import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class ApiPayloadSanitizer {
/**
* Sanitizes an API payload string by removing potentially harmful characters and patterns.
* This is a basic sanitization for isolated environments. More robust sanitization may be needed for production.
* @param payload The input API payload string.
* @return The sanitized payload string.
*/
public static String sanitizePayload(String payload) {
if (payload == null) {
return ""; // Handle null input gracefully
}
// Remove HTML tags
String sanitized = removeHtmlTags(payload);
// Remove script tags
sanitized = removeScriptTags(sanitized);
// Remove potentially harmful characters (e.g., control characters)
sanitized = removeControlCharacters(sanitized);
// Remove extra whitespace
sanitized = sanitizeWhitespace(sanitized);
return sanitized;
}
private static String removeHtmlTags(String payload) {
// Regex to remove HTML tags
Pattern pattern = Pattern.compile("<[^>]*>");
Matcher matcher = pattern.matcher(payload);
return matcher.replaceAll("");
}
private static String removeScriptTags(String payload) {
// Regex to remove script tags
Pattern pattern = Pattern.compile("<script.*?>.*?</script>");
Matcher matcher = pattern.matcher(payload);
return matcher.replaceAll("");
}
private static String removeControlCharacters(String payload) {
// Remove control characters (ASCII 0-31)
return payload.replaceAll("[\\x00-\\x1F]", "");
}
private static String sanitizeWhitespace(String payload) {
//Replace multiple spaces with single space and trim leading/trailing spaces.
return payload.replaceAll("\\s+", " ").trim();
}
public static void main(String[] args) {
String testPayload = "<p>This is <b>test</b> payload with <script>alert('XSS')</script> some <binary data, 1 bytes><</binary> control characters.</p>";
String sanitizedPayload = sanitizePayload(testPayload);
System.out.println("Original Payload: " + testPayload);
System.out.println("Sanitized Payload: " + sanitizedPayload);
}
}
Add your comment