/**
* Validates if the given XPath follows the FastXPath grammar but without prefixes. This is known
* to be most secure.
*
* @return
*/
public boolean isPrefixfreeTransformedFastXPath() {
for (Step step : xpath.getRelativeLocationPaths()) {
if (!step.getAxisSpecifier().getAxisName().toFullString().equals("child")) {
return false;
}
if (step.getAxisSpecifier().getNodeName() != null) {
return false;
}
if (step.getAxisSpecifier().getNodeType() == null) {
return false;
}
if (!step.getAxisSpecifier().getNodeType().getNodeTypeName().equals("node")) {
return false;
}
List<Predicate> predicates = step.getPredicates();
if (predicates.isEmpty() || predicates.size() > 3) {
return false;
}
int positions = 0;
int attributes = 0;
int ln = 0;
int uri = 0;
for (Predicate pred : step.getPredicates()) {
if (pred.getOrExpressions().size() != 1) {
return false;
}
if (pred.getOrExpressions().get(0).getAndExpressions().size() != 1) {
List<AndExpression> andExpressions = pred.getOrExpressions().get(0).getAndExpressions();
if (andExpressions.size() > 2 || andExpressions.size() < 1) {
return false;
}
for (AndExpression and : andExpressions) {
if (and instanceof LocalNameAndExpression) {
++ln;
} else if (and instanceof NamespaceUriAndExpression) {
++uri;
}
}
} else {
AndExpression and = pred.getOrExpressions().get(0).getAndExpressions().get(0);
if (and instanceof PositionAndExpression) {
++positions;
} else if (and instanceof AttributeAndExpression) {
++attributes;
}
}
}
if (ln != 1 || uri != 1 || positions > 1 || attributes > 1 || (attributes + positions) == 0) {
return false;
}
}
return true;
}
/**
* Validates if the given XPath follows the FastXPath grammar. These are known to be fast and only
* vulnerable to namespace injection.
*
* @return
*/
public boolean isFastXPath() {
for (Step step : xpath.getRelativeLocationPaths()) {
if (!step.getAxisSpecifier().getAxisName().toFullString().equals("child")) {
return false;
}
if (step.getAxisSpecifier().getNodeType() != null) {
return false;
}
if (step.getAxisSpecifier().getNodeName() == null) {
return false;
}
// if (step.getAxisSpecifier().getNodeName().getPrefix().isEmpty())
// return false;
if (step.getAxisSpecifier().getNodeName().getNodeName().isEmpty()) {
return false;
}
List<Predicate> predicates = step.getPredicates();
if (predicates.isEmpty() || predicates.size() > 2) {
return false;
}
int positions = 0;
int attributes = 0;
for (Predicate pred : step.getPredicates()) {
if (pred.getOrExpressions().size() != 1) {
return false;
}
if (pred.getOrExpressions().get(0).getAndExpressions().size() != 1) {
return false;
}
AndExpression and = pred.getOrExpressions().get(0).getAndExpressions().get(0);
if (and instanceof PositionAndExpression) {
++positions;
} else if (and instanceof AttributeAndExpression) {
++attributes;
}
}
if (positions > 1 || attributes > 1 || (attributes + positions) == 0) {
return false;
}
}
return true;
}