Esapi and using replaceAll for blank strings

老子叫甜甜 提交于 2019-12-12 01:52:21

问题


I've seen reference to using String.replaceAll("",""); as some means for eliminating "blank" or "nonprinting chars" from a string in Java. This is false as the answer will demonstrate.

value = value.replaceAll("", "");


回答1:


Using Junit, I test every single Unicode character, from \u0000 to \uffff.

@Test
public void testReplaceBlanks(){
char input = 0;
char escape = '\u0000';

for(char i = 0; i <= 65535; ++i){
    input = (char) (escape + i);
    System.out.print(input);
    System.out.print(" ");
    if( i % 80 == 0){
        System.out.println();
    }

    String test = new String(Character.toString(input));
    assertTrue(!"".equals(test.replaceAll("", "")));

    if(i == 65535)
        break;
}
}

I don't find a single instance where that line of code does anything useful.

Since I've spotted this issue a couple more times on the internet, here's a more robust test case:

Major problem here, this line of code is a NO-OP.

value = value.replaceAll(“”, “”);

Consider the following test case:

  public static void println(String s) {
    System.out.println(s);
  }

  @Test
  public void testNullStripWithEmptyString() {
    String input = "foo" + '\0';
    String input2 = "foo";
    println(input);
    println("input:");
    printBytes(input.getBytes());
    println("input2:");
    printBytes(input2.getBytes());
    String testValue = input.replaceAll("", "");
    println("testValue:");
    printBytes(testValue.getBytes());
    String testvalue2 = input2.replaceAll("","");
    println("testvalue2");
    printBytes(testvalue2.getBytes());
    assertFalse(input.equals(input2));
    assertFalse(testValue.equals(testvalue2));
  }

This test case demonstrates first, that in the byte representations of the two input strings, that the null byte appears in the first, but not in the second. We then proceed to call *.replaceAll(“”,””); and store the values into two new variables, testValue and testvalue2.

This then leads to the first assert, which asserts that the two values should not be equal calling the normal String equals method. This is trivally true, because we DO have a nonprinting null byte appended to the string. However, the nail in the coffin is in demonstrating that this condition still holds after calling *.replaceAll(“”,””); on the two testValue strings.

The only way to prevent non-printing or NULL bytes would be to implement the following test case:

  @Test 
  public void testNullStripWithNullUnicodeEscape(){
    String input = "foo" + '\0';
    String input2 = "foo";
    println(input);
    println("input:");
    printBytes(input.getBytes());
    println("input2:");
    printBytes(input2.getBytes());
    String testValue = input.replaceAll("\u0000", "");
    println("testValue:");
    printBytes(testValue.getBytes());
    String testvalue2 = input2.replaceAll("\u0000","");
    println("testvalue2");
    printBytes(testvalue2.getBytes());
    assertFalse(input.equals(input2));
    assertTrue(testValue.equals(testvalue2));
  }


来源:https://stackoverflow.com/questions/23587519/esapi-and-using-replaceall-for-blank-strings

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!