[Release] ModularUrl Java Class

So in the development of my Web Application fuzzer, I came upon the challenge of creating test cases from enumerated URLs. After fussing (play on words intended) around with some chunky logic, I had a palm-to-face moment. Perhaps it was that I had recently spent too much time in “procedural-language land”, but then the obvious object-oriented approach hit me.

The result was a quick creation of two java classes that would allow me to easily manipulate URLs and their parameters; essentially these classes do all the parsing for you. They are very simple, but quite effective. Perhaps it was the contrast of frustration to such a simple fix, but I feel like the release of this code could simply not wait to be released with my fuzzer.

UPDATED: The code here has been picked up by softpedia! you can get it here!

Here it is on sourceforge

And in typical Security Reliks fashion, a nasty copy&past version:

import java.util.ArrayList;
public class ModularUrl {
String base;
ArrayList<ModularUrlParameter> params;
public ModularUrl(String url){
String[] baseSplit = url.split(“[?]”);
base = baseSplit[0];
//split parameters up
String[] paramSplit = baseSplit[1].split(“&”);
params = new ArrayList<ModularUrlParameter>();
for(int i = 0; i < paramSplit.length; i++){
params.add(new ModularUrlParameter(paramSplit[i]));
}
}
public String getAllParametersAsString(){
StringBuilder result = new StringBuilder();

import java.util.ArrayList;
public class ModularUrl {
String base; ArrayList<ModularUrlParameter> params; public ModularUrl(String url){ String[] baseSplit = url.split(“[?]”); base = baseSplit[0]; //split parameters up String[] paramSplit = baseSplit[1].split(“&”); params = new ArrayList<ModularUrlParameter>(); for(int i = 0; i < paramSplit.length; i++){ params.add(new ModularUrlParameter(paramSplit[i])); } } public String getAllParametersAsString(){ StringBuilder result = new StringBuilder();

for(int i = 0; i<params.size();i++){
result.append(params.get(i).getCompleteParameter());
if(i != params.size()-1){
result.append("&");
}
}
return new String(result);
}

public String getCompleteUrl(){
return base + "?" + this.getAllParametersAsString();
}

public String getBase() {
return base;
}

public void setBase(String base) {
this.base = base;
}

public ArrayList getParams() {
return params;
}

public void setParams(ArrayList params) {
this.params = params;
}

}

public class ModularUrlParameter {

String param;
String value;

public ModularUrlParameter(String parameter){
String[] split = parameter.split(“=”);
param = split[0];
value = split[1];
}

public String getParameter() {
return param;
}

public void setParameter(String param) {
this.param = param;
}

public String getValue() {
return value;
}

public void setValue(String value) {
this.value = value;
}

public String getCompleteParameter(){
return param + “=” + value;
}
}

Advertisements

4 Responses to “[Release] ModularUrl Java Class”

  1. Nice work. Don’t you love those moments when you come up with a clean solution!

    I noticed the classic java get and set methods…something I never understood. If you are giving the user the ability to indirectly alter and read the value, why not just declare it as a public variable? Do you have any insight as to the benefit of such a practice?

    • The use is a big debate. I do it mostly for style compliance. However, it can have other uses.

      Getters can be used by a developer to rein in the way data is accessed in the event they want to limit that. However mostly I think getters are used to allow read access without also allowing write access.

      I prefer setters because of how concisely it can be used in nested method calls. Also, setters can be used to scrub/validate data before allowing it to be placed in a variable.

      I guess another possibility is for use in reflection and/or an application controller, etc.

      • Without a doubt getters and setters are most beneficial when you need to manipulate data or restrict the user’s access to certain functions of a collection or an object. I do that all the time when creating custom collections. It is when you don’t do either of these and you are simply setting or returning the value that I never truly understood the need.

        ‘Tis truly a debatable topic. I think it really comes down to the fact that the Java libraries are implemented in such a way and thus it has become industry standard for those who program in Java. In .NET on the other hand, public properties are often used when no data manipulation or restriction is needed and thus those who program using .NET tend to follow suit.

      • Right. True C style.

        Its definetly a style issue in most cases.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: