entrySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">14</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.isValidParameterSet(java.util.Set,java.util.Set):</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'>Method 'java.util.Map.keySet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">2</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">3</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'>Class 'java.util.HashSet'
was converted to 'SupportClass.HashSetSupport' which has a different
behavior.</a></td></tr>
+ <tr><td width="10" class="issuecontent">4</td><td
class="issuecontent" width="15%">Compile Error</td><td class="issuecontent"
width="5%">1</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'>Method 'javax.servlet.ServletRequest.getParameterMap'
was not converted.</a></td></tr>
+ </table></td></tr>
+ <tr><td colspan="4" class="content">Conversion Issues for
org.owasp.esapi.Validator.Declarations:</td></tr>
+ <tr><td class="issuecontent"><table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr><td class="issuehdr">#</td><td
class="issuehdr">Type</td><td class="issuehdr">Severity</td><td
class="issuehdr">Description</td></tr>
+ <tr><td width="10" class="issuecontent">1</td><td
class="issuecontent" width="15%">To Do</td><td class="issuecontent"
width="5%">2</td><td class="issuecontent"><a
href=ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'>The
type 'java.util.regex.Pattern' could not be found. If it was not included
in the conversion, there may be compiler issues.</a></td></tr>
+ </table></td></tr>
+ </table>
+ </td></tr>
+ <tr class="row">
+ <td colspan=6 class="content"><a href="javascript:changepic();"
child="dir_4"><IMG border=0 alt="expand/collapse section"
class="expandable" height="11"
src="_ConversionReport_Files/ConversionReport_Plus.gif" width="9"
child="dir_4"></a> \errors</td>
+ </tr>
+ <tr class="collapsed" id="dir_4" bgcolor="#ffffff"><td
colspan="7">
+ <table width="97%" border="1" bordercolor="#dcdcdc"
rules="cols" class="issuetable">
+ <tr>
+ <td nowrap class="header">New Filename</td>
+ <td nowrap class="header">Original Filename</td>
+ <td nowrap class="header">Status</td>
+ <td nowrap class="header">Errors</td>
+ <td nowrap class="header">Warnings</td>
+ <td nowrap class="header">Total Issues</td>
+ </tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AccessControlException.cs</td>
+ <td class="content">AccessControlException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue16" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AuthenticationAccountsException.cs</td>
+ <td class="content">AuthenticationAccountsException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue17" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AuthenticationCredentialsException.cs</td>
+ <td
class="content">AuthenticationCredentialsException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue18" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
+ <td class="content"><IMG alt="expand/collapse section"
height="11" src="_ConversionReport_Files/ConversionReport_Blank.gif"
width="9"> AuthenticationException.cs</td>
+ <td class="content">AuthenticationException.java</td>
+ <td class="content">
+ Converted</td> <td class="content">0</td>
+ <td class="content">0</td>
+ <td class="content">0</td>
+ </tr>
+ <tr class="collapsed" id="issue19" bgcolor="#ffffff"><td
colspan="7">
+ </td></tr>
+ <tr class="row">
***The diff for this file has been truncated for email.***
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport.css Tue Jun 14
21:31:31 2011
@@ -0,0 +1,208 @@
+BODY
+{
+ BACKGROUND-COLOR: white;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px
+}
+P
+{
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 70%;
+ LINE-HEIGHT: 12pt;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 10px
+}
+.note
+{
+ BACKGROUND-COLOR: #ffffff;
+ COLOR: #336699;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ LINE-HEIGHT: 12pt;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px;
+ PADDING-RIGHT: 10px
+}
+.infotable
+{
+ BACKGROUND-COLOR: #f0f0e0;
+ BORDER-BOTTOM: #ffffff 0px solid;
+ BORDER-COLLAPSE: collapse;
+ BORDER-LEFT: #ffffff 0px solid;
+ BORDER-RIGHT: #ffffff 0px solid;
+ BORDER-TOP: #ffffff 0px solid;
+ FONT-SIZE: 70%;
+ MARGIN-LEFT: 10px
+}
+.issuetable
+{
+ BACKGROUND-COLOR: #ffffe8;
+ BORDER-COLLAPSE: collapse;
+ COLOR: #000000;
+ FONT-SIZE: 100%;
+ MARGIN-BOTTOM: 10px;
+ MARGIN-LEFT: 13px;
+ MARGIN-TOP: 0px
+}
+.issuetitle
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px;
+ COLOR: #003366;
+ FONT-WEIGHT: normal
+}
+.header
+{
+ BACKGROUND-COLOR: #cecf9c;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: bold
+}
+.issuehdr
+{
+ BACKGROUND-COLOR: #E0EBF5;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.issuenone
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: 0px;
+ BORDER-LEFT: 0px;
+ BORDER-RIGHT: 0px;
+ BORDER-TOP: 0px;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.content
+{
+ BACKGROUND-COLOR: #e7e7ce;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ PADDING-LEFT: 3px
+}
+.issuecontent
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ PADDING-LEFT: 3px
+}
+A:link
+{
+ COLOR: #cc6633;
+ TEXT-DECORATION: underline
+}
+A:visited
+{
+ COLOR: #cc6633;
+}
+A:active
+{
+ COLOR: #cc6633;
+}
+A:hover
+{
+ COLOR: #cc3300;
+ TEXT-DECORATION: underline
+}
+H1
+{
+ BACKGROUND-COLOR: #003366;
+ BORDER-BOTTOM: #336699 6px solid;
+ COLOR: #ffffff;
+ FONT-SIZE: 130%;
+ FONT-WEIGHT: normal;
+ MARGIN: 0em 0em 0em -20px;
+ PADDING-BOTTOM: 8px;
+ PADDING-LEFT: 30px;
+ PADDING-TOP: 16px
+}
+H2
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 3px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px;
+ PADDING-LEFT: 0px
+}
+H3
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: -5px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px
+}
+H4
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-TOP: 15px;
+ PADDING-BOTTOM: 0px
+}
+UL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+OL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+LI
+{
+ LIST-STYLE: square;
+ MARGIN-LEFT: 0px
+}
+.expandable
+{
+ CURSOR: hand
+}
+.expanded
+{
+ color: black
+}
+.collapsed
+{
+ DISPLAY: none
+}
+.foot
+{
+BACKGROUND-COLOR: #ffffff;
+BORDER-BOTTOM: #cecf9c 1px solid;
+BORDER-TOP: #cecf9c 2px solid
+}
+.settings
+{
+MARGIN-LEFT: 25PX;
+}
+.help
+{
+TEXT-ALIGN: right;
+margin-right: 10px;
+}
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport_Blank.gif Tue
Jun 14 21:31:31 2011
@@ -0,0 +1,1 @@
+GIF89a ò €€€ÀÀÀÿÿÿ !ù , (ºÜ 0ÊA뀶â|
C šÇm iIh ;
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport_Minus.gif Tue
Jun 14 21:31:31 2011
@@ -0,0 +1,1 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã`2Ò:à œgüaWå”A ;
=======================================
--- /dev/null
+++ /branches/2.0/_ConversionReport_Files/ConversionReport_Plus.gif Tue Jun
14 21:31:31 2011
@@ -0,0 +1,2 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã` D
+-¤ ÷ TW˜ Òè8 ;
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport.css Tue Jun 14
21:31:31 2011
@@ -0,0 +1,207 @@
+BODY
+{
+ BACKGROUND-COLOR: white;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px
+}
+P
+{
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 70%;
+ LINE-HEIGHT: 12pt;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 10px
+}
+.note
+{
+ BACKGROUND-COLOR: #ffffff;
+ COLOR: #336699;
+ FONT-FAMILY: "Verdana", sans-serif;
+ FONT-SIZE: 100%;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-LEFT: 0px;
+ MARGIN-TOP: 0px;
+ PADDING-RIGHT: 10px
+}
+.infotable
+{
+ BACKGROUND-COLOR: #f0f0e0;
+ BORDER-BOTTOM: #ffffff 0px solid;
+ BORDER-COLLAPSE: collapse;
+ BORDER-LEFT: #ffffff 0px solid;
+ BORDER-RIGHT: #ffffff 0px solid;
+ BORDER-TOP: #ffffff 0px solid;
+ FONT-SIZE: 70%;
+ MARGIN-LEFT: 10px
+}
+.issuetable
+{
+ BACKGROUND-COLOR: #ffffe8;
+ BORDER-COLLAPSE: collapse;
+ COLOR: #000000;
+ FONT-SIZE: 100%;
+ MARGIN-BOTTOM: 10px;
+ MARGIN-LEFT: 13px;
+ MARGIN-TOP: 0px
+}
+.issuetitle
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px;
+ COLOR: #003366;
+ FONT-WEIGHT: normal
+}
+.header
+{
+ BACKGROUND-COLOR: #cecf9c;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: bold
+}
+.issuehdr
+{
+ BACKGROUND-COLOR: #E0EBF5;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.issuenone
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: 0px;
+ BORDER-LEFT: 0px;
+ BORDER-RIGHT: 0px;
+ BORDER-TOP: 0px;
+ COLOR: #000000;
+ FONT-WEIGHT: normal
+}
+.content
+{
+ BACKGROUND-COLOR: #e7e7ce;
+ BORDER-BOTTOM: #ffffff 1px solid;
+ BORDER-LEFT: #ffffff 1px solid;
+ BORDER-RIGHT: #ffffff 1px solid;
+ BORDER-TOP: #ffffff 1px solid;
+ PADDING-LEFT: 3px
+}
+.issuecontent
+{
+ BACKGROUND-COLOR: #ffffff;
+ BORDER-BOTTOM: #dcdcdc 1px solid;
+ BORDER-TOP: #dcdcdc 1px solid;
+ PADDING-LEFT: 3px
+}
+A:link
+{
+ COLOR: #cc6633;
+ TEXT-DECORATION: underline
+}
+A:visited
+{
+ COLOR: #cc6633;
+}
+A:active
+{
+ COLOR: #cc6633;
+}
+A:hover
+{
+ COLOR: #cc3300;
+ TEXT-DECORATION: underline
+}
+H1
+{
+ BACKGROUND-COLOR: #003366;
+ BORDER-BOTTOM: #336699 6px solid;
+ COLOR: #ffffff;
+ FONT-SIZE: 130%;
+ FONT-WEIGHT: normal;
+ MARGIN: 0em 0em 0em -20px;
+ PADDING-BOTTOM: 8px;
+ PADDING-LEFT: 30px;
+ PADDING-TOP: 16px
+}
+H2
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 3px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px;
+ PADDING-LEFT: 0px
+}
+H3
+{
+ COLOR: #000000;
+ FONT-SIZE: 80%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: -5px;
+ MARGIN-LEFT: 10px;
+ MARGIN-TOP: 20px
+}
+H4
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ FONT-WEIGHT: bold;
+ MARGIN-BOTTOM: 0px;
+ MARGIN-TOP: 15px;
+ PADDING-BOTTOM: 0px
+}
+UL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+OL
+{
+ COLOR: #000000;
+ FONT-SIZE: 70%;
+ LIST-STYLE: square;
+ MARGIN-BOTTOM: 0pt;
+ MARGIN-TOP: 0pt
+}
+LI
+{
+ LIST-STYLE: square;
+ MARGIN-LEFT: 0px
+}
+.expandable
+{
+ CURSOR: hand
+}
+.expanded
+{
+ color: black
+}
+.collapsed
+{
+ DISPLAY: none
+}
+.foot
+{
+BACKGROUND-COLOR: #ffffff;
+BORDER-BOTTOM: #cecf9c 1px solid;
+BORDER-TOP: #cecf9c 2px solid
+}
+.settings
+{
+MARGIN-LEFT: 25PX;
+}
+.help
+{
+TEXT-ALIGN: right;
+margin-right: 10px;
+}
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport.xslt Tue Jun 14
21:31:31 2011
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl='urn:schemas-microsoft-com:xslt'>
+
+ <xsl:key name="ProjectKey" match="Event" use="@Project" />
+
+ <xsl:template match="Events" mode="createProjects">
+ <projects>
+ <xsl:for-each select="Event">
+ <!--xsl:sort select="@Project" order="descending"/-->
+ <xsl:if test="(1=position()) or
(preceding-sibling::*[1]/@Project != @Project)">
+
+ <xsl:variable name="ProjectName" select="@Project"/>
+
+ <project>
+ <xsl:attribute name="name">
+ <xsl:value-of select="@Project"/>
+ </xsl:attribute>
+
+ <xsl:if test="@Project=''">
+ <xsl:attribute name="solution">
+ <xsl:value-of select="@Solution"/>
+ </xsl:attribute>
+ </xsl:if>
+
+ <xsl:for-each select="key('ProjectKey',
$ProjectName)">
+ <!--xsl:sort select="@Source" /-->
+ <xsl:if test="(1=position()) or
(preceding-sibling::*[1]/@Source != @Source)">
+
+ <source>
+ <xsl:attribute name="name">
+ <xsl:value-of select="@Source"/>
+ </xsl:attribute>
+
+ <xsl:variable name="Source">
+ <xsl:value-of select="@Source"/>
+ </xsl:variable>
+
+ <xsl:for-each
select="key('ProjectKey', $ProjectName)[ @Source = $Source ]">
+
+ <event>
+ <xsl:attribute
name="error-level">
+ <xsl:value-of
select="@ErrorLevel"/>
+ </xsl:attribute>
+ <xsl:attribute
name="description">
+ <xsl:value-of
select="@Description"/>
+ </xsl:attribute>
+ </event>
+ </xsl:for-each>
+ </source>
+ </xsl:if>
+ </xsl:for-each>
+
+ </project>
+ </xsl:if>
+ </xsl:for-each>
+ </projects>
+ </xsl:template>
+
+ <xsl:template match="projects">
+ <xsl:for-each select="project">
+ <xsl:sort select="@Name" order="ascending"/>
+ <h2>
+ <xsl:if test="@solution">Solution: <xsl:value-of
select="@solution"/></xsl:if>
+ <xsl:if test="not(@solution)">Project: <xsl:value-of
select="@name"/>
+ <xsl:for-each select="source">
+ <xsl:variable name="Hyperlink" select="@name"/>
+ <xsl:for-each select="event[@error-level='4']">
+  <A class="note"><xsl:attribute name="HREF"><xsl:value-of
select="$Hyperlink"/></xsl:attribute><xsl:value-of
select="@description"/></A>
+ </xsl:for-each>
+ </xsl:for-each>
+ </xsl:if>
+ </h2>
+
+ <table cellpadding="2" cellspacing="0" width="98%" border="1"
bordercolor="white" class="infotable">
+ <tr>
+ <td nowrap="1" class="header"
_locID="Filename">Filename</td>
+ <td nowrap="1" class="header" _locID="Status">Status</td>
+ <td nowrap="1" class="header" _locID="Errors">Errors</td>
+ <td nowrap="1" class="header"
_locID="Warnings">Warnings</td>
+ </tr>
+
+ <xsl:for-each select="source">
+ <xsl:sort select="@name" order="ascending"/>
+ <xsl:variable name="source-id" select="generate-id(.)"/>
+
+ <xsl:if
test="count(event)!=count(event[@error-level='4'])">
+
+ <tr class="row">
+ <td class="content">
+ <A HREF="javascript:"><xsl:attribute
name="onClick">javascript:document.images['<xsl:value-of
select="$source-id"/>'].click()</xsl:attribute><IMG border="0"
alt="expand/collapse section" class="expandable" height="11"
onclick="changepic()" src="_UpgradeReport_Files/UpgradeReport_Plus.gif"
width="9" ><xsl:attribute name="name"><xsl:value-of
select="$source-id"/></xsl:attribute><xsl:attribute
name="child">src<xsl:value-of
select="$source-id"/></xsl:attribute></IMG></A> <xsl:value-of
select="@name"/>
+ </td>
+ <td class="content">
+ <xsl:if test="count(event[@error-level='3'])=1">
+ <xsl:for-each select="event[@error-level='3']">
+ <xsl:if
test="@description='Converted'">Converted</xsl:if>
+ <xsl:if
test="@description!='Converted'"><xsl:value-of
select="@description"/></xsl:if>
+ </xsl:for-each>
+ </xsl:if>
+ <xsl:if test="count(event[@error-level='3'])!=1
and count(event[@error-level='3' and
@description='Converted'])!=0">Converted
+ </xsl:if>
+ </td>
+ <td class="content"><xsl:value-of
select="count(event[@error-level='2'])"/></td>
+ <td class="content"><xsl:value-of
select="count(event[@error-level='1'])"/></td>
+ </tr>
+
+ <tr class="collapsed" bgcolor="#ffffff">
+ <xsl:attribute name="id">src<xsl:value-of
select="$source-id"/></xsl:attribute>
+
+ <td colspan="7">
+ <table width="97%" border="1"
bordercolor="#dcdcdc" rules="cols" class="issuetable">
+ <tr>
+ <td colspan="7" class="issuetitle"
_locID="ConversionIssues">Conversion Issues - <xsl:value-of
select="@name"/>:</td>
+ </tr>
+
+ <xsl:for-each
select="event[@error-level!='3']">
+ <xsl:if test="@error-level!='4'">
+ <tr>
+ <td class="issuenone"
style="border-bottom:solid 1 lightgray">
+ <xsl:value-of
select="@description"/>
+ </td>
+ </tr>
+ </xsl:if>
+ </xsl:for-each>
+ </table>
+ </td>
+ </tr>
+ </xsl:if>
+ </xsl:for-each>
+
+ <tr valign="top">
+ <td class="foot">
+ <xsl:if test="count(source)!=1">
+ <xsl:value-of select="count(source)"/> files
+ </xsl:if>
+ <xsl:if test="count(source)=1">
+ 1 file
+ </xsl:if>
+ </td>
+ <td class="foot">
+ Converted: <xsl:value-of
select="count(source/event[@error-level='3' and
@description='Converted'])"/><BR />
+ Not converted <xsl:value-of select="count(source) -
count(source/event[@error-level='3' and @description='Converted'])"/>
+ </td>
+ <td class="foot"><xsl:value-of
select="count(source/event[@error-level='2'])"/></td>
+ <td class="foot"><xsl:value-of
select="count(source/event[@error-level='1'])"/></td>
+ </tr>
+ </table>
+ </xsl:for-each>
+ </xsl:template>
+
+ <xsl:template match="Property">
+ <xsl:if test="@Name!='Date' and @Name!='Time' and
@Name!='LogNumber' and @Name!='Solution'">
+ <tr><td nowrap="1"><b><xsl:value-of select="@Name"/>:
</b><xsl:value-of select="@Value"/></td></tr>
+ </xsl:if>
+ </xsl:template>
+
+ <xsl:template match="UpgradeLog">
+ <html>
+ <head>
+ <META HTTP-EQUIV="Content-Type" content="text/html;
charset=utf-8" />
+ <link rel="stylesheet"
href="_UpgradeReport_Files\UpgradeReport.css" />
+ <title>Conversion Report 
+ <xsl:if test="Properties/Property[@Name='LogNumber']">
+ <xsl:value-of
select="Properties/Property[@Name='LogNumber']/@Value"/>
+ </xsl:if>
+ </title>
+ <script language="javascript">
+ function outliner () {
+ oMe = window.event.srcElement
+ //get child element
+ var child =
document.all[event.srcElement.getAttribute("child",false)];
+ //if child element exists, expand or collapse it.
+ if (null != child)
+ child.className = child.className
== "collapsed" ? "expanded" : "collapsed";
+ }
+
+ function changepic() {
+ uMe = window.event.srcElement;
+ var check = uMe.src.toLowerCase();
+ if (check.lastIndexOf("upgradereport_plus.gif") !=
-1)
+ {
+ uMe.src
= "_UpgradeReport_Files/UpgradeReport_Minus.gif"
+ }
+ else
+ {
+ uMe.src
= "_UpgradeReport_Files/UpgradeReport_Plus.gif"
+ }
+ }
+ </script>
+ </head>
+ <body topmargin="0" leftmargin="0" rightmargin="0"
onclick="outliner();">
+ <h1 _locID="ConversionReport">Conversion Report -
<xsl:value-of select="Properties/Property[@Name='Solution']/@Value"/></h1>
+
+ <p><span class="note">
+ <b>Time of Conversion:</b>  <xsl:value-of
select="Properties/Property[@Name='Date']/@Value"/>  <xsl:value-of
select="Properties/Property[@Name='Time']/@Value"/><br/>
+ </span></p>
+
+ <xsl:variable name="SortedEvents">
+ <Events>
+ <xsl:for-each select="Event">
+ <xsl:sort select="@Project" order="ascending"/>
+ <xsl:sort select="@Source" order="ascending"/>
+ <xsl:sort select="@ErrorLevel"
order="ascending"/>
+ <Event>
+ <xsl:attribute
name="Project"><xsl:value-of select="@Project"/> </xsl:attribute>
+ <xsl:attribute
name="Solution"><xsl:value-of
select="/UpgradeLog/Properties/Property[@Name='Solution']/@Value"/>
</xsl:attribute>
+ <xsl:attribute name="Source"><xsl:value-of
select="@Source"/> </xsl:attribute>
+ <xsl:attribute
name="ErrorLevel"><xsl:value-of select="@ErrorLevel"/> </xsl:attribute>
+ <xsl:attribute
name="Description"><xsl:value-of select="@Description"/> </xsl:attribute>
+ </Event>
+ </xsl:for-each>
+ </Events>
+ </xsl:variable>
+
+ <xsl:variable name="Projects">
+ <xsl:apply-templates
select="msxsl:node-set($SortedEvents)/*" mode="createProjects"/>
+ </xsl:variable>
+
+ <xsl:apply-templates select="msxsl:node-set($Projects)/*"/>
+
+ <p></p><p>
+ <table class="note">
+ <tr>
+ <td nowrap="1">
+ <b>Conversion Settings</b>
+ </td>
+ </tr>
+ <xsl:apply-templates select="Properties"/>
+ </table></p>
+ </body>
+ </html>
+ </xsl:template>
+</xsl:stylesheet>
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport_Minus.gif Tue Jun 14
21:31:31 2011
@@ -0,0 +1,1 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã`2Ò:à œgüaWå”A ;
=======================================
--- /dev/null
+++ /branches/2.0/_UpgradeReport_Files/UpgradeReport_Plus.gif Tue Jun 14
21:31:31 2011
@@ -0,0 +1,2 @@
+GIF89a ñ €€€ÀÀÀÿÿÿ!ù , ” yÁí ã` D
+-¤ ÷ TW˜ Òè8 ;
=======================================
--- /dev/null
+++ /branches/2.0/build.xml Tue Jun 14 21:31:31 2011
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project basedir="." default="dist" name="owasp-esapi-java">
+ <target name="init">
+
+ <property file="local.properties"/>
+
+ <buildnumber/>
+ <property name="project.name" value="${ant.project.name}"/>
+ <property name="project.version" value="1.1.1"/>
+ <property name="build.dir" location="${basedir}/build"/>
+ <property name="jar"
location="${build.dir}/${project.name}-classes.jar"/>
+ <property name="src.dir" location="${basedir}/src"/>
+ <property name="test.dir" location="${basedir}/test"/>
+ <property name="dist.dir" location="${basedir}/dist"/>
+ <property name="javadoc.dir" location="${basedir}/doc/api"/>
+
+ </target>
+
+ <target depends="init" description="clean up the build area"
name="clean">
+ <delete includeemptydirs="true" failonerror="false">
+ <fileset dir="${build.dir}" includes="**/*"/>
+ <fileset dir="${dist.dir}" includes="**/*"/>
+ </delete>
+ <mkdir dir="${build.dir}"/>
+ <mkdir dir="${dist.dir}"/>
+ </target>
+
+ <target depends="init" description="Compile the sources"
name="compile">
+ <javac
+ deprecation="yes"
+ destdir="${build.dir}"
+ listfiles="no"
+ optimize="on"
+ srcdir="${src.dir}"
+ debug="on"
+ source="1.4"
+ target="1.4"
+ >
+ <classpath>
+ <fileset dir="lib">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </javac>
+ </target>
+ <target depends="compile" description="Build a jar file" name="build">
+ <jar basedir="${build.dir}" jarfile="${jar}">
+ </jar>
+ </target>
+ <target
+ depends="init,clean"
+ description="packages up the source files"
+ name="source"
+ >
+ <zip
destfile="${dist.dir}/${project.name}-src-${project.version}.zip">
+ <zipfileset
+ dir="${basedir}"
+ includes="build.xml"
+ prefix="${project.name}-${project.version}"
+ />
+ <zipfileset
+ dir="${src.dir}"
+ excludes="**/.*"
+ prefix="${project.name}-${project.version}/src"
+ />
+ <zipfileset
+ dir="${test.dir}"
+ excludes="**/.*"
+ prefix="${project.name}-${project.version}/test"
+ />
+ </zip>
+ </target>
+ <target depends="clean,build"
+ description="Build a standalone self-contained jar"
+ name="proguard" >
+ <taskdef
+ classpath="${proguard.location}/lib/proguard.jar"
+ resource="proguard/ant/task.properties"
+ />
+ <!-- ProGuard is used simply to aggregate the various libraries
into -->
+ <!-- a single distributable. No shrinking, optimization or
obfuscation -->
+ <!-- is performed. We ignore warnings about certain missing
classes -->
+ <!-- since they are not used/required -->
+ <proguard
+ ignorewarnings="true"
+ obfuscate="false"
+ optimize="false"
+ shrink="false"
+ verbose="false"
+ printusage="false"
+ >
+ <injar name="${jar}"/>
+ <injar name="lib/antisamy-bin.1.0.jar"/>
+ <injar name="lib/commons-fileupload-1.2.jar"/>
+ <injar name="lib/commons-io-1.3.2.jar"/>
+ <libraryjar name="${java.home}/lib/rt.jar"/>
+ <libraryjar name="${java.home}/lib/jsse.jar"/>
+ <libraryjar name="lib/servlet-api.jar"/>
+ <outjar
name="${dist.dir}/${project.name}-${project.version}.jar"/>
+ </proguard>
+ </target>
+ <target
+ depends="clean,source,build,proguard"
+ description="Build all distributables"
+ name="dist"
+ />
+</project>
=======================================
--- /dev/null
+++
/branches/2.0/obj/Debug/owasp-esapi-ASP-11.csproj.GenerateResource.Cache
Tue Jun 14 21:31:31 2011
@@ -0,0 +1,9 @@
+ ÿÿÿÿ XMicrosoft.Build.Tasks, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a (Microsoft.Build.Tasks.ResGenDependencies
resXFiles baseLinkedFileDirectory "Microsoft.Build.Tasks.Dependencies
+ "Microsoft.Build.Tasks.Dependencies dependencies
+System.Collections.Hashtable
+System.Collections.Hashtable
+LoadFactor Version Comparer HashCodeProvider HashSize Keys Values
+System.Collections.IComparer$System.Collections.IHashCodeProvider ìQ8?
