Sanitize value in setHeade call.

Issue: 102771

Author: iroqueta

common/src/main/java/com/genexus/CommonUtil.java

@@ -47,6 +47,11 @@ public final class CommonUtil
 	private static DateFormat parse_asctime;
 	private static final Object http_parse_lock  = new Object();
 
+	private static final String LOG_USER_ENTRY_WHITELIST_STRING = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789+-_=/[]{}\":, ";
+	private static final String HTTP_HEADER_WHITELIST_STRING = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789./;-@(){}[]?,<>\\";
+	public static final HashMap<Character, Character> LOG_USER_ENTRY_WHITELIST;
+	public static final HashMap<Character, Character> HTTP_HEADER_WHITELIST;
+
 	public static final ILogger logger = LogManager.getLogger(CommonUtil.class);
 
 	static
@@ -159,6 +164,9 @@ public Object initialValue()
 					{"Big5_HKSCS","Big5-HKSCS"},
 					{"EncodingWrapper","EncodingWrapper"}
 				};
+
+			LOG_USER_ENTRY_WHITELIST = stringToHashMap(LOG_USER_ENTRY_WHITELIST_STRING);
+			HTTP_HEADER_WHITELIST    = stringToHashMap(HTTP_HEADER_WHITELIST_STRING);
 		}
 		catch (Exception e)
 		{
@@ -3443,4 +3451,25 @@ public static String getClassName(String pgmName) {
 
 		return classPackage + pgmName.replace('\\', '.').trim();
 	}
+
+	private static HashMap<Character, Character> stringToHashMap(String input) {
+		HashMap<Character, Character> hashMap = new HashMap<>();
+
+		for (char c : input.toCharArray()) {
+			hashMap.put(c, c);
+		}
+		return hashMap;
+	}
+
+	public static String Sanitize(String input, HashMap<Character, Character> whiteList) {
+		StringBuilder sanitizedInput  = new StringBuilder();
+
+		for (char c : input.toCharArray()) {
+			if (whiteList.containsKey(c)) {
+				sanitizedInput.append(c);
+			}
+		}
+
+		return sanitizedInput.toString();
+	}
 }

java/src/test/java/com/genexus/TestCommonUtil.java

@@ -15,6 +15,23 @@ private void initialize()
 		LogManager.initialize(".");
 	}
 
+	@Test
+	public void testSanitize() {
+		initialize();
+
+		//Test case 1: Sanitize using LogUserEntryWhiteList
+		String value = "This is a string without Sanitize %@, let's see what happens ";
+		String expectedResult = "This is a string without Sanitize , lets see what happens ";
+		String result = CommonUtil.Sanitize(value, CommonUtil.LOG_USER_ENTRY_WHITELIST);
+		Assert.assertEquals(expectedResult, result);
+
+		//Test case 2: Sanitize using HttpHeaderWhiteList
+		value = "This is a string without Sanitize %@, let's see what happens ";
+		expectedResult = "ThisisastringwithoutSanitize@,letsseewhathappens";
+		result = CommonUtil.Sanitize(value, CommonUtil.HTTP_HEADER_WHITELIST);
+		Assert.assertEquals(expectedResult, result);
+	}
+
 	@Test
 	public void testFormat() {
 		initialize();

wrapperjakarta/src/main/java/com/genexus/servlet/http/HttpServletResponse.java

@@ -1,5 +1,6 @@
 package com.genexus.servlet.http;
 
+import com.genexus.CommonUtil;
 import com.genexus.servlet.ServletOutputStream;
 import com.genexus.servlet.IServletOutputStream;
 import java.io.IOException;
@@ -23,7 +24,7 @@ public jakarta.servlet.http.HttpServletResponse getWrappedClass() {
 	}
 
 	public void setHeader(String name, String value) {
-		resp.setHeader(name, value);
+		resp.setHeader(name, CommonUtil.Sanitize(value, CommonUtil.HTTP_HEADER_WHITELIST));
 	}
 
 	public void addDateHeader(String name, long date) {

wrapperjavax/src/main/java/com/genexus/servlet/http/HttpServletResponse.java

@@ -1,5 +1,6 @@
 package com.genexus.servlet.http;
 
+import com.genexus.CommonUtil;
 import com.genexus.servlet.ServletOutputStream;
 import com.genexus.servlet.IServletOutputStream;
 
@@ -23,7 +24,7 @@ public javax.servlet.http.HttpServletResponse getWrappedClass() {
 	}
 
 	public void setHeader(String name, String value) {
-		resp.setHeader(name, value);
+		resp.setHeader(name, CommonUtil.Sanitize(value, CommonUtil.HTTP_HEADER_WHITELIST));
 	}
 
 	public void addDateHeader(String name, long date) {