Package filter

Class InputSanitizationFilter

java.lang.Object

filter.InputSanitizationFilter

All Implemented Interfaces:

javax.servlet.Filter

public class InputSanitizationFilter
extends Object
implements javax.servlet.Filter

Filter that validates and sanitizes user input to prevent XSS and injection attacks. Blocks requests containing dangerous patterns or invalid data.

Author:

TAMIL MUGHILAN

Field Summary

Fields

Modifier and Type	Field	Description
private static final Pattern[]	DANGEROUS_PATTERNS

Constructor Summary

Constructors

Constructor	Description
InputSanitizationFilter()

Method Summary

Modifier and Type	Method	Description
private boolean	containsDangerousSequences(String value)
void	destroy()	Cleans up resources when filter is destroyed.
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)	Processes requests to validate all input parameters.
void	init(javax.servlet.FilterConfig filterConfig)	Initializes the filter when application starts.
private boolean	isSafe(String paramName, String value)	Validates if a parameter value is safe to process.
private boolean	isStaticResource(String path)	Checks if the requested path is a static resource.
private boolean	validateAmount(String amount)
private boolean	validateContent(String value)
private boolean	validateCSRFToken(String token)
private boolean	validateEmail(String email)
private boolean	validateGeneral(String value)
private boolean	validateId(String id)
private boolean	validateName(String name)
private boolean	validatePassword(String password)
private boolean	validatePhone(String phone)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DANGEROUS_PATTERNS

private static final Pattern[] DANGEROUS_PATTERNS

Constructor Details

InputSanitizationFilter

public InputSanitizationFilter()

Method Details

init

public void init(javax.servlet.FilterConfig filterConfig)

Initializes the filter when application starts.

Specified by:

init in interface javax.servlet.Filter

Parameters:

filterConfig - the filter configuration

destroy

public void destroy()

Cleans up resources when filter is destroyed.

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
 javax.servlet.ServletResponse response,
 javax.servlet.FilterChain chain)
              throws IOException,
javax.servlet.ServletException

Processes requests to validate all input parameters. Blocks requests containing dangerous or invalid input.

Specified by:

doFilter in interface javax.servlet.Filter

Parameters:

request - the servlet request

response - the servlet response

chain - the filter chain

Throws:

IOException - if an I/O error occurs

javax.servlet.ServletException - if a servlet error occurs

isStaticResource

private boolean isStaticResource(String path)

Checks if the requested path is a static resource.

Parameters:

path - the request path to check

Returns:

true if it's a static resource, false otherwise

isSafe

private boolean isSafe(String paramName,
 String value)

Validates if a parameter value is safe to process.

Parameters:

paramName - the parameter name

value - the parameter value

Returns:

true if safe, false if dangerous

validateContent

private boolean validateContent(String value)

validateEmail

private boolean validateEmail(String email)

validatePhone

private boolean validatePhone(String phone)

validateAmount

private boolean validateAmount(String amount)

validateName

private boolean validateName(String name)

validateId

private boolean validateId(String id)

validateCSRFToken

private boolean validateCSRFToken(String token)

validatePassword

private boolean validatePassword(String password)

validateGeneral

private boolean validateGeneral(String value)

containsDangerousSequences

private boolean containsDangerousSequences(String value)