Updating CSSCodec ESAPI#494

Overriding the CSSCodec encode function to use the
EncodingPatternPreservation utility class.  Adding in a regex for RGB
tuple configurations.  Providing test class to verify expected capability.

Author: jeremiahjstacey

src/main/java/org/owasp/esapi/codecs/CSSCodec.java

@@ -15,6 +15,10 @@
  */
 package org.owasp.esapi.codecs;
 
+import java.util.regex.Pattern;
+
+import org.owasp.esapi.codecs.ref.EncodingPatternPreservation;
+
 /**
  * Implementation of the Codec interface for backslash encoding used in CSS.
  * 
@@ -26,8 +30,21 @@
 public class CSSCodec extends AbstractCharacterCodec
 {
 	private static final Character REPLACEMENT = '\ufffd';
-
-
+	//rgb (###,###,###) OR rgb(###%,###%,###%)
+	//([rR][gG][bB])\s*\(\s*\d{1,3}\s*(\%)?\s*,\s*\d{1,3}\s*(\%)?\s*,\s*\d{1,3}\s*(\%)?\s*\)
+	private static final String RGB_TRPLT = "([rR][gG][bB])\\s*\\(\\s*\\d{1,3}\\s*(\\%)?\\s*,\\s*\\d{1,3}\\s*(\\%)?\\s*,\\s*\\d{1,3}\\s*(\\%)?\\s*\\)";
+	private static final Pattern RGB_TRPLT_PATTERN = Pattern.compile(RGB_TRPLT); 
+	
+	@Override
+	public String encode(char[] immune, String input) {
+		 EncodingPatternPreservation tripletCheck = new EncodingPatternPreservation(RGB_TRPLT_PATTERN);
+		 
+		 String inputChk = tripletCheck.captureAndReplaceMatches(input);
+		 
+		 String result = super.encode(immune, inputChk);
+		 
+		 return tripletCheck.restoreOriginalContent(result);
+	}
     /**
 	 * {@inheritDoc}
 	 *
@@ -63,13 +80,15 @@ public Character decodeCharacter(PushbackSequence<Character> input)
 	{
 		input.mark();
 		Character first = input.next();
+		System.out.println("First: " + first);
 		if (first == null || first != '\\')
 		{
 			input.reset();
 			return null;
 		}
 
 		Character second = input.next();
+		System.out.println("Second: " );
 		if (second == null) {
 			input.reset();
 			return null;

src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java

@@ -0,0 +1,33 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class CSSCodecTest {
+	private static final char[] IMMUNE_STUB = new char[0];
+	/** Unit In Test*/
+	private CSSCodec uit = new CSSCodec();
+	
+	@Test
+    public void testCSSTripletLeadString() {
+    	assertEquals("rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "rgb(255,255,255)!"));
+    	assertEquals("rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "rgb(25%,25%,25%)!"));
+    }
+	@Test
+    public void testCSSTripletTailString() {
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)!"));
+    }
+	@Test
+    public void testCSSTripletStringPart() {
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)!"));
+    }
+	@Test
+    public void testCSSTripletStringMultiPart() {
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)! $field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)! $field=rgb(25%,25%,25%)!"));
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)! $field=rgb(25%,25%,25%)!"));
+    }
+}