+
+ Global.asax.resx
1Microsoft.Build.Tasks.ResGenDependencies+ResXFile linkedFiles DependencyFile+filename DependencyFile+lastModified DependencyFile+exists
+ z_VM £Êˆ
=======================================
--- /dev/null
+++ /branches/2.0/obj/Debug/owasp_esapi_ASP_11.Global.resources Tue Jun 14
21:31:31 2011
@@ -0,0 +1,1 @@
+ÎÊï¾ ‘ lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet PADPADP´
=======================================
--- /dev/null
+++ /branches/2.0/obj/owasp-esapi-ASP-11.csproj.FileListAbsolute.txt Tue
Jun 14 21:31:31 2011
@@ -0,0 +1,3 @@
+C:\Documents and Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\obj\Debug\ResolveAssemblyReference.cache
+C:\Documents and Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\obj\Debug\owasp_esapi_ASP_11.Global.resources
+C:\Documents and Settings\Juan Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\obj\Debug\owasp-esapi-ASP-11.csproj.GenerateResource.Cache
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-1.1.xml Tue Jun 14 21:31:31 2011
@@ -0,0 +1,3155 @@
+<ConversionLog>
+ <Settings>
+ <Setting
+ Name = "LogFile"
+ Value = "owasp-esapi-ASP-1.1.xml"
+ />
+ <Setting
+ Name = "ProjectName"
+ Value = "owasp-esapi-ASP-11"
+ />
+ <Setting
+ Name = "StartTime"
+ Value = "Monday, June 23, 2008 19:31:18"
+ />
+ <Setting
+ Name = "OutputDir"
+ Value = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1"
+ />
+ <Setting
+ Name = "ProjectPath"
+ Value = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic ASP\owasp-esapi-java-1.1.1"
+ />
+ </Settings>
+ <Root>
+ <Directory Name = "src" >
+ <Directory Name = "org" >
+ <Directory Name = "owasp" >
+ <Directory Name = "esapi" >
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\AccessController.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AccessController.cs"
+ >
+ <Class Name
= "org.owasp.esapi.AccessController" >
+ <Section Name
= "overlap(java.util.Set,java.util.Set)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "loadRules(java.io.File)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileInputStreamFileInputStream_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileInputStream.FileInputStream' was converted
to 'System.IO.FileStream.FileStream' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.AccessController.Rule" >
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashSet"
+ Severity = "2"
+ >Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\AccessReferenceMap.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AccessReferenceMap.cs"
+ >
+ <Class Name
= "org.owasp.esapi.AccessReferenceMap" >
+ <Section Name = "iterator()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilTreeSet"
+ Severity = "2"
+ >Class 'java.util.TreeSet' was converted
to 'SupportClass.TreeSetSupport' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilTreeSet"
+ Severity = "2"
+ >Class 'java.util.TreeSet' was converted
to 'SupportClass.TreeSetSupport' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMapkeySet"
+ Severity = "2"
+ >Method 'java.util.HashMap.keySet' was
converted to 'SupportClass.HashSetSupport' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "removeDirectReference(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "update(java.util.Set)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMapkeySet"
+ Severity = "2"
+ >Method 'java.util.HashMap.keySet' was
converted to 'SupportClass.HashSetSupport' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ <Section Name
= "getIndirectReference(java.lang.Object)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "getDirectReference(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Authenticator.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Authenticator.cs"
+ >
+ <Class Name
= "org.owasp.esapi.Authenticator.ThreadLocalUser" >
+ <Section Name = "getUser()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name
= "setUser(org.owasp.esapi.interfaces.IUser)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Authenticator.ThreadLocalRequest" >
+ <Section Name = "getRequest()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name
= "setUser(javax.servlet.http.HttpServletRequest)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Authenticator.ThreadLocalResponse" >
+ <Section Name = "getResponse()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name
= "setUser(javax.servlet.http.HttpServletResponse)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ <Section Name = "clearCurrent()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ <Section Name = "getCurrentUser()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name = "getCurrentRequest()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name = "getCurrentResponse()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.get' was not converted.</Issue>
+ </Section>
+ <Section Name = "getUserNames()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashSet"
+ Severity = "2"
+ >Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilMapkeySet"
+ Severity = "2"
+ >Method 'java.util.Map.keySet' was
converted to 'SupportClass.HashSetSupport' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "loadUsersIfNecessary()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.File.lastModified' may return a different value.</Issue>
+ </Section>
+ <Section Name = "loadUsersImmediately()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the expected value of
parameters for constructor 'java.io.BufferedReader.BufferedReader' may
cause compilation errors. </Issue>
+ <Issue
+ Type = "Runtime"
+ Number = "1181"
+ Severity = "2"
+ >At least one expression was used more
than once in the target code.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ Severity = "2"
+
>Constructor 'java.io.FileReader.FileReader' was converted
to 'System.IO.StreamReader' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ Severity = "2"
+
>Constructor 'java.io.FileReader.FileReader' was converted
to 'System.IO.StreamReader' which has a different behavior.</Issue>
+ </Section>
+ <Section Name
= "loginWithUsernameAndPassword(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)"
>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxservletServletRequestgetParameter_javalangString"
+ Severity = "2"
+
>Method 'javax.servlet.ServletRequest.getParameter' was converted
to 'System.Web.HttpRequest' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxservletServletRequestgetParameter_javalangString"
+ Severity = "2"
+
>Method 'javax.servlet.ServletRequest.getParameter' was converted
to 'System.Web.HttpRequest' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "saveUsers()" >
+ <Issue
+ Type = "Runtime"
+ Number = "1181"
+ Severity = "2"
+ >At least one expression was used more
than once in the target code.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileWriterFileWriter_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileWriter.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javaioFileWriter"
+ Severity = "2"
+ >Class 'java.io.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileWriterFileWriter_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileWriter.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javaioFileWriter"
+ Severity = "2"
+ >Class 'java.io.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.PrintWriter.println' may return a different value.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln_javalangString"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.PrintWriter.println' may return a different value.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln_javalangString"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.File.lastModified' may return a different value.</Issue>
+ </Section>
+ <Section Name
= "saveUsers(java.io.PrintWriter)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.io.PrintWriter.println' may return a different value.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioPrintWriterprintln_javalangString"
+ Severity = "2"
+ >Method 'java.io.PrintWriter.println' was
converted to 'System.IO.TextWriter.WriteLine' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "setCurrentHTTP(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)"
>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+
>Method 'java.lang.InheritableThreadLocal.set' was not converted.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+ >Class 'java.lang.InheritableThreadLocal'
was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+ >Class 'java.lang.InheritableThreadLocal'
was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangInheritableThreadLocal"
+ Severity = "1"
+ >Class 'java.lang.InheritableThreadLocal'
was not converted.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Encoder.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Encoder.cs"
+ >
+ <Class Name = "org.owasp.esapi.Encoder" >
+ <Section Name
= "encodeForBase64(byte[],boolean)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+ >Method 'sun.misc.CharacterEncoder.encode'
was not converted.</Issue>
+ </Section>
+ <Section Name
= "decodeFromBase64(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+
>Method 'sun.misc.CharacterDecoder.decodeBuffer' was not converted.</Issue>
+ </Section>
+ <Section Name = "initializeMaps()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Encoder.EncodedStringReader" >
+ <Section Name
= "parsePercent(java.lang.String,int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ Severity = "2"
+ >Method 'java.lang.Integer.parseInt' was
converted to 'System.Convert.ToInt32' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "parseEntity(java.lang.String,int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1291"
+ Severity = "3"
+ >The 'System.Char' structure does not have
an equivalent to NULL.</Issue>
+ <Issue
+ Type = "Runtime"
+ Number = "1101"
+ Severity = "2"
+ >Method 'java.lang.String.indexOf' was
converted to 'System.String.IndexOf' which may throw an exception.</Issue>
+ </Section>
+ </Class>
+ <Class Name
= "org.owasp.esapi.Encoder.EncodedCharacter" >
+ <Section Name = "getEncoded(int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilHashMapget_javalangObject"
+ Severity = "2"
+ >Method 'java.util.HashMap.get' was
converted to 'System.Collections.Hashtable.Item' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+ >Class 'sun.misc.BASE64Encoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+
>Constructor 'sun.misc.BASE64Encoder.BASE64Encoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+ >Class 'sun.misc.BASE64Decoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1095"
+ Severity = "1"
+
>Constructor 'sun.misc.BASE64Decoder.BASE64Decoder' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilHashMap"
+ Severity = "2"
+ >Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1262"
+ Severity = "2"
+ >The type 'sun.text.Normalizer' could not
be found. If it was not included in the conversion, there may be compiler
issues.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\EncryptedProperties.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EncryptedProperties.cs"
+ >
+ <Class Name
= "org.owasp.esapi.EncryptedProperties" >
+ <Section Name
= "setProperty(java.lang.String,java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilPropertiessetProperty_javalangString_javalangString"
+ Severity = "2"
+ >Method 'java.util.Properties.setProperty'
was converted to 'System.Collections.Specialized.NameValueCollection.Item'
which has a different behavior.</Issue>
+ </Section>
+ <Section Name
= "load(java.io.InputStream)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilPropertiesload_javaioInputStream"
+ Severity = "2"
+ >Method 'java.util.Properties.load' was
converted to 'System.Collections.Specialized.NameValueCollection' which has
a different behavior.</Issue>
+ </Section>
+ <Section Name
= "store(java.io.OutputStream,java.lang.String)" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javautilPropertiesstore_javaioOutputStream_javalangString"
+ Severity = "1"
+ >Method 'java.util.Properties.store' was
not converted.</Issue>
+ </Section>
+ <Section Name = "main(java.lang.String[])"
>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileInputStreamFileInputStream_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileInputStream.FileInputStream' was converted
to 'System.IO.FileStream.FileStream' which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the expected value of
parameters for constructor 'java.io.BufferedReader.BufferedReader' may
cause compilation errors. </Issue>
+ <Issue
+ Type = "Runtime"
+ Number = "1181"
+ Severity = "2"
+ >At least one expression was used more
than once in the target code.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaioFileOutputStreamFileOutputStream_javaioFile"
+ Severity = "2"
+
>Constructor 'java.io.FileOutputStream.FileOutputStream' was converted
to 'System.IO.FileStream.FileStream' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "Compile"
+ Number = "1186"
+ Severity = "2"
+ >Class hierarchy differences
between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1089"
+ Severity = "2"
+ >Format of property file may need to be
changed.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1186"
+ Severity = "2"
+ >Class hierarchy differences
between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation errors.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Encryptor.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Encryptor.cs"
+ >
+ <Class Name = "org.owasp.esapi.Encryptor" >
+ <Section Name = "Encryptor()" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javaxcryptospecPBEParameterSpec"
+ Severity = "1"
+
>Constructor 'javax.crypto.spec.PBEParameterSpec.PBEParameterSpec' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1287"
+ Severity = "2"
+ >A transformation string might not be
supported by the classes in the System.Security.Cryptography
namespace.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxcryptoSecretKeyFactorygenerateSecret_javasecurityspecKeySpec"
+ Severity = "2"
+
>Method 'javax.crypto.SecretKeyFactory.generateSecret' was converted
to 'System.Security.Cryptography.SymmetricAlgorithm.GenerateKey' which has
a different behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+ >Class 'java.security.KeyPairGenerator'
was not converted.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+
>Method 'java.security.KeyPairGenerator.getInstance' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.security.SecureRandom.getInstance' may return a different
value.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+
>Method 'java.security.KeyPairGenerator.initialize' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1277"
+ Severity = "2"
+ >The class 'java.security.KeyPair' was
converted to 'SupportClass.KeyPairSupport', which is not
serializable.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javasecurityKeyPairGenerator"
+ Severity = "1"
+
>Method 'java.security.KeyPairGenerator.generateKeyPair' was not
converted.</Issue>
+ </Section>
+ <Section Name
= "encrypt(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javalangStringgetBytes_javalangString"
+ Severity = "2"
+ >Method 'java.lang.String.getBytes' was
converted to 'System.Text.Encoding.GetEncoding(string).GetBytes(string)'
which has a different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ <Section Name
= "decrypt(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the Format of
parameters for constructor 'java.lang.String.String' may cause compilation
errors. </Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ <Section Name = "sign(java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignatureinitSign_javasecurityPrivateKey"
+ Severity = "2"
+ >Method 'java.security.Signature.initSign'
was converted to 'SupportClass.DigitalSignature.Signing' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignaturesign"
+ Severity = "2"
+ >Method 'java.security.Signature.sign' was
converted to 'SupportClass.DigitalSignature.Sign' which has a different
behavior.</Issue>
+ </Section>
+ <Section Name
= "verifySignature(java.lang.String,java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignatureinitVerify_javasecurityPublicKey"
+ Severity = "2"
+
>Method 'java.security.Signature.initVerify' was converted
to 'SupportClass.DigitalSignature.Verification' which has a different
behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javasecuritySignatureverify_byte[]"
+ Severity = "2"
+ >Method 'java.security.Signature.verify'
was converted to 'SupportClass.DigitalSignature.Verify' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ <Section Name
= "verifySeal(java.lang.String,java.lang.String)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilDategetTime"
+ Severity = "2"
+ >Method 'java.util.Date.getTime' was
converted to 'System.DateTime.Ticks' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "getTimeStamp()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilDategetTime"
+ Severity = "2"
+ >Method 'java.util.Date.getTime' was
converted to 'System.DateTime.Ticks' which has a different behavior.</Issue>
+ </Section>
+ <Section Name = "Declarations" >
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javaxcryptospecPBEParameterSpec"
+ Severity = "1"
+
>Class 'javax.crypto.spec.PBEParameterSpec' was not converted.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <Directory Name = "errors" >
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AccessControlException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AccessControlException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationAccountsException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationAccountsException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationCredentialsException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationCredentialsException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationHostException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationHostException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AuthenticationLoginException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AuthenticationLoginException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\AvailabilityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\AvailabilityException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\CertificateException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\CertificateException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\EncodingException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EncodingException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\EncryptionException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EncryptionException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\EnterpriseSecurityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\EnterpriseSecurityException.cs"
+ >
+ <Class Name
= "org.owasp.esapi.errors.EnterpriseSecurityException" >
+ <Section Name = "getUserMessage()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ExecutorException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ExecutorException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\IntegrityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\IntegrityException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\IntrusionException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\IntrusionException.cs"
+ >
+ <Class Name
= "org.owasp.esapi.errors.IntrusionException" >
+ <Section Name = "getUserMessage()" >
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ValidationAvailabilityException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ValidationAvailabilityException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ValidationException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ValidationException.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\errors\ValidationUploadException.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ValidationUploadException.cs"
+ />
+ </Directory>
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\ESAPI.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ESAPI.cs"
+ />
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\Executor.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\Executor.cs"
+ >
+ <Class Name = "org.owasp.esapi.Executor" >
+ <Section Name
= "executeSystemCommand(java.io.File,java.util.List,java.io.File,int)" >
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javautilIteratorhasNext"
+ Severity = "2"
+ >Method 'java.util.Iterator.hasNext' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different behavior.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam = "_javautilIteratornext"
+ Severity = "2"
+ >Method 'java.util.Iterator.next' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javalangRuntimeexec_javalangString[]_javalangString[]_javaioFile"
+ Severity = "1"
+ >Method 'java.lang.Runtime.exec' was not
converted.</Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1092"
+ Severity = "2"
+ >The differences in the expected value of
parameters for constructor 'java.io.BufferedReader.BufferedReader' may
cause compilation errors. </Issue>
+ <Issue
+ Type = "ToDo"
+ Number = "1043"
+ Severity = "2"
+ >The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value.</Issue>
+ </Section>
+ </Class>
+ </File>
+ <Directory Name = "filters" >
+ <File
+ OldPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\src\org\owasp\esapi\filters\ESAPIFilter.java"
+ NewPath = "C:\Documents and Settings\Juan
Carlos\Escritorio\OWASP\Classic
ASP\owasp-esapi-java-1.1.1\owasp-esapi-ASP-1.1\ESAPIFilter.cs"
+ >
+ <Class Name
= "org.owasp.esapi.filters.ESAPIFilter" >
+ <Section Name
= "doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)"
>
+ <Issue
+ Type = "ToDo"
+ Number = "1073"
+ LinkKeywordParam
= "_javaxservletRequestDispatcher"
+ Severity = "2"
+
>Interface 'javax.servlet.RequestDispatcher' was converted
to 'System.Web.HttpServerUtility' which has a different behavior.</Issue>
+ <Issue
+ Type = "Compile"
+ Number = "1000"
+ LinkKeywordParam
= "_javaxservletServletRequestgetRequestDispatcher_javalangString"
***The diff for this file has been truncated for email.***
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.csproj Tue Jun 14 21:31:31 2011
@@ -0,0 +1,210 @@
+<Project DefaultTargets="Build"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup>
+ <SchemaVersion>2.0</SchemaVersion>
+
<ProjectTypeGuids>{349c5851-65df-11da-9384-00065b846f21};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}</ProjectTypeGuids>
+ <Configuration Condition=" '$(Configuration)'
== '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+ <ApplicationIcon>
+ </ApplicationIcon>
+ <AssemblyKeyContainerName>
+ </AssemblyKeyContainerName>
+ <AssemblyName>owasp-esapi-ASP-11</AssemblyName>
+ <AssemblyOriginatorKeyFile>
+ </AssemblyOriginatorKeyFile>
+ <DefaultClientScript>JScript</DefaultClientScript>
+ <DefaultHTMLPageLayout>Grid</DefaultHTMLPageLayout>
+ <DefaultTargetSchema>IE50</DefaultTargetSchema>
+ <DelaySign>false</DelaySign>
+ <OutputType>Library</OutputType>
+ <RootNamespace>owasp_esapi_ASP_11</RootNamespace>
+ <NoStandardLibraries>false</NoStandardLibraries>
+ <RunPostBuildEvent>OnBuildSuccess</RunPostBuildEvent>
+ <StartupObject>
+ </StartupObject>
+ <FileUpgradeFlags>
+ </FileUpgradeFlags>
+ <UpgradeBackupLocation>
+ </UpgradeBackupLocation>
+ <ProjectGuid>{366DD1B5-7540-4310-847C-168784D8B207}</ProjectGuid>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|
AnyCPU' ">
+ <OutputPath>bin\</OutputPath>
+ <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
+ <BaseAddress>285212672</BaseAddress>
+ <CheckForOverflowUnderflow>false</CheckForOverflowUnderflow>
+ <ConfigurationOverrideFile>
+ </ConfigurationOverrideFile>
+ <DefineConstants>
+ </DefineConstants>
+ <DocumentationFile>
+ </DocumentationFile>
+ <DebugSymbols>true</DebugSymbols>
+ <FileAlignment>4096</FileAlignment>
+ <NoStdLib>false</NoStdLib>
+ <NoWarn>
+ </NoWarn>
+ <RegisterForComInterop>false</RegisterForComInterop>
+ <RemoveIntegerChecks>false</RemoveIntegerChecks>
+ <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+ <WarningLevel>4</WarningLevel>
+ <DebugType>full</DebugType>
+ <ErrorReport>prompt</ErrorReport>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|
AnyCPU' ">
+ <OutputPath>bin\</OutputPath>
+ <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
+ <BaseAddress>285212672</BaseAddress>
+ <CheckForOverflowUnderflow>false</CheckForOverflowUnderflow>
+ <ConfigurationOverrideFile>
+ </ConfigurationOverrideFile>
+ <DefineConstants>
+ </DefineConstants>
+ <DocumentationFile>
+ </DocumentationFile>
+ <DebugSymbols>true</DebugSymbols>
+ <FileAlignment>4096</FileAlignment>
+ <NoStdLib>false</NoStdLib>
+ <NoWarn>
+ </NoWarn>
+ <RegisterForComInterop>false</RegisterForComInterop>
+ <RemoveIntegerChecks>false</RemoveIntegerChecks>
+ <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+ <WarningLevel>4</WarningLevel>
+ <DebugType>full</DebugType>
+ <ErrorReport>prompt</ErrorReport>
+ </PropertyGroup>
+ <ItemGroup>
+ <Reference Include="mscorlib">
+ <Name>mscorlib</Name>
+ </Reference>
+ <Reference Include="System">
+ <Name>System</Name>
+ </Reference>
+ <Reference Include="System.Data">
+ <Name>System.Data</Name>
+ </Reference>
+ <Reference Include="System.Design">
+ <Name>System.Design</Name>
+ </Reference>
+ <Reference Include="System.Drawing">
+ <Name>System.Drawing</Name>
+ </Reference>
+ <Reference Include="System.Management">
+ <Name>System.Management</Name>
+ </Reference>
+ <Reference Include="System.Web">
+ <Name>System.Web</Name>
+ </Reference>
+ <Reference Include="System.Windows.Forms">
+ <Name>System.Windows.Forms</Name>
+ </Reference>
+ <Reference Include="System.Xml">
+ <Name>System.Xml</Name>
+ </Reference>
+ <Reference Include="System.XML">
+ <Name>System.XML</Name>
+ </Reference>
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="AssemblyInfo.cs" />
+ <Compile Include="Global.asax.cs">
+ <DependentUpon>Global.asax</DependentUpon>
+ <SubType>Code</SubType>
+ </Compile>
+ <Compile Include="src\org\owasp\esapi\AccessController.cs" />
+ <Compile Include="src\org\owasp\esapi\AccessReferenceMap.cs" />
+ <Compile Include="src\org\owasp\esapi\Authenticator.cs" />
+ <Compile Include="src\org\owasp\esapi\Encoder.cs" />
+ <Compile Include="src\org\owasp\esapi\EncryptedProperties.cs" />
+ <Compile Include="src\org\owasp\esapi\Encryptor.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AccessControlException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationAccountsException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationCredentialsException.cs"
/>
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationHostException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\AuthenticationLoginException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\AvailabilityException.cs"
/>
+ <Compile Include="src\org\owasp\esapi\errors\CertificateException.cs"
/>
+ <Compile Include="src\org\owasp\esapi\errors\EncodingException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\EncryptionException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\EnterpriseSecurityException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\ExecutorException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\IntegrityException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\IntrusionException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\ValidationAvailabilityException.cs" />
+ <Compile Include="src\org\owasp\esapi\errors\ValidationException.cs" />
+ <Compile
Include="src\org\owasp\esapi\errors\ValidationUploadException.cs" />
+ <Compile Include="src\org\owasp\esapi\ESAPI.cs" />
+ <Compile Include="src\org\owasp\esapi\Executor.cs" />
+ <Compile Include="src\org\owasp\esapi\filters\ESAPIFilter.cs" />
+ <Compile Include="src\org\owasp\esapi\HTTPUtilities.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IAccessController.cs"
/>
+ <Compile
Include="src\org\owasp\esapi\interfaces\IAccessReferenceMap.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IAuthenticator.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IEncoder.cs" />
+ <Compile
Include="src\org\owasp\esapi\interfaces\IEncryptedProperties.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IEncryptor.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IExecutor.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IHTTPUtilities.cs" />
+ <Compile
Include="src\org\owasp\esapi\interfaces\IIntrusionDetector.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\ILogger.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IRandomizer.cs" />
+ <Compile
Include="src\org\owasp\esapi\interfaces\ISecurityConfiguration.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IUser.cs" />
+ <Compile Include="src\org\owasp\esapi\interfaces\IValidator.cs" />
+ <Compile Include="src\org\owasp\esapi\IntrusionDetector.cs" />
+ <Compile Include="src\org\owasp\esapi\Logger.cs" />
+ <Compile Include="src\org\owasp\esapi\PKCSKeyGenerator.cs" />
+ <Compile Include="src\org\owasp\esapi\Randomizer.cs" />
+ <Compile Include="src\org\owasp\esapi\SecurityConfiguration.cs" />
+ <Compile Include="src\org\owasp\esapi\Threshold.cs" />
+ <Compile Include="src\org\owasp\esapi\User.cs" />
+ <Compile Include="src\org\owasp\esapi\Validator.cs" />
+ <Compile Include="SupportClass.cs" />
+ <Content Include="build.xml" />
+ <Content Include="Global.asax">
+ <SubType>Component</SubType>
+ </Content>
+ <Content Include="src\org\owasp\esapi\doc-files\Architecture.jpg" />
+ <Content Include="src\org\owasp\esapi\doc-files\OWASPTopTen.jpg" />
+ <Content Include="src\org\owasp\esapi\errors\package.html" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\AccessController.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\AccessReferenceMap.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\Authenticator.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\HTTPUtilities.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\IntrusionDetector.jpg" />
+ <Content
Include="src\org\owasp\esapi\interfaces\doc-files\Validator.jpg" />
+ <Content Include="src\org\owasp\esapi\interfaces\package.html" />
+ <Content Include="src\org\owasp\esapi\package.html" />
+ <Content Include="Web.config" />
+ <EmbeddedResource Include="Global.asax.resx">
+ <DependentUpon>Global.asax.cs</DependentUpon>
+ </EmbeddedResource>
+ <None Include="_ConversionReport.htm">
+ <SubType>Preview</SubType>
+ </None>
+ </ItemGroup>
+ <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+ <PropertyGroup>
+ <PreBuildEvent>
+ </PreBuildEvent>
+ <PostBuildEvent>
+ </PostBuildEvent>
+ </PropertyGroup>
+ <Import
Project="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v8.0\WebApplications\Microsoft.WebApplication.targets"
/>
+ <ProjectExtensions>
+ <VisualStudio>
+ <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">
+ <WebProjectProperties>
+ <UseIIS>False</UseIIS>
+ <AutoAssignPort>True</AutoAssignPort>
+ <DevelopmentServerPort>0</DevelopmentServerPort>
+ <DevelopmentServerVPath>/</DevelopmentServerVPath>
+ <IISUrl>
+ </IISUrl>
+ <NTLMAuthentication>False</NTLMAuthentication>
+ </WebProjectProperties>
+ </FlavorProperties>
+ </VisualStudio>
+ </ProjectExtensions>
+</Project>
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.csproj.user Tue Jun 14 21:31:31 2011
@@ -0,0 +1,33 @@
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup>
+ <ProjectView>ProjectFiles</ProjectView>
+ </PropertyGroup>
+ <ProjectExtensions>
+ <VisualStudio>
+ <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">
+ <WebProjectProperties>
+ <StartPageUrl>
+ </StartPageUrl>
+ <StartAction>CurrentPage</StartAction>
+ <AspNetDebugging>True</AspNetDebugging>
+ <NativeDebugging>False</NativeDebugging>
+ <SQLDebugging>False</SQLDebugging>
+ <PublishCopyOption>RunFiles</PublishCopyOption>
+ <PublishTargetLocation>
+ </PublishTargetLocation>
+ <PublishDeleteAllFiles>False</PublishDeleteAllFiles>
+ <PublishCopyAppData>True</PublishCopyAppData>
+ <ExternalProgram>
+ </ExternalProgram>
+ <StartExternalURL>
+ </StartExternalURL>
+ <StartCmdLineArguments>
+ </StartCmdLineArguments>
+ <StartWorkingDirectory>
+ </StartWorkingDirectory>
+ <EnableENC>False</EnableENC>
+ </WebProjectProperties>
+ </FlavorProperties>
+ </VisualStudio>
+ </ProjectExtensions>
+</Project>
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.sln Tue Jun 14 21:31:31 2011
@@ -0,0 +1,24 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}")
= "owasp-esapi-ASP-11", "owasp-esapi-ASP-11.csproj", "{366DD1B5-7540-4310-847C-168784D8B207}"
+ ProjectSection(WebsiteProperties) = preProject
+ Debug.AspNetCompiler.Debug = "True"
+ Release.AspNetCompiler.Debug = "False"
+ EndProjectSection
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {366DD1B5-7540-4310-847C-168784D8B207}.Debug|Any CPU.ActiveCfg = Debug|
Any CPU
+ {366DD1B5-7540-4310-847C-168784D8B207}.Debug|Any CPU.Build.0 = Debug|Any
CPU
+ {366DD1B5-7540-4310-847C-168784D8B207}.Release|Any CPU.ActiveCfg =
Release|Any CPU
+ {366DD1B5-7540-4310-847C-168784D8B207}.Release|Any CPU.Build.0 = Release|
Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
=======================================
--- /dev/null
+++ /branches/2.0/owasp-esapi-ASP-11.suo Tue Jun 14 21:31:31 2011
Binary file, no diff available.
