org.owasp.esapi.reference.validation
Class StringValidationRule
java.lang.Object
org.owasp.esapi.reference.validation.BaseValidationRule
org.owasp.esapi.reference.validation.StringValidationRule
- All Implemented Interfaces:
- ValidationRule
- Direct Known Subclasses:
- HTMLValidationRule
public class StringValidationRule
- extends BaseValidationRule
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
http://en.wikipedia.org/wiki/Whitelist
|
Method Summary |
void |
addBlacklistPattern(java.util.regex.Pattern p)
|
void |
addBlacklistPattern(java.lang.String pattern)
|
void |
addWhitelistPattern(java.util.regex.Pattern p)
|
void |
addWhitelistPattern(java.lang.String pattern)
|
java.lang.String |
getValid(java.lang.String context,
java.lang.String input)
Parse the input, throw exceptions if validation fails |
java.lang.String |
sanitize(java.lang.String context,
java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care). |
void |
setMaximumLength(int length)
|
void |
setMinimumLength(int length)
|
void |
setValidateInputAndCanonical(boolean flag)
Set the flag which determines whether the in input itself is
checked as well as the canonical form of the input. |
| Methods inherited from class org.owasp.esapi.reference.validation.BaseValidationRule |
assertValid, charArrayToSet, getEncoder, getSafe, getTypeName, getValid, isAllowNull, isValid, setAllowNull, setEncoder, setTypeName, whitelist, whitelist |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
whitelistPatterns
protected java.util.List<java.util.regex.Pattern> whitelistPatterns
blacklistPatterns
protected java.util.List<java.util.regex.Pattern> blacklistPatterns
minLength
protected int minLength
maxLength
protected int maxLength
validateInputAndCanonical
protected boolean validateInputAndCanonical
StringValidationRule
public StringValidationRule(java.lang.String typeName)
StringValidationRule
public StringValidationRule(java.lang.String typeName,
Encoder encoder)
StringValidationRule
public StringValidationRule(java.lang.String typeName,
Encoder encoder,
java.lang.String whitelistPattern)
addWhitelistPattern
public void addWhitelistPattern(java.lang.String pattern)
- Throws:
java.lang.IllegalArgumentException - if pattern is null
addWhitelistPattern
public void addWhitelistPattern(java.util.regex.Pattern p)
- Throws:
java.lang.IllegalArgumentException - if p is null
addBlacklistPattern
public void addBlacklistPattern(java.lang.String pattern)
- Throws:
java.lang.IllegalArgumentException - if pattern is null
addBlacklistPattern
public void addBlacklistPattern(java.util.regex.Pattern p)
- Throws:
java.lang.IllegalArgumentException - if p is null
setMinimumLength
public void setMinimumLength(int length)
setMaximumLength
public void setMaximumLength(int length)
setValidateInputAndCanonical
public void setValidateInputAndCanonical(boolean flag)
- Set the flag which determines whether the in input itself is
checked as well as the canonical form of the input.
- Parameters:
flag - The value to set
getValid
public java.lang.String getValid(java.lang.String context,
java.lang.String input)
throws ValidationException
- Parse the input, throw exceptions if validation fails
- Parameters:
context - for logginginput - the value to be parsed
- Returns:
- a validated value
- Throws:
ValidationException - if any validation rules fail
sanitize
public java.lang.String sanitize(java.lang.String context,
java.lang.String input)
- The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care). In most cases this should be the
same as the getSafe method only instead of throwing an exception, return
some default value.
- Specified by:
sanitize in class BaseValidationRule
- Returns:
- a parsed version of the input or a default value.
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.