Package org.keycloak.utils

Class StringUtil

java.lang.Object
org.keycloak.utils.StringUtil
public class StringUtil extends Object

  • Constructor Details

    • StringUtil

      public StringUtil()

  • Method Details

    • isBlank

      public static boolean isBlank(String str)
      Returns true if string is null or blank

    • isNotBlank

      public static boolean isNotBlank(String str)
      Returns true if string is not null and not blank

    • isNullOrEmpty

      public static boolean isNullOrEmpty(String str)
      Returns true if string is null or empty

    • joinValuesWithLogicalCondition

      public static String joinValuesWithLogicalCondition(String conditionText, Collection<String> values)
      Calling: 
      joinValuesWithLogicalCondition("or", Arrays.asList("foo", "bar", "baz", "caz" ))
      will return "foo, bar, baz or caz"
      Parameters:
      conditionText - condition
      values - values to be joined with the condition at the end
      Returns:
      see the example above

    • removeControlCharacters

      public static String removeControlCharacters(String str)
      Removes ANSI escape codes and control characters from a string to prevent log injection attacks. This method: 1. Removes URL-encoded ANSI escape sequences (e.g., %1B[31m) 2. Removes literal ANSI escape sequences (e.g., ) 3. Removes URL-encoded control characters (e.g., %0D, %0A, %7F) 4. Removes any remaining literal control characters Note: This method does NOT decode legitimate URL-encoded characters (e.g., %20, %2F) to preserve the original encoding for use cases like redirect URI validation.
      Parameters:
      str - The string to sanitize
      Returns:
      The sanitized string without ANSI codes and control characters

    • sanitizeSpacesAndQuotes

      public static String sanitizeSpacesAndQuotes(String str, Character quotes)
      Utility method that substitutes any isWhitespace char to common space ' ' or character 20. The idea is removing any weird space character in the string like \t, \n, \r. If quotes character is passed the quotes char is escaped to mark is not the end of the value (for example escaped \" if quotes char " is found in the string).
      Parameters:
      str - The string to normalize
      quotes - The quotes to escape (for example " or '). It can be null.
      Returns:
      The string without weird whitespaces and quotes escaped

    • removeSuffix

      public static String removeSuffix(String str, String suffix)