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/AccessController.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,537 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using AccessControlException =
org.owasp.esapi.errors.AccessControlException;
+using EncodingException = org.owasp.esapi.errors.EncodingException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+using ValidationException = org.owasp.esapi.errors.ValidationException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IAccessController
interface. This reference
+ /// implementation uses a simple model for specifying a set of access
control
+ /// rules. Many organizations will want to create their own
implementation of the
+ /// methods provided in the IAccessController interface.
+ /// <P>
+ /// This reference implementation uses a simple scheme for specifying the
rules.
+ /// The first step is to create a namespace for the resources being
accessed. For
+ /// files and URL's, this is easy as they already have a namespace. Be
extremely
+ /// careful about canonicalizing when relying on information from the
user in an
+ /// access ctnrol decision.
+ /// <P>
+ /// For functions, data, and services, you will have to come up with your
own
+ /// namespace for the resources being accessed. You might simply define a
flat
+ /// namespace with a list of category names. For example, you might
specify
+ /// 'FunctionA', 'FunctionB', and 'FunctionC'. Or you can create a richer
+ /// namespace with a hierarchical structure, such as:
+ /// <P>
+ /// /functions
+ /// <ul>
+ /// <li>purchasing</li>
+ /// <li>shipping</li>
+ /// <li>inventory</li>
+ /// </ul>
+ /// /admin
+ /// <ul>
+ /// <li>createUser</li>
+ /// <li>deleteUser</li>
+ /// </ul>
+ /// Once you've defined your namespace, you have to work out the rules
that
+ /// govern access to the different parts of the namespace. This
implementation
+ /// allows you to attach a simple access control list (ACL) to any part
of the
+ /// namespace tree. The ACL lists a set of roles that are either allowed
or
+ /// denied access to a part of the tree. You specify these rules in a
textfile
+ /// with a simple format.
+ /// <P>
+ /// There is a single configuration file supporting each of the five
methods in
+ /// the IAccessController interface. These files are located in the ESAPI
+ /// resources directory as specified when the JVM was started. The use of
a
+ /// default deny rule is STRONGLY recommended. The file format is as
follows:
+ ///
+ /// <pre>
+ /// path | role,role | allow/deny | comment
+ ///
------------------------------------------------------------------------------------
+ /// /banking/* | user,admin | allow | authenticated users can
access /banking
+ /// /admin | admin | allow | only admin role can access
/admin
+ /// / | any | deny | default deny rule
+ /// </pre>
+ ///
+ /// To find the matching rules, this implementation follows the general
approach
+ /// used in Java EE when matching HTTP requests to servlets in web.xml.
The
+ /// four mapping rules are used in the following order:
+ /// <ul>
+ /// <li>exact match, e.g. /access/login</li>
+ /// <li>longest path prefix match, beginning / and ending /*, e.g.
/access/* or /*</li>
+ /// <li>extension match, beginning *., e.g. *.css</li>
+ /// <li>default rule, specified by the single character pattern /</li>
+ /// </ul>
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.w...@aspectsecurity.com)
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IAccessController">
+ /// </seealso>
+ public class AccessController :
org.owasp.esapi.interfaces.IAccessController
+ {
+ private void InitBlock()
+ {
+ deny = new Rule(this);
+ }
+
+ /// <summary>The resource directory. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'resourceDirectory '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'resourceDirectory' was moved to
static
method 'org.owasp.esapi.AccessController'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly System.IO.FileInfo resourceDirectory;
+
+ /// <summary>The url map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary urlMap = new
System.Collections.Hashtable();
+
+ /// <summary>The function map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary functionMap = new
System.Collections.Hashtable();
+
+ /// <summary>The data map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary dataMap = new
System.Collections.Hashtable();
+
+ /// <summary>The file map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary fileMap = new
System.Collections.Hashtable();
+
+ /// <summary>The service map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary serviceMap = new
System.Collections.Hashtable();
+
+ /// <summary>The deny. </summary>
+ //UPGRADE_NOTE: The initialization of 'deny' was moved to
method 'InitBlock'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private Rule deny;
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.AccessController'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static Logger logger;
+
+ public AccessController()
+ {
+ InitBlock();
+ }
+
+ // FIXME: consider adding flag for logging
+ // FIXME: perhaps an enumeration for context (i.e. the layer the call is
made from)
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForURL(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForURL(System.String url)
+ {
+ if ((urlMap.Count == 0))
+ {
+ try
+ {
+ urlMap = loadRules(new System.IO.FileInfo(resourceDirectory.FullName
+ "\\" + "URLAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(urlMap, url);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForFunction(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForFunction(System.String functionName)
+ {
+ if ((functionMap.Count == 0))
+ {
+ try
+ {
+ functionMap = loadRules(new
System.IO.FileInfo(resourceDirectory.FullName + "\\"
+ "FunctionAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(functionMap, functionName);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForData(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForData(System.String key)
+ {
+ if ((dataMap.Count == 0))
+ {
+ try
+ {
+ dataMap = loadRules(new System.IO.FileInfo(resourceDirectory.FullName
+ "\\" + "DataAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(dataMap, key);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForFile(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForFile(System.String filepath)
+ {
+ if ((fileMap.Count == 0))
+ {
+ try
+ {
+ fileMap = loadRules(new System.IO.FileInfo(resourceDirectory.FullName
+ "\\" + "FileAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ // FIXME: AAA think about canonicalization here - use Java file
canonicalizer
+ // remember that Windows paths have \ instad of /
+ return matchRule(fileMap, filepath.replaceAll("\\\\", "/"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessController#isAuthorizedForBackendService(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool isAuthorizedForService(System.String serviceName)
+ {
+ if ((serviceMap.Count == 0))
+ {
+ try
+ {
+ serviceMap = loadRules(new
System.IO.FileInfo(resourceDirectory.FullName + "\\"
+ "ServiceAccessRules.txt"));
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+ try
+ {
+ return matchRule(serviceMap, serviceName);
+ }
+ catch (AccessControlException ex)
+ {
+ return false;
+ }
+ }
+
+ /// <summary> Match rule.
+ ///
+ /// </summary>
+ /// <param name="map">the map
+ /// </param>
+ /// <param name="path">the path
+ ///
+ /// </param>
+ /// <returns> true, if successful
+ ///
+ /// </returns>
+ /// <throws> AccessControlException </throws>
+ /// <summary> the access control exception
+ /// </summary>
+ private bool matchRule(System.Collections.IDictionary map, System.String
path)
+ {
+ // get users roles
+ User user = ESAPI.authenticator().getCurrentUser();
+ if (user == null)
+ {
+ return false;
+ }
+ SupportClass.SetSupport roles = user.Roles;
+ // search for the first rule that matches the path and rules
+ Rule rule = searchForRule(map, roles, path);
+ return rule.allow;
+ }
+
+ /// <summary> Search for rule. Four mapping rules are used in order: -
exact match,
+ /// e.g. /access/login - longest path prefix match, beginning / and
ending
+ /// /*, e.g. /access/* or /* - extension match, beginning *., e.g. *.css
-
+ /// default servlet, specified by the single character pattern /
+ ///
+ /// </summary>
+ /// <param name="map">the map
+ /// </param>
+ /// <param name="roles">the roles
+ /// </param>
+ /// <param name="path">the path
+ ///
+ /// </param>
+ /// <returns> the rule
+ ///
+ /// </returns>
+ /// <throws> AccessControlException </throws>
+ /// <summary> the access control exception
+ /// </summary>
+ private Rule searchForRule(System.Collections.IDictionary map,
SupportClass.SetSupport roles, System.String path)
+ {
+ System.String canonical = null;
+ try
+ {
+ canonical = ESAPI.encoder().canonicalize(path);
+ }
+ catch (EncodingException ee)
+ {
+ throw new AccessControlException("Internal error", "Failed to
canonicaliize input ", ee);
+ }
+
+ System.String part = canonical;
+ while (part.EndsWith("/"))
+ {
+ part = part.Substring(0, (part.Length - 1) - (0));
+ }
+
+ if (part.IndexOf("..") != - 1)
+ {
+ throw new IntrusionException("Attempt to manipulate access control
path", "Attempt to manipulate access control path: " + path);
+ }
+
+ // extract extension if any
+ System.String extension = "";
+ int extIndex = part.LastIndexOf(".");
+ if (extIndex != - 1)
+ {
+ extension = part.Substring(extIndex + 1);
+ }
+
+ // Check for exact match - ignore any ending slash
+ Rule rule = (Rule) map[part];
+
+ // Check for ending with /*
+ if (rule == null)
+ rule = (Rule) map[part + "/*"];
+
+ // Check for matching extension rule *.ext
+ if (rule == null)
+ rule = (Rule) map["*." + extension];
+
+ // if rule found and user's roles match rules' roles, return the rule
+ if (rule != null && overlap(rule.roles, roles))
+ return rule;
+
+ // if rule has not been found, strip off the last element and recurse
+ part = part.Substring(0, (part.LastIndexOf('/')) - (0));
+
+ // return default deny
+ if (part.Length <= 1)
+ {
+ return deny;
+ }
+
+ return searchForRule(map, roles, part);
+ }
+
+ /// <summary> Return true if there is overlap between the two sets.
+ ///
+ /// </summary>
+ /// <param name="ruleRoles">the rule roles
+ /// </param>
+ /// <param name="userRoles">the user roles
+ ///
+ /// </param>
+ /// <returns> true, if successful
+ /// </returns>
+ private bool overlap(SupportClass.SetSupport ruleRoles,
SupportClass.SetSupport userRoles)
+ {
+ if (ruleRoles.Contains("any"))
+ {
+ return true;
+ }
+ System.Collections.IEnumerator i = userRoles.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String role = (System.String) i.Current;
+ if (ruleRoles.Contains(role))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /// <summary> Load rules.
+ ///
+ /// </summary>
+ /// <param name="f">the f
+ ///
+ /// </param>
+ /// <returns> the hash map
+ ///
+ /// </returns>
+ /// <throws> AccessControlException </throws>
+ /// <summary> the access control exception
+ /// </summary>
+ private System.Collections.IDictionary loadRules(System.IO.FileInfo f)
+ {
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.IDictionary map = new System.Collections.Hashtable();
+ System.IO.FileStream fis = null;
+ try
+ {
+ //UPGRADE_TODO: Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'"
+ fis = new System.IO.FileStream(f.FullName, System.IO.FileMode.Open,
System.IO.FileAccess.Read);
+ System.String line = "";
+ while ((line = ESAPI.validator().safeReadLine(fis, 500)) != null)
+ {
+ if (line.Length > 0 && line[0] != '#')
+ {
+ Rule rule = new Rule(this);
+ System.String[] parts = line.split("\\|");
+ // fix Windows paths
+ rule.path = parts[0].Trim().replaceAll("\\\\", "/");
+ rule.roles.Add(parts[1].Trim().ToLower());
+ System.String action = parts[2].Trim();
+ rule.allow = action.ToUpper().Equals("allow".ToUpper());
+ if (map.Contains(rule.path))
+ {
+ throw new AccessControlException("Access control failure", "Problem
in access control file. Duplicate rule " + rule);
+ }
+ map[rule.path] = rule;
+ }
+ }
+ return map;
+ }
+ catch (System.IO.IOException e)
+ {
+ throw new AccessControlException("Access control failure", "Failure
loading access control file " + f, e);
+ }
+ catch (ValidationException e1)
+ {
+ throw new AccessControlException("Access control failure", "Failure
loading access control file " + f, e1);
+ }
+ finally
+ {
+ try
+ {
+ if (fis != null)
+ {
+ fis.Close();
+ }
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Failure
closing access control file: " + f, e);
+ }
+ }
+ }
+
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to class 'Rule' to
access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ /// <summary> The Class Rule.</summary>
+ private class Rule
+ {
+ private void InitBlock(AccessController enclosingInstance)
+ {
+ this.enclosingInstance = enclosingInstance;
+ }
+ private AccessController enclosingInstance;
+ public AccessController Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+
+ /// <summary>The path. </summary>
+ protected internal System.String path = "";
+
+ /// <summary>The roles. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'"
+ protected internal SupportClass.SetSupport roles = new
SupportClass.HashSetSupport();
+
+ /// <summary>The allow. </summary>
+ protected internal bool allow = false;
+
+ /// <summary> Creates a new Rule object.</summary>
+ protected internal Rule(AccessController enclosingInstance)
+ {
+ InitBlock(enclosingInstance);
+ // to replace synthetic accessor method
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#toString()
+ */
+ public override System.String ToString()
+ {
+ return "URL:" + path + " | " + SupportClass.CollectionToString(roles)
+ " | " + (allow?"allow":"deny");
+ }
+ }
+ static AccessController()
+ {
+ resourceDirectory = ((SecurityConfiguration)
ESAPI.securityConfiguration()).ResourceDirectory;
+ logger = Logger.getLogger("ESAPI", "AccessController");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/AccessReferenceMap.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,188 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using AccessControlException =
org.owasp.esapi.errors.AccessControlException;
+using IRandomizer = org.owasp.esapi.interfaces.IRandomizer;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IAccessReferenceMap
interface. This
+ /// implementation generates random 6 character alphanumeric strings for
indirect
+ /// references. It is possible to use simple integers as indirect
references, but
+ /// the random string approach provides a certain level of protection
from CSRF
+ /// attacks, because an attacker would have difficulty guessing the
indirect
+ /// reference.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.w...@aspectsecurity.com)
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IAccessReferenceMap">
+ /// </seealso>
+ public class AccessReferenceMap :
org.owasp.esapi.interfaces.IAccessReferenceMap
+ {
+ private void InitBlock()
+ {
+ random = ESAPI.randomizer();
+ }
+
+ /// <summary>The itod. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ internal System.Collections.Hashtable itod = new
System.Collections.Hashtable();
+
+ /// <summary>The dtoi. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ internal System.Collections.Hashtable dtoi = new
System.Collections.Hashtable();
+
+ /// <summary>The random. </summary>
+ //UPGRADE_NOTE: The initialization of 'random' was moved to
method 'InitBlock'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal IRandomizer random;
+
+ /// <summary> This AccessReferenceMap implementation uses short random
strings to
+ /// create a layer of indirection. Other possible implementations would
use
+ /// simple integers as indirect references.
+ /// </summary>
+ public AccessReferenceMap()
+ {
+ InitBlock();
+ // call update to set up the references
+ }
+
+ /// <summary> Instantiates a new access reference map.
+ ///
+ /// </summary>
+ /// <param name="directReferences">the direct references
+ /// </param>
+ public AccessReferenceMap(SupportClass.SetSupport directReferences)
+ {
+ InitBlock();
+ update(directReferences);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IAccessReferenceMap#iterator()
+ */
+ public virtual System.Collections.IEnumerator iterator()
+ {
+ //UPGRADE_TODO: Class 'java.util.TreeSet' was converted
to 'SupportClass.TreeSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeSet'"
+ //UPGRADE_TODO: Method 'java.util.HashMap.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'"
+ SupportClass.TreeSetSupport sorted = new
SupportClass.TreeSetSupport(new SupportClass.HashSetSupport(dtoi.Keys));
+ return sorted.GetEnumerator();
+ }
+
+ /// <summary> Adds a direct reference and a new random indirect
reference, overwriting any existing values.</summary>
+ /// <param name="direct">
+ /// </param>
+ public virtual void addDirectReference(System.String direct)
+ {
+ System.String indirect = random.getRandomString(6,
Encoder.CHAR_ALPHANUMERICS);
+ itod[indirect] = direct;
+ dtoi[direct] = indirect;
+ }
+
+
+ // FIXME: add addDirectRef and removeDirectRef to IAccessReferenceMap
+ // FIXME: add test code for add/remove direct ref
+
+ /// <summary> Remove a direct reference and the corresponding indirect
reference.</summary>
+ /// <param name="direct">
+ /// </param>
+ public virtual void removeDirectReference(System.String direct)
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.String indirect = (System.String) dtoi[direct];
+ if (indirect != null)
+ {
+ itod.Remove(indirect);
+ dtoi.Remove(direct);
+ }
+ }
+
+ /*
+ * This preserves any existing mappings for items that are still in the
new
+ * list. You could regenerate new indirect references every time, but that
+ * might mess up anything that previously used an indirect reference, such
+ * as a URL parameter.
+ */
+ /// <summary> Update.
+ ///
+ /// </summary>
+ /// <param name="directReferences">the direct references
+ /// </param>
+ public void update(SupportClass.SetSupport directReferences)
+ {
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.Hashtable dtoi_old = (System.Collections.Hashtable)
dtoi.Clone();
+ dtoi.Clear();
+ itod.Clear();
+
+ System.Collections.IEnumerator i = directReferences.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.Object direct = i.Current;
+
+ // get the old indirect reference
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.String indirect = (System.String) dtoi_old[direct];
+
+ // if the old reference is null, then create a new one that doesn't
+ // collide with any existing indirect references
+ if (indirect == null)
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapkeySet'"
+ do
+ {
+ indirect = random.getRandomString(6, Encoder.CHAR_ALPHANUMERICS);
+ }
+ while (new SupportClass.HashSetSupport(itod.Keys).Contains(indirect));
+ }
+ itod[indirect] = direct;
+ dtoi[direct] = indirect;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessReferenceMap#getIndirectReference(java.lang.String)
+ */
+ public virtual System.String getIndirectReference(System.Object
directReference)
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ return (System.String) dtoi[directReference];
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAccessReferenceMap#getDirectReference(java.lang.String)
+ */
+ public virtual System.Object getDirectReference(System.String
indirectReference)
+ {
+ if (itod.ContainsKey(indirectReference))
+ {
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ return itod[indirectReference];
+ }
+ throw new AccessControlException("Access denied", "Request for invalid
indirect reference: " + indirectReference);
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Authenticator.cs Tue Jun 14 21:31:31
2011
@@ -0,0 +1,893 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using AuthenticationAccountsException =
org.owasp.esapi.errors.AuthenticationAccountsException;
+using AuthenticationCredentialsException =
org.owasp.esapi.errors.AuthenticationCredentialsException;
+using AuthenticationException =
org.owasp.esapi.errors.AuthenticationException;
+using AuthenticationLoginException =
org.owasp.esapi.errors.AuthenticationLoginException;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+using IRandomizer = org.owasp.esapi.interfaces.IRandomizer;
+using IUser = org.owasp.esapi.interfaces.IUser;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IAuthenticator interface.
This reference implementation is backed by a simple text
+ /// file that contains serialized information about users. Many
organizations will want to create their own
+ /// implementation of the methods provided in the IAuthenticator
interface backed by their own user repository. This
+ /// reference implementation captures information about users in a simple
text file format that contains user information
+ /// separated by the pipe "|" character. Here's an example of a single
line from the users.txt file:
+ ///
+ /// <PRE>
+ ///
+ /// account name | hashed password | roles | lockout | status | remember
token | old password hashes | last
+ /// hostname | last change | last login | last failed | expiration |
failed
+ ///
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /// mitch | 44k/NAzQUlrCq9musTGGkcMNmdzEGJ8w8qZTLzpxLuQ= | admin,user |
unlocked | enabled | token |
+ /// u10dW4vTo3ZkoM5xP+blayWCz7KdPKyKUojOn9GJobg= | 192.168.1.255 |
1187201000926 | 1187200991568 | 1187200605330 |
+ /// 2187200605330 | 1
+ ///
+ /// </PRE>
+ ///
+ /// </summary>
+ /// <author> <a
href="mailto:jeff.w...@aspectsecurity.com?subject=ESAPI question">Jeff
Williams</a> at <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IAuthenticator">
+ /// </seealso>
+ public class Authenticator : org.owasp.esapi.interfaces.IAuthenticator
+ {
+ virtual public System.Web.HttpRequest CurrentRequest
+ {
+ /*
+ * Returns the current HttpServletRequest.
+ *
+ * @see org.owasp.esapi.interfaces.IAuthenticator#getCurrentRequest()
+ */
+
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpRequest) currentRequest.get_Renamed();
+ }
+
+ }
+ virtual public System.Web.HttpResponse CurrentResponse
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpResponse) currentResponse.get_Renamed();
+ }
+
+ }
+ /// <summary> Gets the user from session.
+ ///
+ /// </summary>
+ /// <param name="request">the request
+ /// </param>
+ /// <returns> the user from session
+ /// </returns>
+ virtual public User UserFromSession
+ {
+ /*
+ * Get the current user from the session and set it as the current user.
(non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#setCurrentUser(javax.servlet.http.HttpServletRequest)
+ */
+
+ get
+ {
+ System.Web.SessionState.HttpSessionState session =
System.Web.HttpContext.Current.Session;
+ System.String userName = (System.String) session[USER];
+ if (userName != null)
+ {
+ User sessionUser = this.getUser(userName);
+ if (sessionUser != null)
+ {
+ return sessionUser;
+ }
+ }
+ return null;
+ }
+
+ }
+
+ /// <summary>The Constant USER. </summary>
+ protected internal const System.String USER = "ESAPIUserSessionKey";
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Authenticator'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary>The file that contains the user db </summary>
+ private System.IO.FileInfo userDB = null;
+
+ /// <summary>How frequently to check the user db for external
modifications </summary>
+ private long checkInterval = 60 * 1000;
+
+ /// <summary>The last modified time we saw on the user db. </summary>
+ private long lastModified = 0;
+
+ /// <summary>The last time we checked if the user db had been modified
externally </summary>
+ private long lastChecked = 0;
+
+ /// <summary> Fail safe main program to add or update an account in an
emergency.
+ /// <P>
+ /// Warning: this method does not perform the level of validation and
checks
+ /// generally required in ESAPI, and can therefore be used to create a
username and password that do not comply
+ /// with the username and password strength requirements.
+ /// <P>
+ /// Example: Use this to add the alice account with the admin role to
the users file:
+ /// <PRE>
+ ///
+ /// java -Dorg.owasp.esapi.resources="/path/resources" -classpath
esapi.jar org.owasp.esapi.Authenticator alice password admin
+ ///
+ /// </PRE>
+ ///
+ /// </summary>
+ /// <param name="args">the args
+ /// </param>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ [STAThread]
+ public static void Main(System.String[] args)
+ {
+ if (args.Length != 3)
+ {
+ System.Console.Out.WriteLine("Usage: Authenticator accountname
password role");
+ return ;
+ }
+ Authenticator auth = new Authenticator();
+ System.String accountName = args[0].ToLower();
+ System.String password = args[1];
+ System.String role = args[2];
+ User user = auth.getUser(args[0]);
+ if (user == null)
+ {
+ user = new User();
+ user.AccountName = accountName;
+ auth.userMap[accountName] = user;
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "New
user created: " + accountName);
+ }
+ System.String newHash = auth.hashPassword(password, accountName);
+ user.setHashedPassword(newHash);
+ user.addRole(role);
+ user.enable();
+ user.unlock();
+ auth.saveUsers();
+ System.Console.Out.WriteLine("User account " + user.AccountName + "
updated");
+ }
+
+ // FIXME: ENHANCE consider an impersonation feature
+
+ /// <summary>The anonymous user </summary>
+ // FIXME: AAA is this whole anonymous user concept right?
+ internal static User anonymous = new User("anonymous", "anonymous");
+
+ /// <summary>The user map. </summary>
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private System.Collections.IDictionary userMap = new
System.Collections.Hashtable();
+
+
+ /*
+ * The currentUser ThreadLocal variable is used to make the currentUser
available to any call in any part of an
+ * application. Otherwise, each thread would have to pass the User object
through the calltree to any methods that
+ * need it. Because we want exceptions and log calls to contain user
data, that could be almost anywhere. Therefore,
+ * the ThreadLocal approach simplifies things greatly. <P> As a possible
extension, one could create a delegation
+ * framework by adding another ThreadLocal to hold the delegating user
identity.
+ */
+ private static ThreadLocalUser currentUser = new ThreadLocalUser();
+
+ //UPGRADE_ISSUE: Class 'java.lang.InheritableThreadLocal' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ private class ThreadLocalUser:InheritableThreadLocal
+ {
+ virtual public IUser User
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (IUser) base.get_Renamed();
+ }
+
+ set
+ {
+ // System.out.println( "SETTING Thread: " + Thread.currentThread()
+ " " + (getUser() != null ? getUser().getAccountName() : "null" ) + "
--> " + (newUser != null ? (newUser).getAccountName() : "null" ) );
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ base.set_Renamed(value);
+ }
+
+ }
+
+ //UPGRADE_NOTE: The equivalent of
method 'java.lang.ThreadLocal.initialValue' is not an override
method. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1143'"
+ public System.Object initialValue()
+ {
+ return org.owasp.esapi.Authenticator.anonymous;
+ }
+ }
+
+
+ /*
+ * The currentRequest ThreadLocal variable is used to make the
currentRequest available to any call in any part of an
+ * application. This enables API's for actions that require the request
to be much simpler. For example, the logout()
+ * method in the Authenticator class requires the currentRequest to get
the session in order to invalidate it.
+ */
+ private static ThreadLocalRequest currentRequest = new
ThreadLocalRequest();
+
+ //UPGRADE_ISSUE: Class 'java.lang.InheritableThreadLocal' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ private class ThreadLocalRequest:InheritableThreadLocal
+ {
+ virtual public System.Web.HttpRequest Request
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpRequest) base.get_Renamed();
+ }
+
+ }
+ virtual public System.Web.HttpRequest User
+ {
+ set
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ base.set_Renamed(value);
+ }
+
+ }
+
+ //UPGRADE_NOTE: The equivalent of
method 'java.lang.ThreadLocal.initialValue' is not an override
method. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1143'"
+ public System.Object initialValue()
+ {
+ return null;
+ }
+ }
+
+
+ /*
+ * The currentResponse ThreadLocal variable is used to make the
currentResponse available to any call in any part of an
+ * application. This enables API's for actions that require the response
to be much simpler. For example, the logout()
+ * method in the Authenticator class requires the currentResponse to kill
the JSESSIONID cookie.
+ */
+ private static ThreadLocalResponse currentResponse = new
ThreadLocalResponse();
+
+ //UPGRADE_ISSUE: Class 'java.lang.InheritableThreadLocal' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ private class ThreadLocalResponse:InheritableThreadLocal
+ {
+ virtual public System.Web.HttpResponse Response
+ {
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ return (System.Web.HttpResponse) base.get_Renamed();
+ }
+
+ }
+ virtual public System.Web.HttpResponse User
+ {
+ set
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ base.set_Renamed(value);
+ }
+
+ }
+
+ //UPGRADE_NOTE: The equivalent of
method 'java.lang.ThreadLocal.initialValue' is not an override
method. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1143'"
+ public System.Object initialValue()
+ {
+ return null;
+ }
+ }
+
+
+
+
+ public Authenticator()
+ {
+ }
+
+ /// <summary> Clears all threadlocal variables from the thread. This
should ONLY be called after
+ /// all possible ESAPI operations have concluded. If you clear too
early, many calls will
+ /// fail, including logging, which requires the user identity.
+ /// </summary>
+ public virtual void clearCurrent()
+ {
+ currentUser.User = null;
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentResponse.set_Renamed(null);
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentRequest.set_Renamed(null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#createAccount(java.lang.String,
java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'createUser'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual User createUser(System.String accountName, System.String
password1, System.String password2)
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ if (accountName == null)
+ {
+ throw new AuthenticationAccountsException("Account creation
failed", "Attempt to create user with null accountName");
+ }
+ if (userMap.Contains(accountName.ToLower()))
+ {
+ throw new AuthenticationAccountsException("Account creation
failed", "Duplicate user creation denied for " + accountName);
+ }
+ User user = new User(accountName, password1, password2);
+ userMap[accountName.ToLower()] = user;
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "New
user created: " + accountName);
+ saveUsers();
+ return user;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IAuthenticator#exists(java.lang.String)
+ */
+ public virtual bool exists(System.String accountName)
+ {
+ User user = getUser(accountName);
+ return user != null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#generateStrongPassword(int,
char[])
+ */
+ public virtual System.String generateStrongPassword()
+ {
+ return generateStrongPassword("");
+ }
+
+ private System.String generateStrongPassword(System.String oldPassword)
+ {
+ IRandomizer r = ESAPI.randomizer();
+ int letters = r.getRandomInteger(4, 6); // inclusive, exclusive
+ int digits = 7 - letters;
+ System.String passLetters = r.getRandomString(letters,
Encoder.CHAR_PASSWORD_LETTERS);
+ System.String passDigits = r.getRandomString(digits,
Encoder.CHAR_PASSWORD_DIGITS);
+ System.String passSpecial = r.getRandomString(1,
Encoder.CHAR_PASSWORD_SPECIALS);
+ System.String newPassword = passLetters + passSpecial + passDigits;
+ return newPassword;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#generateStrongPassword(int,
char[])
+ */
+ public virtual System.String generateStrongPassword(System.String
oldPassword, IUser user)
+ {
+ System.String newPassword = generateStrongPassword(oldPassword);
+ if (newPassword != null)
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Generated
strong password for " + user.AccountName);
+ return newPassword;
+ }
+
+ /*
+ * Returns the currently logged user as set by the setCurrentUser()
methods. Must not log in this method because the
+ * logger calls getCurrentUser() and this could cause a loop.
+ *
+ * @see org.owasp.esapi.interfaces.IAuthenticator#getCurrentUser()
+ */
+ public virtual User getCurrentUser()
+ {
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.get' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ User user = (User) currentUser.get_Renamed();
+ if (user == null)
+ user = anonymous;
+ return user;
+ }
+
+ /// <summary> Gets the user object with the matching account name or
null if there is no match.
+ ///
+ /// </summary>
+ /// <param name="accountName">the account name
+ /// </param>
+ /// <returns> the user, or null if not matched.
+ /// </returns>
+ //UPGRADE_NOTE: Synchronized keyword was removed from method 'getUser'.
Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual User getUser(System.String accountName)
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ User user = (User) userMap[accountName.ToLower()];
+ return user;
+ }
+ }
+
+ /// <summary> Gets the user names.
+ ///
+ /// </summary>
+ /// <returns> list of user account names
+ /// </returns>
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'getUserNames'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual SupportClass.SetSupport getUserNames()
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ //UPGRADE_TODO: Class 'java.util.HashSet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashSet'"
+ //UPGRADE_TODO: Method 'java.util.Map.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'"
+ return new SupportClass.HashSetSupport(new
SupportClass.HashSetSupport(userMap.Keys));
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#hashPassword(java.lang.String,
java.lang.String)
+ */
+ public virtual System.String hashPassword(System.String password,
System.String accountName)
+ {
+ System.String salt = accountName.ToLower();
+ return ESAPI.encryptor().hash(password, salt);
+ }
+
+ /// <summary> Load users.
+ ///
+ /// </summary>
+ /// <returns> the hash map
+ /// </returns>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ protected internal virtual void loadUsersIfNecessary()
+ {
+ if (userDB == null)
+ userDB = new System.IO.FileInfo(((SecurityConfiguration)
ESAPI.securityConfiguration()).ResourceDirectory.FullName + "\\"
+ "users.txt");
+
+ // We only check at most every checkInterval milliseconds
+ long now = (System.DateTime.Now.Ticks - 621355968000000000) / 10000;
+ if (now - lastChecked < checkInterval)
+ {
+ return ;
+ }
+ lastChecked = now;
+
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.io.File.lastModified' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ long lastModified = ((userDB.LastWriteTime.Ticks - 621355968000000000)
/ 10000);
+ if (this.lastModified == lastModified)
+ {
+ return ;
+ }
+ loadUsersImmediately();
+ }
+
+ protected internal virtual void loadUsersImmediately()
+ {
+ // file was touched so reload it
+ lock (this)
+ {
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Loading
users from " + userDB.FullName, null);
+
+ // FIXME: AAA Necessary?
+ // add the Anonymous user to the database
+ // map.put(anonymous.getAccountName(), anonymous);
+
+ System.IO.StreamReader reader = null;
+ try
+ {
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.Hashtable map = new System.Collections.Hashtable();
+ //UPGRADE_TODO: The differences in the expected value of parameters
for constructor 'java.io.BufferedReader.BufferedReader' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ //UPGRADE_WARNING: At least one expression was used more than once in
the target
code. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'"
+ //UPGRADE_TODO: Constructor 'java.io.FileReader.FileReader' was
converted to 'System.IO.StreamReader' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'"
+ reader = new System.IO.StreamReader(new
System.IO.StreamReader(userDB.FullName,
System.Text.Encoding.Default).BaseStream, new
System.IO.StreamReader(userDB.FullName,
System.Text.Encoding.Default).CurrentEncoding);
+ System.String line = null;
+ while ((line = reader.ReadLine()) != null)
+ {
+ if (line.Length > 0 && line[0] != '#')
+ {
+ User user = new User(line);
+ if (!user.AccountName.Equals("anonymous"))
+ {
+ if (map.ContainsKey(user.AccountName))
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
in user file. Skipping duplicate user: " + user, null);
+ }
+ map[user.AccountName] = user;
+ }
+ }
+ }
+ userMap = map;
+ this.lastModified = (System.DateTime.Now.Ticks - 621355968000000000)
/ 10000;
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "User
file reloaded: " + map.Count, null);
+ }
+ catch (System.Exception e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Failure
loading user file: " + userDB.FullName, e);
+ }
+ finally
+ {
+ try
+ {
+ if (reader != null)
+ {
+ reader.Close();
+ }
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Failure
closing user file: " + userDB.FullName, e);
+ }
+ }
+ }
+ }
+
+ /// <summary> Utility method to extract credentials and verify them.
+ ///
+ /// </summary>
+ /// <param name="request">
+ /// </param>
+ /// <param name="response">
+ /// </param>
+ /// <returns>
+ /// </returns>
+ /// <throws> AuthenticationException </throws>
+ /// <throws> </throws>
+ private User loginWithUsernameAndPassword(System.Web.HttpRequest
request, System.Web.HttpResponse response)
+ {
+
+ // FIXME: AAA the login servlet path should also be a configuration -
this
+ // should check (if loginrequest && parameters then do
+ // loginWithPassword)
+
+ //UPGRADE_TODO: Method 'javax.servlet.ServletRequest.getParameter' was
converted to 'System.Web.HttpRequest' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'"
+ System.String username =
request[ESAPI.securityConfiguration().UsernameParameterName];
+ //UPGRADE_TODO: Method 'javax.servlet.ServletRequest.getParameter' was
converted to 'System.Web.HttpRequest' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'"
+ System.String password =
request[ESAPI.securityConfiguration().PasswordParameterName];
+
+ // if a logged-in user is requesting to login, log them out first
+ User user = getCurrentUser();
+ if (user != null && !user.Anonymous)
+ {
+
logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "User
requested relogin. Performing logout then authentication");
+ user.logout();
+ }
+
+ // now authenticate with username and password
+ if (username == null || password == null)
+ {
+ if (username == null)
+ username = "unspecified user";
+ throw new AuthenticationCredentialsException("Authentication
failed", "Authentication failed for " + username + " because of null
username or password");
+ }
+ user = getUser(username);
+ if (user == null)
+ {
+ throw new AuthenticationCredentialsException("Authentication
failed", "Authentication failed because user " + username + " doesn't
exist");
+ }
+ user.loginWithPassword(password);
+ return user;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#removeUser(java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'removeUser'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual void removeUser(System.String accountName)
+ {
+ lock (this)
+ {
+ loadUsersIfNecessary();
+ User user = getUser(accountName);
+ if (user == null)
+ {
+ throw new AuthenticationAccountsException("Remove user
failed", "Can't remove invalid accountName " + accountName);
+ }
+ userMap.Remove(accountName.ToLower());
+ saveUsers();
+ }
+ }
+
+ /// <summary> Saves the user database to the file system. In this
implementation you must call save to commit any changes to
+ /// the user file. Otherwise changes will be lost when the program ends.
+ ///
+ /// </summary>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'saveUsers'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ protected internal virtual void saveUsers()
+ {
+ lock (this)
+ {
+ System.IO.StreamWriter writer = null;
+ try
+ {
+ //UPGRADE_WARNING: At least one expression was used more than once in
the target
code. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'"
+ //UPGRADE_TODO: Constructor 'java.io.FileWriter.FileWriter' was
converted to 'System.IO.StreamWriter' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriterFileWriter_javaioFile'"
+ //UPGRADE_TODO: Class 'java.io.FileWriter' was converted
to 'System.IO.StreamWriter' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileWriter'"
+ writer = new System.IO.StreamWriter(new
System.IO.StreamWriter(userDB.FullName, false,
System.Text.Encoding.Default).BaseStream, new
System.IO.StreamWriter(userDB.FullName, false,
System.Text.Encoding.Default).Encoding);
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'"
+ writer.WriteLine("# This is the user file associated with the ESAPI
library from http://www.owasp.org");
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'"
+ writer.WriteLine("# accountName | hashedPassword | roles | locked |
enabled | rememberToken | csrfToken | oldPasswordHashes |
lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime |
expirationTime | failedLoginCount");
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln'"
+ writer.WriteLine();
+ saveUsers(writer);
+ writer.Flush();
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "User
file written to disk");
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
saving user file " + userDB.FullName, e);
+ throw new AuthenticationException("Internal Error", "Problem saving
user file " + userDB.FullName, e);
+ }
+ finally
+ {
+ if (writer != null)
+ {
+ //UPGRADE_NOTE: Exceptions thrown by the equivalent in .NET of
method 'java.io.PrintWriter.close' may be
different. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1099'"
+ writer.Close();
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.io.File.lastModified' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ lastModified = ((userDB.LastWriteTime.Ticks - 621355968000000000) /
10000);
+ lastChecked = lastModified;
+ }
+ }
+ }
+ }
+
+ /// <summary> Save users.
+ ///
+ /// </summary>
+ /// <param name="writer">the writer
+ /// </param>
+ /// <throws> IOException </throws>
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'saveUsers'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ protected internal virtual void saveUsers(System.IO.StreamWriter writer)
+ {
+ lock (this)
+ {
+ System.Collections.IEnumerator i = getUserNames().GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String accountName = (System.String) i.Current;
+ User u = getUser(accountName);
+ if (u != null && !u.Anonymous)
+ {
+ //UPGRADE_TODO: Method 'java.io.PrintWriter.println' was converted
to 'System.IO.TextWriter.WriteLine' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioPrintWriterprintln_javalangString'"
+ writer.WriteLine(u.save());
+ }
+ else
+ {
+ new AuthenticationCredentialsException("Problem saving
user", "Skipping save of user " + accountName);
+ }
+ }
+ }
+ }
+
+ /// <summary> This method should be called for every HTTP request, to
login the current user either from the session of HTTP
+ /// request. This method will set the current user so that
getCurrentUser() will work properly. This method also
+ /// checks that the user's access is still enabled, unlocked, and
unexpired before allowing login. For convenience
+ /// this method also returns the current user.
+ ///
+ /// </summary>
+ /// <param name="request">the request
+ /// </param>
+ /// <param name="response">the response
+ /// </param>
+ /// <returns> the user
+ /// </returns>
+ /// <throws> AuthenticationException the authentication exception
</throws>
+ public virtual User login(System.Web.HttpRequest request,
System.Web.HttpResponse response)
+ {
+
+ if (request == null || response == null)
+ {
+ throw new AuthenticationCredentialsException("Invalid
request", "Request or response objects were null");
+ }
+ // save the current request and response in the threadlocal variables
+ setCurrentHTTP(request, response);
+
+ if (!ESAPI.httpUtilities().SecureChannel)
+ {
+ new AuthenticationCredentialsException("Session
exposed", "Authentication attempt made over non-SSL connection. Check
web.xml and server configuration");
+ }
+ User user = null;
+
+ // if there's a user in the session then use that
+ user = UserFromSession;
+
+ if (user != null)
+ {
+ user.setLastHostAddress(request.Params["HTTP_HOST"]);
+ user.setFirstRequest(false);
+ }
+ else
+ {
+ // try to verify credentials
+ user = loginWithUsernameAndPassword(request, response);
+ user.setFirstRequest(true);
+ }
+
+ // don't let anonymous user log in
+ if (user.Anonymous)
+ {
+ user.logout();
+ throw new AuthenticationLoginException("Login failed", "Anonymous user
cannot be set to current user");
+ }
+
+ // don't let disabled users log in
+ if (!user.Enabled)
+ {
+ user.logout();
+ System.DateTime tempAux = System.DateTime.Now;
+ //UPGRADE_NOTE: ref keyword was added to struct-type
parameters. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1303'"
+ user.setLastFailedLoginTime(ref tempAux);
+ throw new AuthenticationLoginException("Login failed", "Disabled user
cannot be set to current user: " + user.AccountName);
+ }
+
+ // don't let locked users log in
+ if (user.Locked)
+ {
+ user.logout();
+ System.DateTime tempAux2 = System.DateTime.Now;
+ //UPGRADE_NOTE: ref keyword was added to struct-type
parameters. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1303'"
+ user.setLastFailedLoginTime(ref tempAux2);
+ throw new AuthenticationLoginException("Login failed", "Locked user
cannot be set to current user: " + user.AccountName);
+ }
+
+ // don't let expired users log in
+ if (user.Expired)
+ {
+ user.logout();
+ System.DateTime tempAux3 = System.DateTime.Now;
+ //UPGRADE_NOTE: ref keyword was added to struct-type
parameters. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1303'"
+ user.setLastFailedLoginTime(ref tempAux3);
+ throw new AuthenticationLoginException("Login failed", "Expired user
cannot be set to current user: " + user.AccountName);
+ }
+
+ setCurrentUser(user);
+ return user;
+ }
+
+
+ /// <summary> Log out the current user.</summary>
+ public virtual void logout()
+ {
+ User user = getCurrentUser();
+ user.logout();
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#setCurrentUser(org.owasp.esapi.User)
+ */
+ public virtual void setCurrentUser(IUser user)
+ {
+ currentUser.User = user;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#setCurrentHTTP(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void setCurrentHTTP(System.Web.HttpRequest request,
System.Web.HttpResponse response)
+ {
+ if (request == null || response == null)
+ {
+ new AuthenticationCredentialsException("Invalid request or
response", "Request or response objects were null");
+ return ;
+ }
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentRequest.set_Renamed(request);
+ //UPGRADE_ISSUE: Method 'java.lang.InheritableThreadLocal.set' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangInheritableThreadLocal'"
+ currentResponse.set_Renamed(response);
+ }
+
+
+
+ /*
+ * This implementation simply verifies that account names are at least 5
characters long. This helps to defeat a
+ * brute force attack, however the real strength comes from the name
length and complexity.
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#validateAccountNameStrength(java.lang.String)
+ */
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#verifyAccountNameStrength(java.lang.String)
+ */
+ public virtual void verifyAccountNameStrength(System.String context,
System.String newAccountName)
+ {
+ if (newAccountName == null)
+ {
+ throw new AuthenticationCredentialsException("Invalid account
name", "Attempt to create account with a null account name");
+ }
+ // FIXME: ENHANCE make the lengths configurable?
+ if (!ESAPI.validator().isValidDataFromBrowser(context, "AccountName",
newAccountName))
+ {
+ throw new AuthenticationCredentialsException("Invalid account
name", "New account name is not valid: " + newAccountName);
+ }
+ }
+
+ /*
+ * This implementation checks: - for any 3 character substrings of the
old password - for use of a length *
+ * character sets > 16 (where character sets are upper, lower, digit, and
special (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IAuthenticator#validatePasswordStrength(java.lang.String)
+ */
+ public virtual void verifyPasswordStrength(System.String newPassword,
System.String oldPassword)
+ {
+ System.String oPassword = (oldPassword == null)?"":oldPassword;
+
+ // can't change to a password that contains any 3 character substring
of old password
+ int length = oPassword.Length;
+ for (int i = 0; i < length - 2; i++)
+ {
+ System.String sub = oPassword.Substring(i, (i + 3) - (i));
+ if (newPassword.IndexOf(sub) > - 1)
+ throw new AuthenticationCredentialsException("Invalid password", "New
password cannot contain pieces of old password");
+ }
+
+ // new password must have enough character sets and length
+ int charsets = 0;
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_LOWERS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_UPPERS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_DIGITS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ for (int i = 0; i < newPassword.Length; i++)
+ if (System.Array.BinarySearch(Encoder.CHAR_SPECIALS, (System.Object)
newPassword[i]) > 0)
+ {
+ charsets++;
+ break;
+ }
+ int strength = newPassword.Length * charsets;
+
+ System.Console.Out.WriteLine(" >>> PW: " + newPassword + "-->" +
strength);
+
+ if (strength < 16)
+ {
+ // FIXME: enhance - make password strength configurable
+ throw new AuthenticationCredentialsException("Invalid password", "New
password is not long and complex enough");
+ }
+ }
+ static Authenticator()
+ {
+ logger = Logger.getLogger("ESAPI", "Authenticator");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/ESAPI.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,255 @@
+/// <summary> </summary>
+using System;
+using IAccessController = org.owasp.esapi.interfaces.IAccessController;
+using IAuthenticator = org.owasp.esapi.interfaces.IAuthenticator;
+using IEncoder = org.owasp.esapi.interfaces.IEncoder;
+using IEncryptor = org.owasp.esapi.interfaces.IEncryptor;
+using IExecutor = org.owasp.esapi.interfaces.IExecutor;
+using IHTTPUtilities = org.owasp.esapi.interfaces.IHTTPUtilities;
+using IIntrusionDetector = org.owasp.esapi.interfaces.IIntrusionDetector;
+using IRandomizer = org.owasp.esapi.interfaces.IRandomizer;
+using ISecurityConfiguration =
org.owasp.esapi.interfaces.ISecurityConfiguration;
+using IValidator = org.owasp.esapi.interfaces.IValidator;
+namespace org.owasp.esapi
+{
+
+ /// <author> rdawes
+ ///
+ /// </author>
+ public class ESAPI
+ {
+ /// <param name="accessController">the accessController to set
+ /// </param>
+ public static IAccessController AccessController
+ {
+ set
+ {
+ ESAPI.accessController_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="authenticator">the authenticator to set
+ /// </param>
+ public static IAuthenticator Authenticator
+ {
+ set
+ {
+ ESAPI.authenticator_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="encoder">the encoder to set
+ /// </param>
+ public static IEncoder Encoder
+ {
+ set
+ {
+ ESAPI.encoder_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="encryptor">the encryptor to set
+ /// </param>
+ public static IEncryptor Encryptor
+ {
+ set
+ {
+ ESAPI.encryptor_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="executor">the executor to set
+ /// </param>
+ public static IExecutor Executor
+ {
+ set
+ {
+ ESAPI.executor_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="httpUtilities">the httpUtilities to set
+ /// </param>
+ public static IHTTPUtilities HttpUtilities
+ {
+ set
+ {
+ ESAPI.httpUtilities_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="intrusionDetector">the intrusionDetector to set
+ /// </param>
+ public static IIntrusionDetector IntrusionDetector
+ {
+ set
+ {
+ ESAPI.intrusionDetector_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="randomizer">the randomizer to set
+ /// </param>
+ public static IRandomizer Randomizer
+ {
+ set
+ {
+ ESAPI.randomizer_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="securityConfiguration">the securityConfiguration to set
+ /// </param>
+ public static ISecurityConfiguration SecurityConfiguration
+ {
+ set
+ {
+ ESAPI.securityConfiguration_Renamed_Field = value;
+ }
+
+ }
+ /// <param name="validator">the validator to set
+ /// </param>
+ public static IValidator Validator
+ {
+ set
+ {
+ ESAPI.validator_Renamed_Field = value;
+ }
+
+ }
+
+ private static IAccessController accessController_Renamed_Field = null;
+
+ private static IAuthenticator authenticator_Renamed_Field = null;
+
+ private static IEncoder encoder_Renamed_Field = null;
+
+ private static IEncryptor encryptor_Renamed_Field = null;
+
+ private static IExecutor executor_Renamed_Field = null;
+
+ private static IHTTPUtilities httpUtilities_Renamed_Field = null;
+
+ private static IIntrusionDetector intrusionDetector_Renamed_Field = null;
+
+ // private static ILogger logger = null;
+
+ private static IRandomizer randomizer_Renamed_Field = null;
+
+ private static ISecurityConfiguration
securityConfiguration_Renamed_Field = null;
+
+ private static IValidator validator_Renamed_Field = null;
+
+ /// <summary> prevent instantiation of this class</summary>
+ private ESAPI()
+ {
+ }
+
+ /// <returns> the accessController
+ /// </returns>
+ public static IAccessController accessController()
+ {
+ if (ESAPI.accessController_Renamed_Field == null)
+ ESAPI.accessController_Renamed_Field = new AccessController();
+ return ESAPI.accessController_Renamed_Field;
+ }
+
+ /// <returns> the authenticator
+ /// </returns>
+ public static IAuthenticator authenticator()
+ {
+ if (ESAPI.authenticator_Renamed_Field == null)
+ ESAPI.authenticator_Renamed_Field = new Authenticator();
+ return ESAPI.authenticator_Renamed_Field;
+ }
+
+ /// <returns> the encoder
+ /// </returns>
+ public static IEncoder encoder()
+ {
+ if (ESAPI.encoder_Renamed_Field == null)
+ ESAPI.encoder_Renamed_Field = new Encoder();
+ return ESAPI.encoder_Renamed_Field;
+ }
+
+ /// <returns> the encryptor
+ /// </returns>
+ public static IEncryptor encryptor()
+ {
+ if (ESAPI.encryptor_Renamed_Field == null)
+ ESAPI.encryptor_Renamed_Field = new Encryptor();
+ return ESAPI.encryptor_Renamed_Field;
+ }
+
+ /// <returns> the executor
+ /// </returns>
+ public static IExecutor executor()
+ {
+ if (ESAPI.executor_Renamed_Field == null)
+ ESAPI.executor_Renamed_Field = new Executor();
+ return ESAPI.executor_Renamed_Field;
+ }
+
+ /// <returns> the httpUtilities
+ /// </returns>
+ public static IHTTPUtilities httpUtilities()
+ {
+ if (ESAPI.httpUtilities_Renamed_Field == null)
+ ESAPI.httpUtilities_Renamed_Field = new HTTPUtilities();
+ return ESAPI.httpUtilities_Renamed_Field;
+ }
+
+ /// <returns> the intrusionDetector
+ /// </returns>
+ public static IIntrusionDetector intrusionDetector()
+ {
+ if (ESAPI.intrusionDetector_Renamed_Field == null)
+ ESAPI.intrusionDetector_Renamed_Field = new IntrusionDetector();
+ return ESAPI.intrusionDetector_Renamed_Field;
+ }
+
+ // /**
+ // * @return the logger
+ // */
+ // public static ILogger getLogger() {
+ // if (ESAPI.logger == null)
+ // return Logger();
+ // return ESAPI.logger;
+ // }
+ //
+ // /**
+ // * @param logger the logger to set
+ // */
+ // public static void setLogger(ILogger logger) {
+ // ESAPI.logger = logger;
+ // }
+ //
+ /// <returns> the randomizer
+ /// </returns>
+ public static IRandomizer randomizer()
+ {
+ if (ESAPI.randomizer_Renamed_Field == null)
+ ESAPI.randomizer_Renamed_Field = new Randomizer();
+ return ESAPI.randomizer_Renamed_Field;
+ }
+
+ /// <returns> the securityConfiguration
+ /// </returns>
+ public static ISecurityConfiguration securityConfiguration()
+ {
+ if (ESAPI.securityConfiguration_Renamed_Field == null)
+ ESAPI.securityConfiguration_Renamed_Field = new
SecurityConfiguration();
+ return ESAPI.securityConfiguration_Renamed_Field;
+ }
+
+ /// <returns> the validator
+ /// </returns>
+ public static IValidator validator()
+ {
+ if (ESAPI.validator_Renamed_Field == null)
+ ESAPI.validator_Renamed_Field = new Validator();
+ return ESAPI.validator_Renamed_Field;
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Encoder.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,931 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EncodingException = org.owasp.esapi.errors.EncodingException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+//UPGRADE_TODO: The type 'sun.text.Normalizer' could not be found. If it
was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using Normalizer = sun.text.Normalizer;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IEncoder interface. This
implementation takes
+ /// a whitelist approach, encoding everything not specifically identified
in a
+ /// list of "immune" characters. Several methods follow the approach in
the <a
+ ///
href="http://www.microsoft.com/downloads/details.aspx?familyid=efb9c819-53ff-4f82-bfaf-e11625130c25&displaylang=en">Microsoft
+ /// AntiXSS Library</a>.
+ /// <p>
+ /// The canonicalization algorithm is complex, as it has to be able to
recognize
+ /// encoded characters that might affect downstream interpreters without
being
+ /// told what encodings are possible. The stream is read one character at
a time.
+ /// If an encoded character is encountered, it is canonicalized and
pushed back
+ /// onto the stream. If the next character is encoded, then a intrusion
exception
+ /// is thrown for the double-encoding which is assumed to be an attack.
This assumption is
+ /// a bit aggressive as some double-encoded characters may be sent by
ordinary users
+ /// through cut-and-paste.
+ /// <p>
+ /// If an encoded character is recognized, but does not parse properly,
the response is
+ /// to eat the character, stripping it from the input.
+ /// <p>
+ /// Currently the implementation supports:
+ /// <ul><li>HTML Entity Encoding (including
non-terminated)</li><li>Percent Encoding</li></ul>
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IEncoder">
+ /// </seealso>
+ public class Encoder : org.owasp.esapi.interfaces.IEncoder
+ {
+
+ /// <summary>Encoding types </summary>
+ public const int NO_ENCODING = 0;
+ public const int URL_ENCODING = 1;
+ public const int PERCENT_ENCODING = 2;
+ public const int ENTITY_ENCODING = 3;
+
+ /// <summary>The base64 encoder. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'base64Encoder '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_TODO: Class 'sun.misc.BASE64Encoder' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ //UPGRADE_TODO: Constructor 'sun.misc.BASE64Encoder.BASE64Encoder' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ private static readonly BASE64Encoder base64Encoder = new
BASE64Encoder();
+
+ /// <summary>The base64 decoder. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'base64Decoder '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_TODO: Class 'sun.misc.BASE64Decoder' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ //UPGRADE_TODO: Constructor 'sun.misc.BASE64Decoder.BASE64Decoder' was
not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ private static readonly BASE64Decoder base64Decoder = new
BASE64Decoder();
+
+ /// <summary>The IMMUNE HTML. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_HTML'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_HTML = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE HTMLATTR. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_HTMLATTR'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_HTMLATTR = new
char[]{',', '.', '-', '_'};
+
+ /// <summary>The IMMUNE JAVASCRIPT. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_JAVASCRIPT'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_JAVASCRIPT = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE VBSCRIPT. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_VBSCRIPT'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_VBSCRIPT = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE XML. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_XML'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_XML = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The IMMUNE XMLATTR. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_XMLATTR'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_XMLATTR = new
char[]{',', '.', '-', '_'};
+
+ /// <summary>The IMMUNE XPATH. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'IMMUNE_XPATH'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ private static readonly char[] IMMUNE_XPATH = new
char[]{',', '.', '-', '_', ' '};
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary>The Constant CHAR_LOWERS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_LOWERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_LOWERS = new
char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
+
+ /// <summary>The Constant CHAR_UPPERS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_UPPERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_UPPERS = new
char[]{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'};
+
+ /// <summary>The Constant CHAR_DIGITS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_DIGITS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_DIGITS = new
char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};
+
+ /// <summary>The Constant CHAR_SPECIALS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_SPECIALS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_SPECIALS = new
char[]{'.', '-', '_', '!', '@', '$', '^', '*', '=', '~', '|', '+', '?'};
+
+ /// <summary>The Constant CHAR_LETTERS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_LETTERS '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'CHAR_LETTERS' was moved to
static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal static readonly char[] CHAR_LETTERS;
+
+ /// <summary>The Constant CHAR_ALPHANUMERICS. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_ALPHANUMERICS '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'CHAR_ALPHANUMERICS' was moved to
static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal static readonly char[] CHAR_ALPHANUMERICS;
+
+ // FIXME: ENHANCE make all character sets configurable
+ /// <summary> Password character set, is alphanumerics (without l, i, I,
o, O, and 0)
+ /// selected specials like + (bad for URL encoding, | is like i and 1,
+ /// etc...)
+ /// </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_LOWERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_LOWERS = new
char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_UPPERS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_UPPERS = new
char[]{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_DIGITS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_DIGITS = new
char[]{'2', '3', '4', '5', '6', '7', '8', '9'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_SPECIALS'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ internal static readonly char[] CHAR_PASSWORD_SPECIALS = new
char[]{'_', '.', '!', '@', '$', '*', '=', '-', '?'};
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'CHAR_PASSWORD_LETTERS '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'CHAR_PASSWORD_LETTERS' was moved
to static
method 'org.owasp.esapi.Encoder'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal static readonly char[] CHAR_PASSWORD_LETTERS;
+
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private static System.Collections.Hashtable characterToEntityMap;
+
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ private static System.Collections.Hashtable entityToCharacterMap;
+
+ public Encoder()
+ {
+ System.Array.Sort(Encoder.IMMUNE_HTML);
+ System.Array.Sort(Encoder.IMMUNE_HTMLATTR);
+ System.Array.Sort(Encoder.IMMUNE_JAVASCRIPT);
+ System.Array.Sort(Encoder.IMMUNE_VBSCRIPT);
+ System.Array.Sort(Encoder.IMMUNE_XML);
+ System.Array.Sort(Encoder.IMMUNE_XMLATTR);
+ System.Array.Sort(Encoder.IMMUNE_XPATH);
+ System.Array.Sort(Encoder.CHAR_LOWERS);
+ System.Array.Sort(Encoder.CHAR_UPPERS);
+ System.Array.Sort(Encoder.CHAR_DIGITS);
+ System.Array.Sort(Encoder.CHAR_SPECIALS);
+ System.Array.Sort(Encoder.CHAR_LETTERS);
+ System.Array.Sort(Encoder.CHAR_ALPHANUMERICS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_LOWERS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_UPPERS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_DIGITS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_SPECIALS);
+ System.Array.Sort(Encoder.CHAR_PASSWORD_LETTERS);
+ initializeMaps();
+ }
+
+ /// <summary> Simplifies percent-encoded and entity-encoded characters
to their
+ /// simplest form so that they can be properly validated. Attackers
+ /// frequently use encoding schemes to disguise their attacks and bypass
+ /// validation routines.
+ ///
+ /// Handling multiple encoding schemes simultaneously is difficult, and
+ /// requires some special consideration. In particular, the problem of
+ /// double-encoding is difficult for parsers, and combining several
encoding
+ /// schemes in double-encoding makes it even harder. Consider decoding
+ ///
+ /// <PRE>
+ /// &lt;
+ /// </PRE>
+ ///
+ /// or
+ ///
+ /// <PRE>
+ /// %26lt;
+ /// </PRE>
+ ///
+ /// or
+ ///
+ /// <PRE>
+ /// &lt;
+ /// </PRE>.
+ ///
+ /// This implementation disallows ALL double-encoded characters and
throws an
+ /// IntrusionException when they are detected. Also, named entities that
are
+ /// not known are simply removed.
+ ///
+ /// Note that most data from the browser is likely to be encoded with URL
+ /// encoding (FIXME: RFC). The web server will decode the URL and form
data
+ /// once, so most encoded data received in the application must have been
+ /// double-encoded by the attacker. However, some HTTP inputs are not
decoded
+ /// by the browser, so this routine allows a single level of decoding.
+ ///
+ /// </summary>
+ /// <throws> IntrusionException </throws>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IValidator.canonicalize(java.lang.String)">
+ /// </seealso>
+ public virtual System.String canonicalize(System.String input)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ EncodedStringReader reader = new EncodedStringReader(this, input);
+ while (reader.hasNext())
+ {
+ EncodedCharacter c = reader.NextCharacter;
+ if (c != null)
+ {
+ sb.Append(c.Unencoded);
+ }
+ }
+ return sb.ToString();
+ }
+
+ /// <summary> Normalizes special characters down to ASCII using the
Normalizer built
+ /// into Java.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IValidator.normalize(java.lang.String)">
+ /// </seealso>
+ public virtual System.String normalize(System.String input)
+ {
+ // Split any special characters into two parts, the base character and
+ // the modifier
+
+ System.String separated = Normalizer.normalize(input,
Normalizer.DECOMP, 0); // Java 1.4
+ // String separated = Normalizer.normalize(input, Form.NFD); // Java
1.6
+
+ // remove any character that is not ASCII
+ return separated.replaceAll("[^\\p{ASCII}]", "");
+ }
+
+ /// <summary> Checks if the character is contained in the provided array
of characters.
+ ///
+ /// </summary>
+ /// <param name="array">the array
+ /// </param>
+ /// <param name="element">the element
+ /// </param>
+ /// <returns> true, if is contained
+ /// </returns>
+ private bool isContained(char[] array, char element)
+ {
+ for (int i = 0; i < array.Length; i++)
+ {
+ if (element == array[i])
+ return true;
+ }
+ return false;
+
+ // FIXME: ENHANCE Performance enhancement here but character arrays must
+ // be sorted, which they're currently not.
+ // return( Arrays.binarySearch(array, element) >= 0 );
+ }
+
+ /// <summary> HTML Entity encode utility method. To avoid
double-encoding, this method
+ /// logs a warning if HTML entity encoded characters are passed in as
input.
+ /// Double-encoded characters in the input cause an exception to be
thrown.
+ ///
+ /// </summary>
+ /// <param name="input">the input
+ /// </param>
+ /// <param name="immune">the immune
+ /// </param>
+ /// <param name="base">the base
+ /// </param>
+ /// <returns> the string
+ /// </returns>
+ private System.String entityEncode(System.String input, char[]
base_Renamed, char[] immune)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ EncodedStringReader reader = new EncodedStringReader(this, input);
+ while (reader.hasNext())
+ {
+ EncodedCharacter c = reader.NextCharacter;
+ if (c != null)
+ {
+ if (isContained(base_Renamed, c.Unencoded) || isContained(immune,
c.Unencoded))
+ {
+ sb.Append(c.Unencoded);
+ }
+ else
+ {
+ sb.Append(c.getEncoded(ENTITY_ENCODING));
+ }
+ }
+ }
+ return sb.ToString();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForHTML(java.lang.String)
+ */
+ public virtual System.String encodeForHTML(System.String input)
+ {
+ // FIXME: ENHANCE - should this just strip out nonprintables? Why send
+ //  to the browser?
+ // FIXME: Enhance - Add a configuration for masking **** out SSN and
credit
+ // card
+
+ System.String encoded = entityEncode(input, Encoder.CHAR_ALPHANUMERICS,
IMMUNE_HTML);
+ encoded = encoded.replaceAll("\r", "<BR>");
+ encoded = encoded.replaceAll("\n", "<BR>");
+ return encoded;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForHTMLAttribute(java.lang.String)
+ */
+ public virtual System.String encodeForHTMLAttribute(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_HTMLATTR);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForJavaScript(java.lang.String)
+ */
+ public virtual System.String encodeForJavascript(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS,
Encoder.IMMUNE_JAVASCRIPT);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForVisualBasicScript(java.lang.String)
+ */
+ public virtual System.String encodeForVBScript(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_VBSCRIPT);
+ }
+
+ /// <summary> This method is not recommended. The use PreparedStatement
is the normal
+ /// and preferred approach. However, if for some reason this is
impossible,
+ /// then this method is provided as a weaker alternative. The best
approach
+ /// is to make sure any single-quotes are double-quoted. Another possible
+ /// approach is to use the {escape} syntax described in the JDBC
+ /// specification in section 1.5.6 (see
+ ///
http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html).
+ /// However, this syntax does not work with all drivers, and requires
+ /// modification of all queries.
+ ///
+ /// </summary>
+ /// <param name="input">the input
+ /// </param>
+ /// <returns> the string
+ /// </returns>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IEncoder.encodeForSQL(java.lang.String)">
+ /// </seealso>
+ public virtual System.String encodeForSQL(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+ return canonical.replaceAll("'", "''");
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForLDAP(java.lang.String)
+ */
+ public virtual System.String encodeForLDAP(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+
+ // FIXME: ENHANCE this is a negative list -- make positive?
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ for (int i = 0; i < canonical.Length; i++)
+ {
+ char c = canonical[i];
+ switch (c)
+ {
+
+ case '\\':
+ sb.Append("\\5c");
+ break;
+
+ case '*':
+ sb.Append("\\2a");
+ break;
+
+ case '(':
+ sb.Append("\\28");
+ break;
+
+ case ')':
+ sb.Append("\\29");
+ break;
+
+ case '\u0000':
+ sb.Append("\\00");
+ break;
+
+ default:
+ sb.Append(c);
+ break;
+
+ }
+ }
+ return sb.ToString();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForDN(java.lang.String)
+ */
+ public virtual System.String encodeForDN(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ if ((canonical.Length > 0) && ((canonical[0] == ' ') || (canonical[0]
== '#')))
+ {
+ sb.Append('\\'); // add the leading backslash if needed
+ }
+ for (int i = 0; i < canonical.Length; i++)
+ {
+ char c = canonical[i];
+ switch (c)
+ {
+
+ case '\\':
+ sb.Append("\\\\");
+ break;
+
+ case ',':
+ sb.Append("\\,");
+ break;
+
+ case '+':
+ sb.Append("\\+");
+ break;
+
+ case '"':
+ sb.Append("\\\"");
+ break;
+
+ case '<':
+ sb.Append("\\<");
+ break;
+
+ case '>':
+ sb.Append("\\>");
+ break;
+
+ case ';':
+ sb.Append("\\;");
+ break;
+
+ default:
+ sb.Append(c);
+ break;
+
+ }
+ }
+ // add the trailing backslash if needed
+ if ((canonical.Length > 1) && (canonical[input.Length - 1] == ' '))
+ {
+ sb.Insert(sb.Length - 1, '\\');
+ }
+ return sb.ToString();
+ }
+
+ /// <summary> This implementation encodes almost everything and may
overencode. The
+ /// difficulty is that XPath has no built in mechanism for escaping
+ /// characters. It is possible to use XQuery in a parameterized way to
+ /// prevent injection. For more information, refer to <a
+ ///
href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
+ /// article</a> which specifies the following list of characters as the
most
+ /// dangerous: ^&"*';<>(). <a
+ ///
href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
+ /// paper</a> suggests disallowing ' and " in queries.
+ ///
+ /// </summary>
+ /// <param name="input">the input
+ /// </param>
+ /// <returns> the string
+ /// </returns>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IEncoder.encodeForXPath(java.lang.String)">
+ /// </seealso>
+ public virtual System.String encodeForXPath(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_XPATH);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForXML(java.lang.String)
+ */
+ public virtual System.String encodeForXML(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_XML);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#encodeForXMLAttribute(java.lang.String)
+ */
+ public virtual System.String encodeForXMLAttribute(System.String input)
+ {
+ return entityEncode(input, Encoder.CHAR_ALPHANUMERICS, IMMUNE_XMLATTR);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForURL(java.lang.String)
+ */
+ public virtual System.String encodeForURL(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+
+ try
+ {
+ return URLEncoder.encode(canonical,
ESAPI.securityConfiguration().CharacterEncoding);
+ }
+ catch (System.IO.IOException ex)
+ {
+ throw new EncodingException("Encoding failure", "Encoding not
supported", ex);
+ }
+ catch (System.Exception e)
+ {
+ throw new EncodingException("Encoding failure", "Problem URL decoding
input", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#decodeFromURL(java.lang.String)
+ */
+ public virtual System.String decodeFromURL(System.String input)
+ {
+ System.String canonical = canonicalize(input);
+ try
+ {
+ return URLDecoder.decode(canonical,
ESAPI.securityConfiguration().CharacterEncoding);
+ }
+ catch (System.IO.IOException ex)
+ {
+ throw new EncodingException("Decoding failed", "Encoding not
supported", ex);
+ }
+ catch (System.Exception e)
+ {
+ throw new EncodingException("Decoding failed", "Problem URL decoding
input", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncoder#encodeForBase64(byte[])
+ */
+ public virtual System.String encodeForBase64(sbyte[] input, bool wrap)
+ {
+ //UPGRADE_TODO: Method 'sun.misc.CharacterEncoder.encode' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ System.String b64 = base64Encoder.encode(input);
+ // remove line-feeds and carriage-returns inserted in output
+ if (!wrap)
+ {
+ b64 = b64.replaceAll("\r", "").replaceAll("\n", "");
+ }
+ return b64;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncoder#decodeFromBase64(java.lang.String)
+ */
+ public virtual sbyte[] decodeFromBase64(System.String input)
+ {
+ //UPGRADE_TODO: Method 'sun.misc.CharacterDecoder.decodeBuffer' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1095'"
+ return base64Decoder.decodeBuffer(input);
+ }
+
+ // FIXME: ENHANCE - change formatting here to more like -- "quot", "34",
//
+ // quotation mark
+ private void initializeMaps()
+ {
+ System.String[] entityNames = new
System.String[]{"quot", "amp", "lt", "gt", "nbsp", "iexcl", "cent", "pound", "curren", "yen", "brvbar", "sect", "uml", "copy", "ordf", "laquo", "not", "shy", "reg", "macr", "deg", "plusmn", "sup2", "sup3", "acute", "micro", "para", "middot", "cedil", "sup1", "ordm", "raquo", "frac14", "frac12", "frac34", "iquest", "Agrave", "Aacute", "Acirc", "Atilde", "Auml", "Aring", "AElig", "Ccedil", "Egrave", "Eacute", "Ecirc", "Euml", "Igrave", "Iacute", "Icirc", "Iuml", "ETH", "Ntilde", "Ograve", "Oacute", "Ocirc", "Otilde", "Ouml", "times", "Oslash", "Ugrave", "Uacute", "Ucirc", "Uuml", "Yacute", "THORN", "szlig", "agrave", "aacute", "acirc", "atilde", "auml", "aring", "aelig", "ccedil", "egrave", "eacute", "ecirc", "euml", "igrave", "iacute", "icirc", "iuml", "eth", "ntilde", "ograve", "oacute", "ocirc", "otilde", "ouml", "divide", "oslash", "ugrave", "uacute", "ucirc", "uuml", "yacute", "thorn", "yuml", "OElig", "oelig", "Scaron", "scaron", "Yuml", "fnof", "circ", "tilde", "Alpha", "Beta", "Gamma", "Delta", "Epsilon", "Zeta", "Eta", "Theta", "Iota", "Kappa", "Lambda", "Mu", "Nu", "Xi", "Omicron", "Pi", "Rho", "Sigma", "Tau", "Upsilon", "Phi", "Chi", "Psi", "Omega", "alpha", "beta", "gamma", "delta", "epsilon", "zeta", "eta", "theta", "iota", "kappa", "lambda", "mu", "nu", "xi", "omicron", "pi", "rho", "sigmaf", "sigma", "tau", "upsilon", "phi", "chi", "psi", "omega", "thetasym", "upsih", "piv", "ensp", "emsp", "thinsp", "zwnj", "zwj", "lrm", "rlm", "ndash", "mdash", "lsquo", "rsquo", "sbquo", "ldquo", "rdquo", "bdquo", "dagger", "Dagger", "bull", "hellip", "permil", "prime", "Prime", "lsaquo", "rsaquo", "oline", "frasl", "euro", "image", "weierp", "real", "trade", "alefsym", "larr", "uarr", "rarr", "darr", "harr", "crarr", "lArr", "uArr", "rArr", "dArr", "hArr", "forall", "part", "exist", "empty", "nabla", "isin", "notin", "ni", "prod", "sum", "minus", "lowast", "radic", "prop", "infin", "ang", "and", "or", "cap", "cup", "int", "there4", "sim", "cong", "asymp", "ne",
+
"equiv", "le", "ge", "sub", "sup", "nsub", "sube", "supe", "oplus", "otimes", "perp", "sdot", "lceil", "rceil", "lfloor", "rfloor", "lang", "rang", "loz", "spades", "clubs", "hearts", "diams"};
+
+ char[] entityValues = new char[]{(char) (34), (char) (38), (char) (60),
(char) (62), (char) (160), (char) (161), (char) (162), (char) (163), (char)
(164), (char) (165), (char) (166), (char) (167), (char) (168), (char)
(169), (char) (170), (char) (171), (char) (172), (char) (173), (char)
(174), (char) (175), (char) (176), (char) (177), (char) (178), (char)
(179), (char) (180), (char) (181), (char) (182), (char) (183), (char)
(184), (char) (185), (char) (186), (char) (187), (char) (188), (char)
(189), (char) (190), (char) (191), (char) (192), (char) (193), (char)
(194), (char) (195), (char) (196), (char) (197), (char) (198), (char)
(199), (char) (200), (char) (201), (char) (202), (char) (203), (char)
(204), (char) (205), (char) (206), (char) (207), (char) (208), (char)
(209), (char) (210), (char) (211), (char) (212), (char) (213), (char)
(214), (char) (215), (char) (216), (char) (217), (char) (218), (char)
(219), (char) (220), (char) (221), (char) (222), (char) (223), (char)
(224), (char) (225), (char) (226), (char) (227), (char) (228), (char)
(229), (char) (230), (char) (231), (char) (232), (char) (233), (char)
(234), (char) (235), (char) (236), (char) (237), (char) (238), (char)
(239), (char) (240), (char) (241), (char) (242), (char) (243), (char)
(244), (char) (245), (char) (246), (char) (247), (char) (248), (char)
(249), (char) (250), (char) (251), (char) (252), (char) (253), (char)
(254), (char) (255), (char) (338), (char) (339), (char) (352), (char)
(353), (char) (376), (char) (402), (char) (710), (char) (732), (char)
(913), (char) (914), (char) (915), (char) (916), (char) (917), (char)
(918), (char) (919), (char) (920), (char) (921), (char) (922), (char)
(923), (char) (924), (char) (925), (char) (926), (char) (927), (char)
(928), (char) (929), (char) (931), (char) (932), (char) (933), (char)
(934), (char) (935), (char) (936), (char) (937), (char) (945), (char)
(946), (char) (947), (char) (948), (char) (949), (char) (950), (char)
(951), (char) (952), (char) (953), (char) (954), (char) (955),
+ (char) (956), (char) (957), (char) (958), (char) (959), (char) (960),
(char) (961), (char) (962), (char) (963), (char) (964), (char) (965),
(char) (966), (char) (967), (char) (968), (char) (969), (char) (977),
(char) (978), (char) (982), (char) (8194), (char) (8195), (char) (8201),
(char) (8204), (char) (8205), (char) (8206), (char) (8207), (char) (8211),
(char) (8212), (char) (8216), (char) (8217), (char) (8218), (char) (8220),
(char) (8221), (char) (8222), (char) (8224), (char) (8225), (char) (8226),
(char) (8230), (char) (8240), (char) (8242), (char) (8243), (char) (8249),
(char) (8250), (char) (8254), (char) (8260), (char) (8364), (char) (8465),
(char) (8472), (char) (8476), (char) (8482), (char) (8501), (char) (8592),
(char) (8593), (char) (8594), (char) (8595), (char) (8596), (char) (8629),
(char) (8656), (char) (8657), (char) (8658), (char) (8659), (char) (8660),
(char) (8704), (char) (8706), (char) (8707), (char) (8709), (char) (8711),
(char) (8712), (char) (8713), (char) (8715), (char) (8719), (char) (8721),
(char) (8722), (char) (8727), (char) (8730), (char) (8733), (char) (8734),
(char) (8736), (char) (8743), (char) (8744), (char) (8745), (char) (8746),
(char) (8747), (char) (8756), (char) (8764), (char) (8773), (char) (8776),
(char) (8800), (char) (8801), (char) (8804), (char) (8805), (char) (8834),
(char) (8835), (char) (8836), (char) (8838), (char) (8839), (char) (8853),
(char) (8855), (char) (8869), (char) (8901), (char) (8968), (char) (8969),
(char) (8970), (char) (8971), (char) (9001), (char) (9002), (char) (9674),
(char) (9824), (char) (9827), (char) (9829), (char) (9830)};
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ characterToEntityMap = new
System.Collections.Hashtable(entityNames.Length);
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ entityToCharacterMap = new
System.Collections.Hashtable(entityValues.Length);
+ for (int i = 0; i < entityNames.Length; i++)
+ {
+ System.String e = entityNames[i];
+ System.Char c = entityValues[i];
+ entityToCharacterMap[e] = c;
+ characterToEntityMap[c] = e;
+ }
+ }
+
+ [STAThread]
+ public static void Main(System.String[] args)
+ {
+ // Encoder encoder = new Encoder();
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test <>
+ // test") ); } catch( Exception e1 ) { System.out.println(" !" +
+ // e1.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test %41 %42
+ // test") ); } catch( Exception e2 ) { System.out.println(" !" +
+ // e2.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test %26%42
+ // test") ); } catch( Exception e2 ) { System.out.println(" !" +
+ // e2.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test %26amp;
+ // test") ); } catch( Exception e3 ) { System.out.println(" !" +
+ // e3.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test &
+ // test") ); } catch( Exception e4 ) { System.out.println(" !" +
+ // e4.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test
+ // &amp; test") ); } catch( Exception e5 ) { System.out.println(" !"
+ // + e5.getMessage() ); }
+ // try { System.out.println( ">>" + encoder.encodeForHTML("test &#ridi;
+ // test") ); } catch( Exception e6 ) { e6.printStackTrace() ; }
+ //try {
+ // System.out.println(">>" + encoder.encodeForHTML("test
 test"));
+ //} catch (Exception e7) {
+ // System.out.println(" !" + e7.getMessage());
+ //}
+ }
+
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to
class 'EncodedStringReader' to access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ private class EncodedStringReader
+ {
+ private void InitBlock(Encoder enclosingInstance)
+ {
+ this.enclosingInstance = enclosingInstance;
+ }
+ private Encoder enclosingInstance;
+ virtual public EncodedCharacter NextCharacter
+ {
+ get
+ {
+
+ // get the current character and move past it
+ testCharacter = nextCharacter;
+ EncodedCharacter c = null;
+ c = peekNextCharacter(input[nextCharacter]);
+ // System.out.println( nextCharacter + ":" + (int)c.getUnencoded() +
+ // " -> " + testCharacter );
+ nextCharacter = testCharacter;
+ if (c == null)
+ return null;
+
+ // if the current character is encoded, check for double-encoded
+ // characters
+ if (c.isEncoded())
+ {
+ testCharacter--;
+ EncodedCharacter next = peekNextCharacter(c.Unencoded);
+ if (next != null)
+ {
+ if (next.isEncoded())
+ {
+ throw new IntrusionException("Validation error", "Input contains
double encoded characters.");
+ }
+ else
+ {
+ // System.out.println("Not double-encoded");
+ }
+ }
+ }
+ return c;
+ }
+
+ }
+ public Encoder Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+
+ internal System.String input = null;
+ internal int nextCharacter = 0;
+ internal int testCharacter = 0;
+
+ public EncodedStringReader(Encoder enclosingInstance, System.String
input)
+ {
+ InitBlock(enclosingInstance);
+ // System.out.println( "***" + input );
+ if (input == null)
+ {
+ this.input = "";
+ }
+ else
+ {
+ this.input = input;
+ }
+ }
+
+ public virtual bool hasNext()
+ {
+ return nextCharacter < input.Length;
+ }
+
+ private EncodedCharacter peekNextCharacter(char currentCharacter)
+ {
+ // if we're on the last character
+ if (testCharacter == input.Length - 1)
+ {
+ testCharacter++;
+ return new EncodedCharacter(enclosingInstance, currentCharacter);
+ }
+ else if (currentCharacter == '&')
+ {
+ // if parsing an entity returns null - then we should skip it by
+ // returning null here
+ EncodedCharacter encoded = parseEntity(input, testCharacter);
+ return encoded;
+ }
+ else if (currentCharacter == '%')
+ {
+ // if parsing a % encoded character returns null, then just
+ // return the % and keep going
+ EncodedCharacter encoded = parsePercent(input, testCharacter);
+ if (encoded != null)
+ {
+ return encoded;
+ }
+ // FIXME: AAA add UTF-7 decoding
+ // FIXME: others?
+ }
+ testCharacter++;
+ return new EncodedCharacter(enclosingInstance, currentCharacter);
+ }
+
+ // return a character or null if no good character can be parsed.
+ public virtual EncodedCharacter parsePercent(System.String s, int
startIndex)
+ {
+ // FIXME: AAA check if these can be longer than 2 characters?
+ // consume as many as possible?
+ System.String possible = s.Substring(startIndex + 1, (startIndex + 3)
- (startIndex + 1));
+ try
+ {
+ //UPGRADE_TODO: Method 'java.lang.Integer.parseInt' was converted
to 'System.Convert.ToInt32' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'"
+ int c = System.Convert.ToInt32(possible, 16);
+ testCharacter += 3;
+ return new EncodedCharacter(enclosingInstance, "%" + possible, (char)
c, org.owasp.esapi.Encoder.PERCENT_ENCODING);
+ }
+ catch (System.FormatException e)
+ {
+ // System.out.println("Found % but there was no encoded character
following it");
+ return null;
+ }
+ }
+
+ /// <summary> Return a character or null if no good character can be
parsed. Badly
+ /// formed characters that simply can't be parsed are dropped, such as
+ /// &#ridi; for which there is no reasonable translation. Characters
that
+ /// aren't terminated by a semicolon are also dropped. Note that this is
+ /// legal html
+ ///
+ /// <PRE>
+ /// <body onload="&#x61ler&#116('xss body')">
+ /// </PRE>
+ /// </summary>
+ public virtual EncodedCharacter parseEntity(System.String s, int
startIndex)
+ {
+ // FIXME: AAA - figure out how to handle non-semicolon terminated
+ // characters
+ //UPGRADE_WARNING: Method 'java.lang.String.indexOf' was converted
to 'System.String.IndexOf' which may throw an
exception. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1101'"
+ int semiIndex = input.IndexOf(";", startIndex + 1);
+ if (semiIndex != - 1)
+ {
+ if (semiIndex - startIndex <= 8)
+ {
+ System.String possible = input.Substring(startIndex + 1, (semiIndex)
- (startIndex + 1)).ToLower();
+ // System.out.println( " " + possible + " -> " +
+ // testCharacter );
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.Char entity = (System.Char)
org.owasp.esapi.Encoder.entityToCharacterMap[possible];
+ //UPGRADE_TODO: The 'System.Char' structure does not have an
equivalent to
NULL. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1291'"
+ if (entity != null)
+ {
+ testCharacter += possible.Length + 2;
+ return new EncodedCharacter(enclosingInstance, "&" + possible
+ ";", entity, org.owasp.esapi.Encoder.ENTITY_ENCODING);
+ }
+ else if (possible[0] == '#')
+ {
+ // advance past this either way
+ testCharacter += possible.Length + 2;
+ try
+ {
+ // FIXME: Enhance - consider supporting #x encoding
+ int c = System.Int32.Parse(possible.Substring(1));
+ return new EncodedCharacter(enclosingInstance, "&#" + (char) c
+ ";", (char) c, org.owasp.esapi.Encoder.ENTITY_ENCODING);
+ }
+ catch (System.FormatException e)
+ {
+ // invalid character - return null
+
org.owasp.esapi.Encoder.logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Invalid
numeric entity encoding &" + possible + ";");
+ }
+ }
+ }
+ }
+ // System.out.println("Found & but there was no entity following it");
+ testCharacter++;
+ return new EncodedCharacter(enclosingInstance, "&", '&',
org.owasp.esapi.Encoder.NO_ENCODING);
+ }
+ }
+
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to
class 'EncodedCharacter' to access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ //UPGRADE_NOTE: The access modifier for this class or class field has
been changed in order to prevent compilation errors due to the visibility
level. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1296'"
+ public class EncodedCharacter
+ {
+ private void InitBlock(Encoder enclosingInstance)
+ {
+ this.enclosingInstance = enclosingInstance;
+ }
+ private Encoder enclosingInstance;
+ virtual public char Unencoded
+ {
+ get
+ {
+ return character;
+ }
+
+ }
+ public Encoder Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+
+ internal System.String raw = ""; // the core of the encoded
representation (without
+ // the prefix or suffix)
+ internal char character = (char) (0);
+ internal int originalEncoding;
+
+ public EncodedCharacter(Encoder enclosingInstance, char character)
+ {
+ InitBlock(enclosingInstance);
+ this.raw = "" + character;
+ this.character = character;
+ }
+
+ public virtual bool isEncoded()
+ {
+ return (raw.Length != 1);
+ }
+
+ public EncodedCharacter(Encoder enclosingInstance, System.String raw,
char character, int originalEncoding)
+ {
+ InitBlock(enclosingInstance);
+ this.raw = raw;
+ this.character = character;
+ this.originalEncoding = originalEncoding;
+ }
+
+ public virtual System.String getEncoded(int encoding)
+ {
+ switch (encoding)
+ {
+
+ case Encoder.NO_ENCODING:
+ return "" + character;
+
+ case Encoder.URL_ENCODING:
+ // FIXME: look up rules
+ if (System.Char.IsWhiteSpace(character))
+ return "+";
+ if (System.Char.IsLetterOrDigit(character))
+ return "" + character;
+ return "%" + (int) character;
+
+ case Encoder.PERCENT_ENCODING:
+ return "%" + (int) character;
+
+ case Encoder.ENTITY_ENCODING:
+ //UPGRADE_TODO: Method 'java.util.HashMap.get' was converted
to 'System.Collections.Hashtable.Item' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMapget_javalangObject'"
+ System.String entityName = (System.String)
org.owasp.esapi.Encoder.characterToEntityMap[character];
+ if (entityName != null)
+ return "&" + entityName + ";";
+ return "&#" + (int) character + ";";
+
+ default:
+ return null;
+
+ }
+ }
+ }
+ static Encoder()
+ {
+ logger = Logger.getLogger("ESAPI", "Encoder");
+ CHAR_LETTERS = Randomizer.union(CHAR_LOWERS, CHAR_UPPERS);
+ CHAR_ALPHANUMERICS = Randomizer.union(CHAR_LETTERS, CHAR_DIGITS);
+ CHAR_PASSWORD_LETTERS = Randomizer.union(CHAR_PASSWORD_LOWERS,
CHAR_PASSWORD_UPPERS);
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/EncryptedProperties.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,212 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IEncryptedProperties
interface. This
+ /// implementation wraps a normal properties file, and creates surrogates
for the
+ /// getProperty and setProperty methods that perform encryption and
decryption based on the Encryptor.
+ /// A very simple main program is provided that can be used to create an
+ /// encrypted properties file. A better approach would be to allow
unencrypted
+ /// properties in the file and to encrypt them the first time the file is
+ /// accessed.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IEncryptedProperties">
+ /// </seealso>
+ public class EncryptedProperties :
org.owasp.esapi.interfaces.IEncryptedProperties
+ {
+
+ /// <summary>The properties. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'properties '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_ISSUE: Class hierarchy differences
between 'java.util.Properties'
and 'System.Collections.Specialized.NameValueCollection' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'"
+ //UPGRADE_TODO: Format of property file may need to be
changed. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1089'"
+ private System.Collections.Specialized.NameValueCollection properties =
new System.Collections.Specialized.NameValueCollection();
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.EncryptedProperties'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary> Instantiates a new encrypted properties.</summary>
+ public EncryptedProperties()
+ {
+ // hidden
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncryptedProperties#getProperty(java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'getProperty'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual System.String getProperty(System.String key)
+ {
+ lock (this)
+ {
+ try
+ {
+ return ESAPI.encryptor().decrypt(properties.Get(key));
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Property retrieval failure", "Couldn't
decrypt property", e);
+ }
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncryptedProperties#setProperty(java.lang.String,
+ * java.lang.String)
+ */
+ //UPGRADE_NOTE: Synchronized keyword was removed from
method 'setProperty'. Lock expression was
added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
+ public virtual System.String setProperty(System.String key,
System.String value_Renamed)
+ {
+ lock (this)
+ {
+ try
+ {
+ System.Object tempObject;
+ //UPGRADE_TODO: Method 'java.util.Properties.setProperty' was
converted to 'System.Collections.Specialized.NameValueCollection.Item'
which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiessetProperty_javalangString_javalangString'"
+ tempObject = properties[key];
+ properties[key] = ESAPI.encryptor().encrypt(value_Renamed);
+ return (System.String) tempObject;
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Property setting failure", "Couldn't
encrypt property", e);
+ }
+ }
+ }
+
+ /// <summary> Key set.
+ ///
+ /// </summary>
+ /// <returns> the set
+ /// </returns>
+ public virtual SupportClass.SetSupport keySet()
+ {
+ return new SupportClass.HashSetSupport(properties);
+ }
+
+ /// <summary> Load.
+ ///
+ /// </summary>
+ /// <param name="in">the in
+ ///
+ /// </param>
+ /// <throws> IOException </throws>
+ /// <summary> Signals that an I/O exception has occurred.
+ /// </summary>
+ public virtual void load(System.IO.Stream in_Renamed)
+ {
+ //UPGRADE_TODO: Method 'java.util.Properties.load' was converted
to 'System.Collections.Specialized.NameValueCollection' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilPropertiesload_javaioInputStream'"
+ properties = new
System.Collections.Specialized.NameValueCollection(System.Configuration.ConfigurationSettings.AppSettings);
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Encrypted
properties loaded successfully");
+ }
+
+ /// <summary> Store.
+ ///
+ /// </summary>
+ /// <param name="out">the out
+ /// </param>
+ /// <param name="comments">the comments
+ ///
+ /// </param>
+ /// <throws> IOException </throws>
+ /// <summary> Signals that an I/O exception has occurred.
+ /// </summary>
+ public virtual void store(System.IO.Stream out_Renamed, System.String
comments)
+ {
+ //UPGRADE_ISSUE: Method 'java.util.Properties.store' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilPropertiesstore_javaioOutputStream_javalangString'"
+ properties.store(out_Renamed, comments);
+ }
+
+ /// <summary> The main method.
+ ///
+ /// </summary>
+ /// <param name="args">the arguments
+ ///
+ /// </param>
+ /// <throws> Exception </throws>
+ /// <summary> the exception
+ /// </summary>
+ [STAThread]
+ public static void Main(System.String[] args)
+ {
+ // FIXME: AAA verify that this still works
+ System.IO.FileInfo f = new System.IO.FileInfo(args[0]);
+
Logger.getLogger("EncryptedProperties", "main").logDebug(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Loading
encrypted properties from " + f.FullName);
+ bool tmpBool;
+ if (System.IO.File.Exists(f.FullName))
+ tmpBool = true;
+ else
+ tmpBool = System.IO.Directory.Exists(f.FullName);
+ if (!tmpBool)
+ throw new System.IO.IOException("Properties file not found: " +
f.FullName);
+
Logger.getLogger("EncryptedProperties", "main").logDebug(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Encrypted
properties found in " + f.FullName);
+ EncryptedProperties ep = new EncryptedProperties();
+ //UPGRADE_TODO: Constructor 'java.io.FileInputStream.FileInputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileInputStreamFileInputStream_javaioFile'"
+ System.IO.FileStream in_Renamed = new System.IO.FileStream(f.FullName,
System.IO.FileMode.Open, System.IO.FileAccess.Read);
+ ep.load(in_Renamed);
+
+ //UPGRADE_TODO: The differences in the expected value of parameters
for constructor 'java.io.BufferedReader.BufferedReader' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ //UPGRADE_WARNING: At least one expression was used more than once in
the target
code. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1181'"
+ System.IO.StreamReader br = new System.IO.StreamReader(new
System.IO.StreamReader(System.Console.OpenStandardInput(),
System.Text.Encoding.Default).BaseStream, new
System.IO.StreamReader(System.Console.OpenStandardInput(),
System.Text.Encoding.Default).CurrentEncoding);
+ System.String key = null;
+ do
+ {
+ System.Console.Out.Write("Enter key: ");
+ key = br.ReadLine();
+ System.Console.Out.Write("Enter value: ");
+ System.String value_Renamed = br.ReadLine();
+ if (key != null && key.Length > 0 && value_Renamed.Length > 0)
+ {
+ ep.setProperty(key, value_Renamed);
+ }
+ }
+ while (key != null && key.Length > 0);
+
+ //UPGRADE_TODO: Constructor 'java.io.FileOutputStream.FileOutputStream'
was converted to 'System.IO.FileStream.FileStream' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioFileOutputStreamFileOutputStream_javaioFile'"
+ System.IO.FileStream out_Renamed = new System.IO.FileStream(f.FullName,
System.IO.FileMode.Create);
+ ep.store(out_Renamed, "Encrypted Properties File");
+ out_Renamed.Close();
+
+ System.Collections.IEnumerator i = ep.keySet().GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String k = (System.String) i.Current;
+ System.String value_Renamed = ep.getProperty(k);
+ System.Console.Out.WriteLine(" " + k + "=" + value_Renamed);
+ }
+ }
+ static EncryptedProperties()
+ {
+ logger = Logger.getLogger("ESAPI", "EncryptedProperties");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Encryptor.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,329 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using System.Text;
+using RedCorona.Cryptography;
+using System.Security.Cryptography;
+
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+using IntegrityException = org.owasp.esapi.errors.IntegrityException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IEncryptor interface. This
implementation
+ /// layers on the JCE provided cryptographic package. Algorithms used are
+ /// configurable in the ESAPI.properties file.
+ ///
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IEncryptor">
+ /// </seealso>
+ public class Encryptor : org.owasp.esapi.interfaces.IEncryptor
+ {
+ virtual public long TimeStamp
+ {
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#getTimeStamp()
+ */
+
+ get
+ {
+ //UPGRADE_TODO: Method 'java.util.Date.getTime' was converted
to 'System.DateTime.Ticks' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'"
+ return System.DateTime.Now.Ticks;
+ }
+
+ }
+
+ /// <summary>The private key. </summary>
+ internal SupportClass.PrivateKeySupport privateKey = null;
+
+ /// <summary>The public key. </summary>
+ internal SupportClass.PublicKeySupport publicKey = null;
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Encryptor'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ // FIXME: AAA need global scrub of what methods need to log
+
+ //UPGRADE_ISSUE: Class 'javax.crypto.spec.PBEParameterSpec' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxcryptospecPBEParameterSpec'"
+ internal PKCSKeyGenerator parameterSpec = null;
+ internal System.Security.Cryptography.SymmetricAlgorithm secretKey =
null;
+ internal System.String encryptAlgorithm = "PBEWithMD5AndDES";
+ internal System.String signatureAlgorithm = "SHAwithDSA";
+ internal System.String hashAlgorithm = "SHA-512";
+ internal System.String randomAlgorithm = "SHA1PRNG";
+ internal System.String encoding = "UTF-8";
+
+ public Encryptor()
+ {
+
+ // FIXME: AAA - need support for key and salt changing. What's best
interface?
+ sbyte[] salt = ESAPI.securityConfiguration().MasterSalt;
+ char[] pass = ESAPI.securityConfiguration().MasterPassword;
+
+ // setup algorithms
+ encryptAlgorithm = ESAPI.securityConfiguration().EncryptionAlgorithm;
+ signatureAlgorithm =
ESAPI.securityConfiguration().DigitalSignatureAlgorithm;
+ randomAlgorithm = ESAPI.securityConfiguration().RandomAlgorithm;
+ hashAlgorithm = ESAPI.securityConfiguration().HashAlgorithm;
+
+ try
+ {
+ //UPGRADE_NOTE: Cryptographic classes that handle keys behave
differently in the .NET
Framework. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1288'"
+ //UPGRADE_TODO: A transformation string might not be supported by the
classes in the System.Security.Cryptography
namespace. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1287'"
+ System.Security.Cryptography.SymmetricAlgorithm kf =
System.Security.Cryptography.SymmetricAlgorithm.Create(encryptAlgorithm);
+ new System.Security.Cryptography.PasswordDeriveBytes(new String(pass),
null);
+ //UPGRADE_TODO: Method 'javax.crypto.SecretKeyFactory.generateSecret'
was converted
to 'System.Security.Cryptography.SymmetricAlgorithm.GenerateKey' which has
a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxcryptoSecretKeyFactorygenerateSecret_javasecurityspecKeySpec'"
+ secretKey = kf.GenerateKey();
+ encoding = ESAPI.securityConfiguration().CharacterEncoding;
+
+ // Set up signing keypair using the master password and salt
+ // FIXME: Enhance - make DSA configurable
+ //UPGRADE_ISSUE: Class 'java.security.KeyPairGenerator' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ //UPGRADE_ISSUE: Method 'java.security.KeyPairGenerator.getInstance'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.security.SecureRandom.getInstance' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ SupportClass.SecureRandomSupport random = new
SupportClass.SecureRandomSupport();
+ sbyte[] seed =
SupportClass.ToSByteArray(SupportClass.ToByteArray(hash(new
System.String(pass), new
System.String(SupportClass.ToCharArray(SupportClass.ToByteArray(salt))))));
+ random.SetSeed(SupportClass.ToByteArray(seed));
+ //UPGRADE_ISSUE: Method 'java.security.KeyPairGenerator.initialize'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ keyGen.initialize(1024, random);
+ //UPGRADE_TODO: The class 'java.security.KeyPair' was converted
to 'SupportClass.KeyPairSupport', which is not
serializable. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1277'"
+ //UPGRADE_ISSUE:
Method 'java.security.KeyPairGenerator.generateKeyPair' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javasecurityKeyPairGenerator'"
+ SupportClass.KeyPairSupport pair = keyGen.generateKeyPair();
+ privateKey = pair.Private;
+ publicKey = pair.Public;
+ }
+ catch (System.Exception e)
+ {
+ // can't throw this exception in initializer, but this will log it
+ new EncryptionException("Encryption failure", "Error creating
Encryptor", e);
+ }
+ }
+
+ /// <summary> Hashes the data using the specified algorithm and the Java
MessageDigest class. This method
+ /// first adds the salt, then the data, and then rehashes 1024 times to
help strengthen weak passwords.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IEncryptor.hash(java.lang.String,java.lang.String)">
+ /// </seealso>
+ public virtual System.String hash(System.String plaintext, System.String
salt)
+ {
+ sbyte[] bytes = null;
+ try
+ {
+ SupportClass.MessageDigestSupport digest =
SupportClass.MessageDigestSupport.GetInstance(hashAlgorithm);
+ digest.Reset();
+
digest.Update(SupportClass.ToByteArray(ESAPI.securityConfiguration().MasterSalt));
+ digest.Update(SupportClass.ToByteArray(salt));
+ digest.Update(SupportClass.ToByteArray(plaintext));
+
+ // rehash a number of times to help strengthen weak passwords
+ // FIXME: ENHANCE make iterations configurable
+ bytes = digest.DigestData();
+ for (int i = 0; i < 1024; i++)
+ {
+ digest.Reset();
+ bytes = digest.DigestData(bytes);
+ }
+ System.String encoded = ESAPI.encoder().encodeForBase64(bytes, false);
+ return encoded;
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Internal error", "Can't find hash
algorithm " + hashAlgorithm, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#encrypt(java.lang.String)
+ */
+ public virtual System.String encrypt(System.String plaintext)
+ {
+ // Note - Cipher is not threadsafe so we create one locally
+ try
+ {
+ SupportClass.CryptoSupport encrypter = new
SupportClass.CryptoSupport(encryptAlgorithm);
+ ICryptoTransform parameterSpec =
PKCSKeyGenerator.Generate(this.secretKey, (new
ASCIIEncoding().GetBytes(salt)), 20, 1);
+
+
//encrypter.CryptoInit(System.Security.Cryptography.CryptoStreamMode.Write,
secretKey, parameterSpec);
+ //UPGRADE_TODO: Method 'java.lang.String.getBytes' was converted
to 'System.Text.Encoding.GetEncoding(string).GetBytes(string)' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javalangStringgetBytes_javalangString'"
+ sbyte[] output =
SupportClass.ToSByteArray(System.Text.Encoding.GetEncoding(encoding).GetBytes(plaintext));
+ parameterSpec.TransformBlock(ouput, 0, output.Length);
+ sbyte[] enc = encrypter.CryptoDoFinal(output);
+ return ESAPI.encoder().encodeForBase64(enc, false);
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new EncryptionException("Decryption failure", "Decryption
problem: " + e.Message, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#decrypt(java.lang.String)
+ */
+ public virtual System.String decrypt(System.String ciphertext)
+ {
+ // Note - Cipher is not threadsafe so we create one locally
+ try
+ {
+ SupportClass.CryptoSupport decrypter = new
SupportClass.CryptoSupport(encryptAlgorithm);
+
decrypter.CryptoInit(System.Security.Cryptography.CryptoStreamMode.Read,
secretKey, parameterSpec);
+ sbyte[] dec = ESAPI.encoder().decodeFromBase64(ciphertext);
+ sbyte[] output = decrypter.CryptoDoFinal(dec);
+ //UPGRADE_TODO: The differences in the Format of parameters for
constructor 'java.lang.String.String' may cause compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ return
System.Text.Encoding.GetEncoding(encoding).GetString(SupportClass.ToByteArray(output));
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new EncryptionException("Decryption failed", "Decryption
problem: " + e.Message, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#sign(java.lang.String)
+ */
+ public virtual System.String sign(System.String data)
+ {
+ System.String signatureAlgorithm = "SHAwithDSA";
+ try
+ {
+ SupportClass.DigitalSignature signer =
SupportClass.DigitalSignature.GetInstance(signatureAlgorithm);;
+ //UPGRADE_TODO: Method 'java.security.Signature.initSign' was
converted to 'SupportClass.DigitalSignature.Signing' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitSign_javasecurityPrivateKey'"
+ signer.Signing();
+ signer.Update(SupportClass.ToByteArray(data));
+ //UPGRADE_TODO: Method 'java.security.Signature.sign' was converted
to 'SupportClass.DigitalSignature.Sign' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignaturesign'"
+ sbyte[] bytes = SupportClass.ToSByteArray(signer.Sign());
+ return ESAPI.encoder().encodeForBase64(bytes, true);
+ }
+ catch (System.Exception e)
+ {
+ throw new EncryptionException("Signature failure", "Can't find
signature algorithm " + signatureAlgorithm, e);
+ }
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IEncryptor#verifySignature(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool verifySignature(System.String signature,
System.String data)
+ {
+ try
+ {
+ sbyte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
+ SupportClass.DigitalSignature signer =
SupportClass.DigitalSignature.GetInstance(signatureAlgorithm);;
+ //UPGRADE_TODO: Method 'java.security.Signature.initVerify' was
converted to 'SupportClass.DigitalSignature.Verification' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureinitVerify_javasecurityPublicKey'"
+ signer.Verification();
+ signer.Update(SupportClass.ToByteArray(data));
+ //UPGRADE_TODO: Method 'java.security.Signature.verify' was converted
to 'SupportClass.DigitalSignature.Verify' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javasecuritySignatureverify_byte[]'"
+ return signer.Verify(SupportClass.ToByteArray(bytes));
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ new EncryptionException("Invalid signature", "Problem verifying
signature: " + e.Message, e);
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#seal(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual System.String seal(System.String data, long expiration)
+ {
+ try
+ {
+ return this.encrypt(expiration + ":" + data);
+ }
+ catch (EncryptionException e)
+ {
+ throw new IntegrityException(e.UserMessage, e.LogMessage, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IEncryptor#verifySeal(java.lang.String,
+ * java.lang.String)
+ */
+ public virtual bool verifySeal(System.String seal, System.String data)
+ {
+ System.String plaintext = null;
+ try
+ {
+ plaintext = decrypt(seal);
+ }
+ catch (EncryptionException e)
+ {
+ new EncryptionException("Invalid seal", "Seal did not decrypt
properly", e);
+ return false;
+ }
+
+ int index = plaintext.IndexOf(":");
+ if (index == - 1)
+ {
+ new EncryptionException("Invalid seal", "Seal did not contain properly
formatted separator");
+ return false;
+ }
+
+ System.String timestring = plaintext.Substring(0, (index) - (0));
+ //UPGRADE_TODO: Method 'java.util.Date.getTime' was converted
to 'System.DateTime.Ticks' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilDategetTime'"
+ long now = System.DateTime.Now.Ticks;
+ long expiration = System.Int64.Parse(timestring);
+ if (now > expiration)
+ {
+ new EncryptionException("Invalid seal", "Seal expiration date has
expired");
+ return false;
+ }
+
+ System.String sealedValue = plaintext.Substring(index + 1);
+ if (!sealedValue.Equals(data))
+ {
+ new EncryptionException("Invalid seal", "Seal data does not match");
+ return false;
+ }
+ return true;
+ }
+ static Encryptor()
+ {
+ logger = Logger.getLogger("ESAPI", "Encryptor");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Executor.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,151 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using ExecutorException = org.owasp.esapi.errors.ExecutorException;
+using IValidator = org.owasp.esapi.interfaces.IValidator;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the Executor interface. This
implementation is very restrictive. Commands must exactly
+ /// equal the canonical path to an executable on the system. Valid
characters for parameters are alphanumeric,
+ /// forward-slash, and dash.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IExecutor">
+ /// </seealso>
+ public class Executor : org.owasp.esapi.interfaces.IExecutor
+ {
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Executor'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ public Executor()
+ {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IExecutor#executeSystemCommand(java.lang.String,
java.util.List, java.io.File,
+ * int)
+ */
+ public virtual System.String executeSystemCommand(System.IO.FileInfo
executable, System.Collections.IList params_Renamed, System.IO.FileInfo
workdir, int timeoutSeconds)
+ {
+ System.IO.StreamReader br = null;
+ try
+ {
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Initiating
executable: " + executable + " " +
SupportClass.CollectionToString(params_Renamed) + " in " + workdir);
+ IValidator validator = ESAPI.validator();
+
+ // command must exactly match the canonical path and must actually
exist on the file system
+ if (!executable.FullName.Equals(executable.FullName))
+ {
+ throw new ExecutorException("Execution failure", "Invalid path to
executable file: " + executable);
+ }
+ bool tmpBool;
+ if (System.IO.File.Exists(executable.FullName))
+ tmpBool = true;
+ else
+ tmpBool = System.IO.Directory.Exists(executable.FullName);
+ if (!tmpBool)
+ {
+ throw new ExecutorException("Execution failure", "No such
executable: " + executable);
+ }
+
+ // parameters must only contain alphanumerics, dash, and forward slash
+ // FIXME: ENHANCE make configurable regexes? Update comments!
+ System.Collections.IEnumerator i = params_Renamed.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String param = (System.String) i.Current;
+ if (!validator.isValidDataFromBrowser("fixme", "SystemCommand",
param))
+ {
+ throw new ExecutorException("Execution failure", "Illegal characters
in parameter to executable: " + param);
+ }
+ }
+
+ // working directory must exist
+ bool tmpBool2;
+ if (System.IO.File.Exists(workdir.FullName))
+ tmpBool2 = true;
+ else
+ tmpBool2 = System.IO.Directory.Exists(workdir.FullName);
+ if (!tmpBool2)
+ {
+ throw new ExecutorException("Execution failure", "No such working
directory for running executable: " + workdir.FullName);
+ }
+
+ params_Renamed.Insert(0, executable.FullName);
+ System.String[] command = (System.String[])
SupportClass.ICollectionSupport.ToArray(params_Renamed, new
System.String[0]);
+ //UPGRADE_ISSUE: Method 'java.lang.Runtime.exec' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javalangRuntimeexec_javalangString[]_javalangString[]_javaioFile'"
+ System.Diagnostics.Process process =
System.Diagnostics.Process.GetCurrentProcess().exec(command, new
System.String[0], workdir);
+
+ // FIXME: Future - this is how to implement this in Java 1.5+
+ // ProcessBuilder pb = new ProcessBuilder(params);
+ // Map env = pb.environment();
+ // Security check - clear environment variables!
+ // env.clear();
+ // pb.directory(workdir);
+ // pb.redirectErrorStream(true);
+ // FIXME: ENHANCE need a timer
+ // Process process = pb.start();
+ System.IO.Stream is_Renamed = process.StandardInput.BaseStream;
+ System.IO.StreamReader isr = new System.IO.StreamReader(is_Renamed,
System.Text.Encoding.Default);
+ //UPGRADE_TODO: The differences in the expected value of parameters
for constructor 'java.io.BufferedReader.BufferedReader' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1092'"
+ br = new System.IO.StreamReader(isr.BaseStream, isr.CurrentEncoding);
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ System.String line;
+ while ((line = br.ReadLine()) != null)
+ {
+ sb.Append(line + "\n");
+ }
+
logger.logTrace(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "System
command successful: " + SupportClass.CollectionToString(params_Renamed));
+ return sb.ToString();
+ }
+ catch (System.Exception e)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new ExecutorException("Execution failure", "Exception thrown
during execution of system command: " + e.Message, e);
+ }
+ finally
+ {
+ try
+ {
+ if (br != null)
+ {
+ br.Close();
+ }
+ }
+ catch (System.IO.IOException e)
+ {
+ // give up
+ }
+ }
+ }
+ static Executor()
+ {
+ logger = Logger.getLogger("ESAPI", "Executor");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/HTTPUtilities.cs Tue Jun 14 21:31:31
2011
@@ -0,0 +1,668 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+//UPGRADE_TODO: The type 'java.util.regex.Pattern' could not be found. If
it was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using Pattern = java.util.regex.Pattern;
+//UPGRADE_TODO: The type 'org.apache.commons.fileupload.FileItem' could
not be found. If it was not included in the conversion, there may be
compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using FileItem = org.apache.commons.fileupload.FileItem;
+//UPGRADE_TODO: The type 'org.apache.commons.fileupload.ProgressListener'
could not be found. If it was not included in the conversion, there may be
compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using ProgressListener = org.apache.commons.fileupload.ProgressListener;
+//UPGRADE_TODO: The
type 'org.apache.commons.fileupload.disk.DiskFileItemFactory' could not be
found. If it was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using DiskFileItemFactory =
org.apache.commons.fileupload.disk.DiskFileItemFactory;
+//UPGRADE_TODO: The
type 'org.apache.commons.fileupload.servlet.ServletFileUpload' could not be
found. If it was not included in the conversion, there may be compiler
issues. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1262'"
+using ServletFileUpload =
org.apache.commons.fileupload.servlet.ServletFileUpload;
+using AccessControlException =
org.owasp.esapi.errors.AccessControlException;
+using AuthenticationException =
org.owasp.esapi.errors.AuthenticationException;
+using EncodingException = org.owasp.esapi.errors.EncodingException;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+using ValidationException = org.owasp.esapi.errors.ValidationException;
+using ValidationUploadException =
org.owasp.esapi.errors.ValidationUploadException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IHTTPUtilities interface.
This implementation
+ /// uses the Apache Commons FileUploader library, which in turn uses the
Apache
+ /// Commons IO library.
+ /// <P>
+ /// To simplify the interface, this class uses the current request and
response that
+ /// are tracked by ThreadLocal variables in the Authenticator. This means
that you
+ /// must have called ESAPI.authenticator().setCurrentHTTP(null, response)
before
+ /// calling these methods. This is done automatically by the
Authenticator.login() method.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IHTTPUtilities">
+ /// </seealso>
+ public class HTTPUtilities : org.owasp.esapi.interfaces.IHTTPUtilities
+ {
+ //UPGRADE_NOTE: Field 'EnclosingInstance' was added to
class 'AnonymousClassProgressListener' to access its enclosing
instance. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1019'"
+ private class AnonymousClassProgressListener : ProgressListener
+ {
+ public
AnonymousClassProgressListener(System.Web.SessionState.HttpSessionState
session, HTTPUtilities enclosingInstance)
+ {
+ InitBlock(session, enclosingInstance);
+ }
+ private void InitBlock(System.Web.SessionState.HttpSessionState
session, HTTPUtilities enclosingInstance)
+ {
+ this.session = session;
+ this.enclosingInstance = enclosingInstance;
+ }
+ //UPGRADE_NOTE: Final variable session was copied into class
AnonymousClassProgressListener. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1023'"
+ private System.Web.SessionState.HttpSessionState session;
+ private HTTPUtilities enclosingInstance;
+ public HTTPUtilities Enclosing_Instance
+ {
+ get
+ {
+ return enclosingInstance;
+ }
+
+ }
+ private long megaBytes = - 1;
+ private long progress = 0;
+
+ public virtual void update(long pBytesRead, long pContentLength, int
pItems)
+ {
+ if (pItems == 0)
+ return ;
+ long mBytes = pBytesRead / 1000000;
+ if (megaBytes == mBytes)
+ return ;
+ megaBytes = mBytes;
+ //UPGRADE_WARNING: Data types in Visual C# might be different. Verify
the accuracy of narrowing
conversions. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1042'"
+ progress = (long) (((double) pBytesRead / (double) pContentLength) *
100);
+ session.Add("progress", System.Convert.ToString(progress));
+ // logger.logSuccess(Logger.SECURITY, " Item " + pItems + " (" +
progress + "% of " + pContentLength + " bytes]");
+ }
+ }
+ private void InitBlock()
+ {
+ maxBytes = ESAPI.securityConfiguration().AllowedFileUploadSize;
+ }
+ /// <summary> Returns true if the request was transmitted over an SSL
enabled
+ /// connection. This implementation ignores the built-in isSecure()
method
+ /// and uses the URL to determine if the request was transmitted over
SSL.
+ /// </summary>
+ virtual public bool SecureChannel
+ {
+ get
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ return (SupportClass.GetRequestURL(request)[4] == 's');
+ }
+
+ }
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.HTTPUtilities'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary>The max bytes. </summary>
+ //UPGRADE_NOTE: The initialization of 'maxBytes' was moved to
method 'InitBlock'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ internal int maxBytes;
+
+ public HTTPUtilities()
+ {
+ InitBlock();
+ }
+
+ // FIXME: Enhance - consider adding addQueryChecksum(String href) that
would just verify that none of the parameters in the querystring have
changed. Could do the same for forms.
+ // FIXME: Enhance - also verifyQueryChecksum()
+
+
+
+ // FIXME: need to make this easier to add to forms.
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.addCSRFToken(java.lang.String)">
+ /// </seealso>
+ public virtual System.String addCSRFToken(System.String href)
+ {
+ User user = ESAPI.authenticator().getCurrentUser();
+
+ // FIXME: AAA getCurrentUser should never return null
+ if (user.Anonymous || user == null)
+ {
+ return href;
+ }
+
+ if ((href.IndexOf('?') != - 1) || (href.IndexOf('&') != - 1))
+ {
+ return href + "&" + user.CSRFToken;
+ }
+ else
+ {
+ return href + "?" + user.CSRFToken;
+ }
+ }
+
+
+ /// <summary> Adds a cookie to the HttpServletResponse that uses Secure
and HttpOnly
+ /// flags. This implementation does not use the addCookie method because
+ /// it does not support HttpOnly, so it just creates a cookie header
manually.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.safeAddCookie(java.lang.String,">
+ /// java.lang.String, java.util.Date, java.lang.String,
+ /// java.lang.String, javax.servlet.http.HttpServletResponse)
+ /// </seealso>
+ public virtual void safeAddCookie(System.String name, System.String
value_Renamed, int maxAge, System.String domain, System.String path)
+ {
+ // verify name matches
+ Pattern cookieName = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPCookieName");
+ if (!cookieName.matcher(name).matches())
+ {
+ throw new ValidationException("Invalid cookie", "Attempt to set a
cookie name (" + name + ") that violates the global rule in
ESAPI.properties (" + cookieName.pattern() + ")");
+ }
+
+ // verify value matches
+ Pattern cookieValue = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPCookieValue");
+ if (!cookieValue.matcher(value_Renamed).matches())
+ {
+ throw new ValidationException("Invalid cookie", "Attempt to set a
cookie value (" + value_Renamed + ") that violates the global rule in
ESAPI.properties (" + cookieValue.pattern() + ")");
+ }
+
+ // FIXME: AAA need to validate domain and path! Otherwise response
splitting etc.. Can use Cookie object?
+
+ // create the special cookie header
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+ // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
+ // FIXME: AAA test if setting a separate set-cookie header for each
cookie works!
+ System.String header = name + "=" + value_Renamed;
+ if (maxAge != - 1)
+ header += ("; Max-Age=" + maxAge);
+ if (domain != null)
+ header += ("; Domain=" + domain);
+ if (path != null)
+ header += ("; Path=" + path);
+ header += "; Secure; HttpOnly";
+ response.AppendHeader("Set-Cookie", header);
+ }
+
+ /*
+ * Adds a header to an HttpServletResponse after checking for special
+ * characters (such as CRLF injection) that could enable attacks like
+ * response splitting and other header-based attacks that nobody has
thought
+ * of yet.
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#safeAddHeader(java.lang.String,
+ * java.lang.String, java.lang.String,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void safeAddHeader(System.String name, System.String
value_Renamed)
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ // FIXME: AAA consider using the regex for header names and header
values here
+ Pattern headerName = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPHeaderName");
+ if (!headerName.matcher(name).matches())
+ {
+ throw new ValidationException("Invalid header", "Attempt to set a
header name that violates the global rule in ESAPI.properties: " + name);
+ }
+ Pattern headerValue = ((SecurityConfiguration)
ESAPI.securityConfiguration()).getValidationPattern("HTTPHeaderValue");
+ if (!headerValue.matcher(value_Renamed).matches())
+ {
+ throw new ValidationException("Invalid header", "Attempt to set a
header value that violates the global rule in ESAPI.properties: " +
value_Renamed);
+ }
+ response.AppendHeader(name, value_Renamed);
+ }
+
+ //FIXME: AAA add these to the interface
+ /// <summary> Return exactly what was sent to prevent URL rewriting. URL
rewriting is intended to be a session management
+ /// scheme that doesn't require cookies, but exposes the sessionid in
many places, including the URL bar,
+ /// favorites, HTML files in cache, logs, and cut-and-paste links. For
these reasons, session rewriting is
+ /// more dangerous than the evil cookies it was intended to replace.
+ ///
+ /// </summary>
+ /// <param name="url">
+ /// </param>
+ /// <returns>
+ /// </returns>
+ public virtual System.String safeEncodeURL(System.String url)
+ {
+ return url;
+ }
+
+ /// <summary> Return exactly what was sent to prevent URL rewriting. URL
rewriting is intended to be a session management
+ /// scheme that doesn't require cookies, but exposes the sessionid in
many places, including the URL bar,
+ /// favorites, HTML files in cache, logs, and cut-and-paste links. For
these reasons, session rewriting is
+ /// more dangerous than the evil cookies it was intended to replace.
+ ///
+ /// </summary>
+ /// <param name="url">
+ /// </param>
+ /// <returns>
+ /// </returns>
+ public virtual System.String safeEncodeRedirectURL(System.String url)
+ {
+ return url;
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#changeSessionIdentifier(javax.servlet.http.HttpServletRequest)
+ */
+ public virtual System.Web.SessionState.HttpSessionState
changeSessionIdentifier()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ //UPGRADE_TODO: Class 'java.util.HashMap' was converted
to 'System.Collections.Hashtable' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilHashMap'"
+ System.Collections.IDictionary temp = new
System.Collections.Hashtable();
+ System.Web.SessionState.HttpSessionState session =
System.Web.HttpContext.Current.Session;
+
+ // make a copy of the session content
+ System.Collections.IEnumerator e = Session.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Enumeration.hasMoreElements' was
converted to 'System.Collections.IEnumerator.MoveNext' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationhasMoreElements'"
+ while (e != null && e.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Enumeration.nextElement' was
converted to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilEnumerationnextElement'"
+ System.String name = (System.String) e.Current;
+ System.Object value_Renamed = session[name];
+ temp[name] = value_Renamed;
+ }
+
+ // invalidate the old session and create a new one
+ //UPGRADE_TODO: Method 'javax.servlet.http.HttpSession.invalidate' was
converted to 'System.Web.SessionState.HttpSessionState.Abandon' which has a
different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpSessioninvalidate'"
+ session.Abandon();
+ //UPGRADE_TODO:
Method 'javax.servlet.http.HttpServletRequest.getSession' was converted
to 'System.Web.HttpContext.Current.Session' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletRequestgetSession_boolean'"
+ System.Web.SessionState.HttpSessionState newSession =
System.Web.HttpContext.Current.Session;
+
+ // copy back the session content
+ //UPGRADE_TODO: Method 'java.util.Map.entrySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'"
+ System.Collections.IEnumerator i = new
SupportClass.HashSetSupport(temp).GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.Collections.DictionaryEntry entry =
(System.Collections.DictionaryEntry) i.Current;
+ newSession.Add((System.String) entry.Key, entry.Value);
+ }
+ return newSession;
+ }
+
+
+
+ // FIXME: ENHANCE - add configuration for entry pages that don't require
a token
+ /*
+ * This implementation uses the parameter name to store the token.
+ * (non-Javadoc)
+ * @see org.owasp.esapi.interfaces.IHTTPUtilities#verifyCSRFToken()
+ */
+ public virtual void verifyCSRFToken()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ User user = ESAPI.authenticator().getCurrentUser();
+ // FIXME: AAA this is a bad test - need a way to not enforce CSRF token
on entry points
+ // if this is the first request after logging in, let them pass
+ if (user.isFirstRequest())
+ return ;
+
+ //UPGRADE_TODO: Method 'javax.servlet.ServletRequest.getParameter' was
converted to 'System.Web.HttpRequest' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletServletRequestgetParameter_javalangString'"
+ if (request[user.CSRFToken] == null)
+ {
+ throw new IntrusionException("Authentication failed", "Attempt to
access application without appropriate token");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#decryptHiddenField(java.lang.String)
+ */
+ public virtual System.String decryptHiddenField(System.String encrypted)
+ {
+ try
+ {
+ return ESAPI.encryptor().decrypt(encrypted);
+ }
+ catch (EncryptionException e)
+ {
+ throw new IntrusionException("Invalid request", "Tampering detected.
Hidden field data did not decrypt properly.", e);
+ }
+ }
+
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#decryptQuueryString(java.lang.String)
+ */
+ public virtual System.Collections.IDictionary
decryptQueryString(System.String encrypted)
+ {
+ // FIXME: AAA needs test cases
+ System.String plaintext = ESAPI.encryptor().decrypt(encrypted);
+ return queryToMap(plaintext);
+ }
+
+ /// <throws> EncryptionException </throws>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.decryptStateFromCookie()">
+ /// </seealso>
+ public virtual System.Collections.IDictionary decryptStateFromCookie()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpCookie[] cookies = SupportClass.GetCookies(request);
+ System.Web.HttpCookie c = null;
+ for (int i = 0; i < cookies.Length; i++)
+ {
+ if (cookies[i].Name.Equals("state"))
+ {
+ c = cookies[i];
+ }
+ }
+ System.String encrypted = c.Value;
+ System.String plaintext = ESAPI.encryptor().decrypt(encrypted);
+
+ return queryToMap(plaintext);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#encryptHiddenField(java.lang.String)
+ */
+ public virtual System.String encryptHiddenField(System.String
value_Renamed)
+ {
+ return ESAPI.encryptor().encrypt(value_Renamed);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#encryptQueryString(java.lang.String)
+ */
+ public virtual System.String encryptQueryString(System.String query)
+ {
+ return ESAPI.encryptor().encrypt(query);
+ }
+
+ /// <throws> EncryptionException </throws>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.encryptStateInCookie(java.util.Map)">
+ /// </seealso>
+ public virtual void encryptStateInCookie(System.Collections.IDictionary
cleartext)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ //UPGRADE_TODO: Method 'java.util.Map.entrySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapentrySet'"
+ System.Collections.IEnumerator i = new
SupportClass.HashSetSupport(cleartext).GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ try
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.Collections.DictionaryEntry entry =
(System.Collections.DictionaryEntry) i.Current;
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Object.toString' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String name =
ESAPI.encoder().encodeForURL(entry.Key.ToString());
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Object.toString' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String value_Renamed =
ESAPI.encoder().encodeForURL(entry.Value.ToString());
+ sb.Append(name + "=" + value_Renamed);
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ if (i.MoveNext())
+ sb.Append("&");
+ }
+ catch (EncodingException e)
+ {
+
logger.logError(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
encrypting state in cookie - skipping entry", e);
+ }
+ }
+ // FIXME: AAA - add a check to see if cookie length will exceed 2K limit
+ System.String encrypted = ESAPI.encryptor().encrypt(sb.ToString());
+ try
+ {
+ this.safeAddCookie("state", encrypted, - 1, null, null);
+ }
+ catch (ValidationException e)
+ {
+ throw new EncryptionException("Error generating encrypted cookie",
e.LogMessage, e);
+ }
+ }
+
+ /// <summary> Uses the Apache Commons FileUploader to parse the
multipart HTTP request
+ /// and extract any files therein. Note that the progress of any uploads
is
+ /// put into a session attribute, where it can be retrieved with a simple
+ /// JSP.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.safeGetFileUploads(javax.servlet.http.HttpServletRequest,">
+ /// java.io.File, java.io.File, int)
+ /// </seealso>
+ public virtual void getSafeFileUploads(System.IO.FileInfo tempDir,
System.IO.FileInfo finalDir)
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ try
+ {
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'session '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ System.Web.SessionState.HttpSessionState session =
System.Web.HttpContext.Current.Session;
+ if (!ServletFileUpload.isMultipartContent(request))
+ {
+ throw new ValidationUploadException("Upload failed", "Not a multipart
request");
+ }
+
+ // this factory will store ALL files in the temp directory,
+ // regardless of size
+ DiskFileItemFactory factory = new DiskFileItemFactory(0, tempDir);
+ ServletFileUpload upload = new ServletFileUpload(factory);
+ upload.setSizeMax(maxBytes);
+
+ // Create a progress listener
+ ProgressListener progressListener = new
AnonymousClassProgressListener(session, this);
+ upload.setProgressListener(progressListener);
+
+ System.Collections.IList items = upload.parseRequest(request);
+ System.Collections.IEnumerator i = items.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ FileItem item = (FileItem) i.Current;
+ if (!item.isFormField() && item.getName() != null
&& !(item.getName().equals("")))
+ {
+ System.String[] fparts = item.getName().split("[\\/\\\\]");
+ System.String filename = fparts[fparts.Length - 1];
+
+ if (!ESAPI.validator().isValidFileName("upload", filename))
+ {
+ throw new ValidationUploadException("Upload only simple filenames
with the following extensions " +
SupportClass.CollectionToString(ESAPI.securityConfiguration().AllowedFileExtensions), "Upload
failed isValidFileName check");
+ }
+
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "File
upload requested: " + filename);
+ System.IO.FileInfo f = new System.IO.FileInfo(finalDir.FullName
+ "\\" + filename);
+ bool tmpBool;
+ if (System.IO.File.Exists(f.FullName))
+ tmpBool = true;
+ else
+ tmpBool = System.IO.Directory.Exists(f.FullName);
+ if (tmpBool)
+ {
+ System.String[] parts = filename.split("\\.");
+ System.String extension = "";
+ if (parts.Length > 1)
+ {
+ extension = parts[parts.Length - 1];
+ }
+ System.String filenm = filename.Substring(0, (filename.Length -
extension.Length) - (0));
+ //UPGRADE_ISSUE: Method 'java.io.File.createTempFile' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaioFilecreateTempFile_javalangString_javalangString_javaioFile'"
+ f = File.createTempFile(filenm, "." + extension, finalDir);
+ }
+ item.write(f);
+ // delete temporary file
+ item.delete();
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "File
successfully uploaded: " + f);
+ session.Add("progress", System.Convert.ToString(0));
+ }
+ }
+ }
+ catch (System.Exception e)
+ {
+ if (e is ValidationUploadException)
+ throw (ValidationException) e;
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ throw new ValidationUploadException("Upload failure", "Problem during
upload:" + e.Message, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#killAllCookies(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void killAllCookies()
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpCookie[] cookies = SupportClass.GetCookies(request);
+ if (cookies != null)
+ {
+ for (int i = 0; i < cookies.Length; i++)
+ {
+ System.Web.HttpCookie cookie = cookies[i];
+ killCookie(cookie.Name);
+ }
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#killCookie(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ public virtual void killCookie(System.String name)
+ {
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ System.Web.HttpCookie[] cookies = SupportClass.GetCookies(request);
+ if (cookies != null)
+ {
+ for (int i = 0; i < cookies.Length; i++)
+ {
+ System.Web.HttpCookie cookie = cookies[i];
+ if (cookie.Name.Equals(name))
+ {
+ System.String path = request.ApplicationPath;
+ System.String header = name + "=deleted; Max-Age=0; Path=" + path;
+ response.AppendHeader("Set-Cookie", header);
+ }
+ }
+ }
+ }
+
+ private System.Collections.IDictionary queryToMap(System.String query)
+ {
+ //UPGRADE_ISSUE: Class hierarchy differences
between 'java.util.TreeMap' and 'System.Collections.SortedList' may cause
compilation
errors. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1186'"
+ //UPGRADE_TODO: Constructor 'java.util.TreeMap.TreeMap' was converted
to 'System.Collections.SortedList' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilTreeMapTreeMap'"
+ System.Collections.SortedList map = new System.Collections.SortedList();
+ System.String[] parts = query.split("&");
+ for (int j = 0; j < parts.Length; j++)
+ {
+ try
+ {
+ System.String[] nvpair = parts[j].split("=");
+ System.String name = ESAPI.encoder().decodeFromURL(nvpair[0]);
+ System.String value_Renamed =
ESAPI.encoder().decodeFromURL(nvpair[1]);
+ map[name] = value_Renamed;
+ }
+ catch (EncodingException e)
+ {
+ // skip and continue
+ }
+ }
+ return map;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#safeSendForward(java.lang.String)
+ */
+ public virtual void safeSendForward(System.String context,
System.String location)
+ {
+ // FIXME: should this be configurable? What is a good forward policy?
+ // I think not allowing forwards to public URLs is good, as it bypasses
many access controls
+
+ System.Web.HttpRequest request = ((Authenticator)
ESAPI.authenticator()).CurrentRequest;
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ if (!location.StartsWith("WEB-INF"))
+ {
+ throw new AccessControlException("Forward failed", "Bad forward
location: " + location);
+ }
+ //UPGRADE_TODO: Interface 'javax.servlet.RequestDispatcher' was
converted to 'System.Web.HttpServerUtility' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcher'"
+ //UPGRADE_ISSUE:
Method 'javax.servlet.ServletRequest.getRequestDispatcher' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetRequestDispatcher_javalangString'"
+ System.Web.HttpServerUtility dispatcher =
request.getRequestDispatcher(location);
+ //UPGRADE_TODO: Method 'javax.servlet.RequestDispatcher.forward' was
converted to 'System.Web.HttpServerUtility.Transfer' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservletRequestDispatcherforward_javaxservletServletRequest_javaxservletServletResponse'"
+ //UPGRADE_TODO: Reference conversion may require user
modification. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'"
+ Server.Transfer();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.owasp.esapi.interfaces.IHTTPUtilities#safeSendRedirect(java.lang.String)
+ */
+ public virtual void safeSendRedirect(System.String context,
System.String location)
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ if (!ESAPI.validator().isValidRedirectLocation(context, location))
+ {
+ throw new ValidationException("Redirect failed", "Bad redirect
location: " + location);
+ }
+ //UPGRADE_TODO: Reference conversion may require user
modification. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1202'"
+ response.Redirect(SupportClass.GetRealPath(location, "MyVROOT"));
+ }
+
+ /// <summary> Set the character encoding on every HttpServletResponse in
order to limit
+ /// the ways in which the input data can be represented. This prevents
+ /// malicious users from using encoding and multi-byte escape sequences
to
+ /// bypass input validation routines. The default is text/html;
charset=UTF-8
+ /// character encoding, which is the default in early versions of HTML
and
+ /// HTTP. See RFC 2047 (http://ds.internic.net/rfc/rfc2045.txt) for more
+ /// information about character encoding and MIME.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.safeSetContentType(java.lang.String)">
+ /// </seealso>
+ public virtual void safeSetContentType()
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+ response.ContentType = ((SecurityConfiguration)
ESAPI.securityConfiguration()).ResponseContentType;
+ }
+
+ /// <summary> Set headers to protect sensitive information against being
cached in the
+ /// browser.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IHTTPUtilities.setNoCacheHeaders(javax.servlet.http.HttpServletResponse)">
+ /// </seealso>
+ public virtual void setNoCacheHeaders()
+ {
+ System.Web.HttpResponse response = ((Authenticator)
ESAPI.authenticator()).CurrentResponse;
+
+ // HTTP 1.1
+ response.AppendHeader("Cache-Control", "no-store");
+ response.AppendHeader("Cache-Control", "no-cache");
+ response.AppendHeader("Cache-Control", "must-revalidate");
+
+ // HTTP 1.0
+ response.AppendHeader("Pragma", "no-cache");
+ //UPGRADE_TODO:
Method 'javax.servlet.http.HttpServletResponse.setDateHeader' was converted
to 'System.Web.HttpResponse.AppendHeader' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaxservlethttpHttpServletResponsesetDateHeader_javalangString_long'"
+ response.AppendHeader("Expires", new System.DateTime(-
1).ToString("r"));
+ }
+ static HTTPUtilities()
+ {
+ logger = Logger.getLogger("ESAPI", "HTTPUtilities");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/IntrusionDetector.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,166 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EnterpriseSecurityException =
org.owasp.esapi.errors.EnterpriseSecurityException;
+using IntrusionException = org.owasp.esapi.errors.IntrusionException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the IIntrusionDetector
interface. This
+ /// implementation monitors EnterpriseSecurityExceptions to see if any
user
+ /// exceeds a configurable threshold in a configurable time period. For
example,
+ /// it can monitor to see if a user exceeds 10 input validation issues in
a 1
+ /// minute period. Or if there are more than 3 authentication problems in
a 10
+ /// second period. More complex implementations are certainly possible,
such as
+ /// one that establishes a baseline of expected behavior, and then detects
+ /// deviations from that baseline.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ /// href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IIntrusionDetector">
+ /// </seealso>
+ public class IntrusionDetector :
org.owasp.esapi.interfaces.IIntrusionDetector
+ {
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.IntrusionDetector'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ public IntrusionDetector()
+ {
+ }
+
+ // FIXME: ENHANCE consider allowing both per-user and per-application
quotas
+ // e.g. number of failed logins per hour is a per-application quota
+
+
+ /// <summary> This implementation uses an exception store in each User
object to track
+ /// exceptions.
+ ///
+ /// </summary>
+ /// <param name="e">the e
+ ///
+ /// </param>
+ /// <throws> IntrusionException </throws>
+ /// <summary> the intrusion exception
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IIntrusionDetector.addException(org.owasp.esapi.errors.EnterpriseSecurityException)">
+ /// </seealso>
+ public virtual void addException(System.Exception e)
+ {
+ if (e is EnterpriseSecurityException)
+ {
+ logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY,
((EnterpriseSecurityException) e).LogMessage, e);
+ }
+ else
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Throwable.getMessage' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY,
e.Message, e);
+ }
+
+ // add the exception to the current user, which may trigger a detector
+ User user = ESAPI.authenticator().getCurrentUser();
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Class.getName' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String eventName = e.GetType().FullName;
+
+ // FIXME: AAA Rethink this - IntrusionExceptions which shouldn't get
added to the IntrusionDetector
+ if (e is IntrusionException)
+ {
+ return ;
+ }
+
+ // add the exception to the user's store, handle IntrusionException if
thrown
+ try
+ {
+ user.addSecurityEvent(eventName);
+ }
+ catch (IntrusionException ex)
+ {
+ Threshold quota = ESAPI.securityConfiguration().getQuota(eventName);
+ System.Collections.IEnumerator i = quota.actions.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String action = (System.String) i.Current;
+ System.String message = "User exceeded quota of " + quota.count + "
per " + quota.interval + " seconds for event " + eventName + ". Taking
actions " + SupportClass.CollectionToString(quota.actions);
+ takeSecurityAction(action, message);
+ }
+ }
+ }
+
+ /// <summary> Adds the event to the IntrusionDetector.
+ ///
+ /// </summary>
+ /// <param name="event">the event
+ /// </param>
+ /// <throws> IntrusionException the intrusion exception </throws>
+ public virtual void addEvent(System.String eventName)
+ {
+
logger.logWarning(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Security
event " + eventName + " received");
+
+ // add the event to the current user, which may trigger a detector
+ User user = ESAPI.authenticator().getCurrentUser();
+ try
+ {
+ user.addSecurityEvent("event." + eventName);
+ }
+ catch (IntrusionException ex)
+ {
+ Threshold quota = ESAPI.securityConfiguration().getQuota("event." +
eventName);
+ System.Collections.IEnumerator i = quota.actions.GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String action = (System.String) i.Current;
+ System.String message = "User exceeded quota of " + quota.count + "
per " + quota.interval + " seconds for event " + eventName + ". Taking
actions " + SupportClass.CollectionToString(quota.actions);
+ takeSecurityAction(action, message);
+ }
+ }
+ }
+
+
+ /*
+ * FIXME: Enhance - future actions might include SNMP traps, email,
pager, etc...
+ */
+ private void takeSecurityAction(System.String action, System.String
message)
+ {
+ if (action.Equals("log"))
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "INTRUSION
- " + message);
+ }
+ if (action.Equals("disable"))
+ {
+ ESAPI.authenticator().getCurrentUser().disable();
+ }
+ if (action.Equals("logout"))
+ {
+ ((Authenticator) ESAPI.authenticator()).logout();
+ }
+ }
+ static IntrusionDetector()
+ {
+ logger = Logger.getLogger("ESAPI", "IntrusionDetector");
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Logger.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,320 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using System.Diagnostics;
+
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implementation of the ILogger interface. This
implementation uses the Java logging package, and marks each
+ /// log message with the currently logged in user and the word "SECURITY"
for security related events.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.ILogger">
+ /// </seealso>
+ public class Logger : org.owasp.esapi.interfaces.ILogger
+ {
+
+ // FIXME: ENHANCE somehow make configurable so that successes and
failures are logged according to a configuration.
+
+ /// <summary>The application name. </summary>
+ private System.String applicationName = null;
+
+ /// <summary>The module name. </summary>
+ private System.String moduleName = null;
+
+ private EventLogEntryType Level = EventLogEntryType.Error;
+
+ /// <summary> Hide the constructor.
+ ///
+ /// </summary>
+ /// <param name="applicationName">the application name
+ /// </param>
+ /// <param name="moduleName">the module name
+ /// </param>
+ /// <param name="jlogger">the jlogger
+ /// </param>
+ private Logger(System.String applicationName, System.String moduleName)
+ {
+ this.applicationName = applicationName;
+ this.moduleName = moduleName;
+ if (!EventLog.SourceExists(applicationName)) {
+ EventLog.CreateEventSource(applicationName, moduleName);
+ }
+ }
+
+ /// <summary> Formats an HTTP request into a log suitable string. This
implementation logs the remote host IP address (or
+ /// hostname if available), the request method (GET/POST), the URL, and
all the querystring and form parameters. All
+ /// the paramaters are presented as though they were in the URL even if
they were in a form. Any parameters that
+ /// match items in the parameterNamesToObfuscate are shown as eight
asterisks.
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.ILogger.formatHttpRequestForLog(javax.servlet.http.HttpServletRequest)">
+ /// </seealso>
+ public virtual void logHTTPRequest(System.String type,
System.Web.HttpRequest request, System.Collections.IList
parameterNamesToObfuscate)
+ {
+ System.Text.StringBuilder params_Renamed = new
System.Text.StringBuilder();
+ //UPGRADE_TODO: Method 'java.util.Map.keySet' was converted
to 'SupportClass.HashSetSupport' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilMapkeySet'"
+ //UPGRADE_ISSUE: Method 'javax.servlet.ServletRequest.getParameterMap'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'"
+ System.Collections.IEnumerator i = new
SupportClass.HashSetSupport(request.getParameterMap().Keys).GetEnumerator();
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ while (i.MoveNext())
+ {
+ //UPGRADE_TODO: Method 'java.util.Iterator.next' was converted
to 'System.Collections.IEnumerator.Current' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratornext'"
+ System.String key = (System.String) i.Current;
+ //UPGRADE_ISSUE: Method 'javax.servlet.ServletRequest.getParameterMap'
was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javaxservletServletRequestgetParameterMap'"
+ System.String[] value_Renamed = (System.String[])
request.getParameterMap()[key];
+ for (int j = 0; j < value_Renamed.Length; j++)
+ {
+ params_Renamed.Append(key + "=");
+ if (parameterNamesToObfuscate.Contains(key))
+ {
+ params_Renamed.Append("********");
+ }
+ else
+ {
+ params_Renamed.Append(value_Renamed[j]);
+ }
+ if (j < value_Renamed.Length - 1)
+ {
+ params_Renamed.Append("&");
+ }
+ }
+ //UPGRADE_TODO: Method 'java.util.Iterator.hasNext' was converted
to 'System.Collections.IEnumerator.MoveNext' which has a different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javautilIteratorhasNext'"
+ if (i.MoveNext())
+ params_Renamed.Append("&");
+ }
+ System.String msg = request.HttpMethod + " " +
SupportClass.GetRequestURL(request) + (params_Renamed.Length > 0?"?" +
params_Renamed:"");
+ logSuccess(type, msg);
+ }
+
+ /// <summary> Gets the logger.
+ ///
+ /// </summary>
+ /// <param name="applicationName">the application name
+ /// </param>
+ /// <param name="moduleName">the module name
+ /// </param>
+ /// <returns> the logger
+ /// </returns>
+ public static Logger getLogger(System.String applicationName,
System.String moduleName)
+ {
+ return new Logger(applicationName, moduleName);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logTrace(short,
java.lang.String, java.lang.String, java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logTrace(System.String type, System.String message,
System.Exception throwable)
+ {
+ log(EventLogEntryType.Warning, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logTrace(java.lang.String,
java.lang.String)
+ */
+ public virtual void logTrace(System.String type, System.String message)
+ {
+ log(EventLogEntryType.Warning, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logDebug(short,
java.lang.String, java.lang.String, java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logDebug(System.String type, System.String message,
System.Exception throwable)
+ {
+ log(EventLogEntryType.Information, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logDebug(java.lang.String,
java.lang.String)
+ */
+ public virtual void logDebug(System.String type, System.String message)
+ {
+ log(EventLogEntryType.Information, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logError(short,
java.lang.String, java.lang.String, java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logError(System.String type, System.String message,
System.Exception throwable)
+ {
+ log(EventLogEntryType.Error, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logError(java.lang.String,
java.lang.String)
+ */
+ public virtual void logError(System.String type, System.String message)
+ {
+ log(EventLogEntryType.Error, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logSuccess(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ public virtual void logSuccess(System.String type, System.String
message)
+ {
+ log(EventLogEntryType.SuccessAudit, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logSuccess(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logSuccess(System.String type, System.String
message, System.Exception throwable)
+ {
+ log(EventLogEntryType.SuccessAudit, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logWarning(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logWarning(System.String type, System.String
message, System.Exception throwable)
+ {
+ log(EventLogEntryType.Warning, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logWarning(java.lang.String,
java.lang.String)
+ */
+ public virtual void logWarning(System.String type, System.String
message)
+ {
+ log(EventLogEntryType.Warning, type, message, null);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logCritical(short,
java.lang.String, java.lang.String,
+ * java.lang.Throwable)
+ */
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logCritical(System.String type, System.String
message, System.Exception throwable)
+ {
+ log(EventLogEntryType.Error, type, message, throwable);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.ILogger#logCritical(java.lang.String,
java.lang.String)
+ */
+ public virtual void logCritical(System.String type, System.String
message)
+ {
+ log(EventLogEntryType.Error, type, message, null);
+ }
+
+ /// <summary> Log the message after optionally encoding any special
characters that might inject into an HTML based log viewer.
+ ///
+ /// </summary>
+ /// <param name="message">the message
+ /// </param>
+ /// <param name="level">the level
+ /// </param>
+ /// <param name="type">the type
+ /// </param>
+ /// <param name="throwable">the throwable
+ /// </param>
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ private void log(EventLogEntryType level, System.String type,
System.String message, System.Exception throwable)
+ {
+ User user = ESAPI.authenticator().getCurrentUser();
+
+ System.String clean = message;
+ if (((SecurityConfiguration)
ESAPI.securityConfiguration()).LogEncodingRequired)
+ {
+ clean = ESAPI.encoder().encodeForHTML(message);
+ if (!message.Equals(clean))
+ {
+ clean += " (Encoded)";
+ }
+ }
+ if (throwable != null)
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.lang.Class.getName' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ System.String fqn = throwable.GetType().FullName;
+ int index = fqn.LastIndexOf('.');
+ if (index > 0)
+ fqn = fqn.Substring(index + 1);
+ StackTraceElement ste = throwable.getStackTrace()[0];
+ clean += ("\n " + fqn + " @ " + ste.getClassName() + "." +
ste.getMethodName() + "(" + ste.getFileName() + ":" + ste.getLineNumber()
+ ")");
+ }
+ System.String msg = "";
+ if (user != null)
+ {
+ msg = type + ": " + user.AccountName + "/" + user.getLastHostAddress()
+ " -- " + clean;
+ }
+
+ // FIXME: AAA need to configure Java logger not to show throwables
+ // jlogger.logp(level, applicationName, moduleName, msg, throwable);
+ EventLog.WriteEntry(applicationName, msg, level);
+ }
+
+ /// <summary> This special method doesn't include the current user's
identity, and is only used during system initialization to
+ /// prevent loops with the Authenticator.
+ ///
+ /// </summary>
+ /// <param name="level">
+ /// </param>
+ /// <param name="message">
+ /// </param>
+ /// <param name="throwable">
+ /// </param>
+ // FIXME: this needs to go - note potential log injection problem
+ //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted
to 'System.Exception' which has different
behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
+ public virtual void logSpecial(System.String message, System.Exception
throwable)
+ {
+ // String clean = ESAPI.encoder().encodeForHTML(message);
+ // if (!message.equals(clean)) {
+ // clean += "(Encoded)";
+ // }
+ System.String msg = "SECURITY" + ": " + "esapi" + "/" + "none" + " -- "
+ message;
+ EventLog.WriteEntry(applicationName, msg, level);
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/PKCSKeyGenerator.cs Tue Jun 14
21:31:31 2011
@@ -0,0 +1,78 @@
+//*************************************************************************
+//
+// PKCSKeyGenerator.cs
+// Derive key material using PKCS #1 v1.5 algorithm with MD5 hash
+//
+// Portions Copyright (C) 2005. Michel I. Gallant
+// Portions copyright 2006 Richard Smith
+// Adapted from
http://www.jensign.com/JavaScience/dotnet/DeriveKeyM/index.html
+//
+//*************************************************************************
+//
+// DeriveKeyM.cs
+//
+// Derive a key from a pswd and Salt using MD5 and PKCS #5 v1.5 approach
+// see also: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
+// see also:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBE
+//
+//**************************************************************************
+
+using System;
+using System.IO;
+using System.Text;
+using System.Security.Cryptography;
+
+namespace RedCorona.Cryptography {
+ public class PKCSKeyGenerator {
+ byte[] key = new byte[8], iv = new byte[8];
+ DESCryptoServiceProvider des = new DESCryptoServiceProvider();
+
+ public byte[] Key { get { return key; } }
+ public byte[] IV { get { return IV; } }
+ public ICryptoTransform Encryptor { get { return
des.CreateEncryptor(key, iv); } }
+
+ public PKCSKeyGenerator(){}
+ public PKCSKeyGenerator(String keystring, byte[] salt, int
md5iterations, int segments){
+ Generate(keystring, salt, md5iterations, segments);
+ }
+
+ public ICryptoTransform Generate(String keystring, byte[] salt, int
md5iterations, int segments){
+ int HASHLENGTH = 16; //MD5 bytes
+ byte[] keymaterial = new byte[HASHLENGTH*segments] ; //to store
contatenated Mi hashed results
+
+ // --- get secret password bytes ----
+ byte[] psbytes;
+ psbytes = Encoding.UTF8.GetBytes(keystring);
+
+ // --- contatenate salt and pswd bytes into fixed data array ---
+ byte[] data00 = new byte[psbytes.Length + salt.Length] ;
+ Array.Copy(psbytes, data00, psbytes.Length); //copy the pswd bytes
+ Array.Copy(salt, 0, data00, psbytes.Length, salt.Length) ;
//concatenate the salt bytes
+
+ // ---- do multi-hashing and contatenate results D1, D2 ... into
keymaterial bytes ----
+ MD5 md5 = new MD5CryptoServiceProvider();
+ byte[] result = null;
+ byte[] hashtarget = new byte[HASHLENGTH + data00.Length]; //fixed
length initial hashtarget
+
+ for(int j=0; j<segments; j++) {
+ // ---- Now hash consecutively for md5iterations times ------
+ if(j == 0) result = data00; //initialize
+ else {
+ Array.Copy(result, hashtarget, result.Length);
+ Array.Copy(data00, 0, hashtarget, result.Length, data00.Length) ;
+ result = hashtarget;
+ }
+
+ for(int i=0; i<md5iterations; i++)
+ result = md5.ComputeHash(result);
+
+ Array.Copy(result, 0, keymaterial, j*HASHLENGTH, result.Length);
//contatenate to keymaterial
+ }
+
+ Array.Copy(keymaterial, 0, key, 0, 8);
+ Array.Copy(keymaterial, 8, iv, 0, 8);
+
+ return Encryptor;
+ }
+ }
+}
=======================================
--- /dev/null
+++ /branches/2.0/src/org/owasp/esapi/Randomizer.cs Tue Jun 14 21:31:31 2011
@@ -0,0 +1,240 @@
+/// <summary> OWASP Enterprise Security API (ESAPI)
+///
+/// This file is part of the Open Web Application Security Project (OWASP)
+/// Enterprise Security API (ESAPI) project. For details, please see
+/// http://www.owasp.org/esapi.
+///
+/// Copyright (c) 2007 - The OWASP Foundation
+///
+/// The ESAPI is published by OWASP under the LGPL. You should read and
accept the
+/// LICENSE before you use, modify, and/or redistribute this software.
+///
+/// </summary>
+/// <author> Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
Security</a>
+/// </author>
+/// <created> 2007 </created>
+using System;
+using EncryptionException = org.owasp.esapi.errors.EncryptionException;
+namespace org.owasp.esapi
+{
+
+ /// <summary> Reference implemenation of the IRandomizer interface. This
implementation builds on the JCE provider to provide a
+ /// cryptographically strong source of entropy. The specific algorithm
used is configurable in ESAPI.properties.
+ ///
+ /// </summary>
+ /// <author> Jeff Williams
+ /// </author>
+ /// <author> Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
href="http://www.aspectsecurity.com">Aspect Security</a>
+ /// </author>
+ /// <since> June 1, 2007
+ /// </since>
+ /// <seealso cref="org.owasp.esapi.interfaces.IRandomizer">
+ /// </seealso>
+ public class Randomizer : org.owasp.esapi.interfaces.IRandomizer
+ {
+ virtual public bool RandomBoolean
+ {
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IRandomizer#getRandomBoolean()
+ */
+
+ get
+ {
+ //UPGRADE_ISSUE: Method 'java.util.Random.nextBoolean' was not
converted. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1000_javautilRandomnextBoolean'"
+ return secureRandom.nextBoolean();
+ }
+
+ }
+ virtual public System.String RandomGUID
+ {
+ get
+ {
+ // create random string to seed the GUID
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ try
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.net.InetAddress.getLocalHost' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+
sb.Append(System.Net.Dns.GetHostByName(System.Net.Dns.GetHostName()).AddressList[0].ToString());
+ }
+ catch (System.Exception e)
+ {
+ sb.Append("0.0.0.0");
+ }
+ sb.Append(":");
+ sb.Append(System.Convert.ToString((System.DateTime.Now.Ticks -
621355968000000000) / 10000));
+ sb.Append(":");
+ sb.Append(this.getRandomString(20, Encoder.CHAR_ALPHANUMERICS));
+
+ // hash the random string to get some random bytes
+ System.String hash = ESAPI.encryptor().hash(sb.ToString(), "salt");
+ sbyte[] array = null;
+ try
+ {
+ array = ESAPI.encoder().decodeFromBase64(hash);
+ }
+ catch (System.IO.IOException e)
+ {
+
logger.logCritical(org.owasp.esapi.interfaces.ILogger_Fields.SECURITY, "Problem
decoding hash while creating GUID: " + hash);
+ }
+
+ // convert to printable hexadecimal characters
+ System.Text.StringBuilder hex = new System.Text.StringBuilder();
+ for (int j = 0; j < array.Length; ++j)
+ {
+ int b = array[j] & 0xFF;
+ if (b < 0x10)
+ hex.Append('0');
+ hex.Append(System.Convert.ToString(b, 16));
+ }
+ System.String raw = hex.ToString().ToUpper();
+
+ // convert to standard GUID format
+ System.Text.StringBuilder result = new System.Text.StringBuilder();
+ result.Append(raw.Substring(0, (8) - (0)));
+ result.Append("-");
+ result.Append(raw.Substring(8, (12) - (8)));
+ result.Append("-");
+ result.Append(raw.Substring(12, (16) - (12)));
+ result.Append("-");
+ result.Append(raw.Substring(16, (20) - (16)));
+ result.Append("-");
+ result.Append(raw.Substring(20));
+ return result.ToString();
+ }
+
+ }
+
+ /// <summary>The sr. </summary>
+ private SupportClass.SecureRandomSupport secureRandom = null;
+
+ /// <summary>The logger. </summary>
+ //UPGRADE_NOTE: Final was removed from the declaration
of 'logger '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
+ //UPGRADE_NOTE: The initialization of 'logger' was moved to static
method 'org.owasp.esapi.Randomizer'. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1005'"
+ private static readonly Logger logger;
+
+ /// <summary> Hide the constructor for the Singleton pattern.</summary>
+ public Randomizer()
+ {
+ System.String algorithm = ESAPI.securityConfiguration().RandomAlgorithm;
+ try
+ {
+ //UPGRADE_TODO: The equivalent in .NET for
method 'java.security.SecureRandom.getInstance' may return a different
value. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1043'"
+ secureRandom = new SupportClass.SecureRandomSupport();
+ }
+ catch (System.Exception e)
+ {
+ // Can't throw an exception from the constructor, but this will get
+ // it logged and tracked
+ new EncryptionException("Error creating randomizer", "Can't find
random algorithm " + algorithm, e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IRandomizer#getRandomString(int,
char[])
+ */
+ public virtual System.String getRandomString(int length, char[]
characterSet)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ for (int loop = 0; loop < length; loop++)
+ {
+ int index = secureRandom.Next(characterSet.Length);
+ sb.Append(characterSet[index]);
+ }
+ System.String nonce = sb.ToString();
+ return nonce;
+ }
+
+
+ /// <summary> FIXME: ENHANCE document whether this is inclusive or not
+ /// (non-Javadoc)
+ ///
+ /// </summary>
+ /// <seealso
cref="org.owasp.esapi.interfaces.IRandomizer.getRandomInteger(int, int)">
+ /// </seealso>
+ public virtual int getRandomInteger(int min, int max)
+ {
+ return secureRandom.Next(max - min) + min;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.owasp.esapi.interfaces.IRandomizer#getRandomReal(float, float)
+ */
+ public virtual float getRandomReal(float min, float max)
+ {
+ float factor = max - min;
+ return (float) secureRandom.NextDouble() * factor + min;
+ }
+
+ /// <summary> Returns an unguessable random filename with the specified
extension.</summary>
+ public virtual System.String getRandomFilename(System.String extension)
+ {
+ return this.getRandomString(12, Encoder.CHAR_ALPHANUMERICS) + "." +
extension;
+ }
+
+ /// <summary> Union two character arrays.
+ ///
+ /// </summary>
+ /// <param name="c1">the c1
+ /// </param>
+ /// <param name="c2">the c2
+ /// </param>
+ /// <returns> the char[]
+ /// </returns>
+ public static char[] union(char[] c1, char[] c2)
+ {
+ System.Text.StringBuilder sb = new System.Text.StringBuilder();
+ for (int i = 0; i < c1.Length; i++)
+ {
+ if (!contains(sb, c1[i]))
+ sb.Append(c1[i]);
+ }
+ for (int i = 0; i < c2.Length; i++)
+ {
+ if (!contains(sb, c2[i]))
+ sb.Append(c2[i]);
+ }
+ char[] c3 = new char[sb.Length];
+ int i2;
+ int j;
+ i2 = 0;
+ j = 0;
+ while (i2 < sb.Length)
+ {
+ c3[j] = sb[i2];
+ i2++;
+ j++;
+ }
+ System.Array.Sort(c3);
+ return c3;
+ }
+
+ /// <summary> Contains.
+ ///
+ /// </summary>
+ /// <param name="sb">the sb
+ /// </param>
+ /// <param name="c">the c
+ /// </param>
+ /// <returns> true, if successful
+ /// </returns>
+ public static bool contains(System.Text.StringBuilder sb, char c)
+ {
+ for (int i = 0; i < sb.Length; i++)
+ {
+ if (sb[i] == c)
+ return true;
+ }
+ return false;
+ }
+ static Randomizer()
+ {
+ logger = Logger.getLogger("ESAPI", "Randomizer");
+ }
+ }
+}
=======================================
***Additional files exist in this changeset.***
Reply all
Reply to author
Forward
0 new messages