|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface Validator
The Validator interface defines a set of methods for canonicalizing and validating untrusted input. Implementors should feel free to extend this interface to accommodate their own data formats. Rather than throw exceptions, this interface returns boolean results because not all validation problems are security issues. Boolean returns allow developers to handle both valid and invalid results more cleanly than exceptions.
Implementations must adopt a "whitelist" approach to validation where a specific pattern or character set is matched. "Blacklist" approaches that attempt to identify the invalid or disallowed characters are much more likely to allow a bypass with encoding or other tricks.
Method Summary | |
---|---|
void |
addRule(ValidationRule rule)
|
void |
assertValidFileUpload(java.lang.String context,
java.lang.String filepath,
java.lang.String filename,
java.io.File parent,
byte[] content,
int maxBytes,
java.util.List<java.lang.String> allowedExtensions,
boolean allowNull)
Validates the filepath, filename, and content of a file. |
void |
assertValidFileUpload(java.lang.String context,
java.lang.String filepath,
java.lang.String filename,
java.io.File parent,
byte[] content,
int maxBytes,
java.util.List<java.lang.String> allowedExtensions,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions |
void |
assertValidHTTPRequestParameterSet(java.lang.String context,
javax.servlet.http.HttpServletRequest request,
java.util.Set<java.lang.String> required,
java.util.Set<java.lang.String> optional)
Validates that the parameters in the current request contain all required parameters and only optional ones in addition. |
void |
assertValidHTTPRequestParameterSet(java.lang.String context,
javax.servlet.http.HttpServletRequest request,
java.util.Set<java.lang.String> required,
java.util.Set<java.lang.String> optional,
ValidationErrorList errorList)
Calls getValidHTTPRequestParameterSet with the supplied errorList to capture ValidationExceptions |
ValidationRule |
getRule(java.lang.String name)
|
java.lang.String |
getValidCreditCard(java.lang.String context,
java.lang.String input,
boolean allowNull)
Returns a canonicalized and validated credit card number as a String. |
java.lang.String |
getValidCreditCard(java.lang.String context,
java.lang.String input,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions |
java.util.Date |
getValidDate(java.lang.String context,
java.lang.String input,
java.text.DateFormat format,
boolean allowNull)
Returns a valid date as a Date. |
java.util.Date |
getValidDate(java.lang.String context,
java.lang.String input,
java.text.DateFormat format,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidDate with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidDirectoryPath(java.lang.String context,
java.lang.String input,
java.io.File parent,
boolean allowNull)
Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent. |
java.lang.String |
getValidDirectoryPath(java.lang.String context,
java.lang.String input,
java.io.File parent,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions |
java.lang.Double |
getValidDouble(java.lang.String context,
java.lang.String input,
double minValue,
double maxValue,
boolean allowNull)
Returns a validated real number as a double. |
java.lang.Double |
getValidDouble(java.lang.String context,
java.lang.String input,
double minValue,
double maxValue,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidDouble with the supplied errorList to capture ValidationExceptions |
byte[] |
getValidFileContent(java.lang.String context,
byte[] input,
int maxBytes,
boolean allowNull)
Returns validated file content as a byte array. |
byte[] |
getValidFileContent(java.lang.String context,
byte[] input,
int maxBytes,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidFileContent with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidFileName(java.lang.String context,
java.lang.String input,
java.util.List<java.lang.String> allowedExtensions,
boolean allowNull)
Returns a canonicalized and validated file name as a String. |
java.lang.String |
getValidFileName(java.lang.String context,
java.lang.String input,
java.util.List<java.lang.String> allowedExtensions,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidFileName with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidInput(java.lang.String context,
java.lang.String input,
java.lang.String type,
int maxLength,
boolean allowNull)
Returns canonicalized and validated input as a String. |
java.lang.String |
getValidInput(java.lang.String context,
java.lang.String input,
java.lang.String type,
int maxLength,
boolean allowNull,
boolean canonicalize)
Returns validated input as a String with optional canonicalization. |
java.lang.String |
getValidInput(java.lang.String context,
java.lang.String input,
java.lang.String type,
int maxLength,
boolean allowNull,
boolean canonicalize,
ValidationErrorList errorList)
Calls getValidInput with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidInput(java.lang.String context,
java.lang.String input,
java.lang.String type,
int maxLength,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidInput with the supplied errorList to capture ValidationExceptions |
java.lang.Integer |
getValidInteger(java.lang.String context,
java.lang.String input,
int minValue,
int maxValue,
boolean allowNull)
Returns a validated integer. |
java.lang.Integer |
getValidInteger(java.lang.String context,
java.lang.String input,
int minValue,
int maxValue,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidInteger with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidListItem(java.lang.String context,
java.lang.String input,
java.util.List<java.lang.String> list)
Returns the list item that exactly matches the canonicalized input. |
java.lang.String |
getValidListItem(java.lang.String context,
java.lang.String input,
java.util.List<java.lang.String> list,
ValidationErrorList errorList)
Calls getValidListItem with the supplied errorList to capture ValidationExceptions |
java.lang.Double |
getValidNumber(java.lang.String context,
java.lang.String input,
long minValue,
long maxValue,
boolean allowNull)
Returns a validated number as a double within the range of minValue to maxValue. |
java.lang.Double |
getValidNumber(java.lang.String context,
java.lang.String input,
long minValue,
long maxValue,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions |
char[] |
getValidPrintable(java.lang.String context,
char[] input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a byte array. |
char[] |
getValidPrintable(java.lang.String context,
char[] input,
int maxLength,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidPrintable with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidPrintable(java.lang.String context,
java.lang.String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a String. |
java.lang.String |
getValidPrintable(java.lang.String context,
java.lang.String input,
int maxLength,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidPrintable with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidRedirectLocation(java.lang.String context,
java.lang.String input,
boolean allowNull)
Returns a canonicalized and validated redirect location as a String. |
java.lang.String |
getValidRedirectLocation(java.lang.String context,
java.lang.String input,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidRedirectLocation with the supplied errorList to capture ValidationExceptions |
java.lang.String |
getValidSafeHTML(java.lang.String context,
java.lang.String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else. |
java.lang.String |
getValidSafeHTML(java.lang.String context,
java.lang.String input,
int maxLength,
boolean allowNull,
ValidationErrorList errorList)
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions |
boolean |
isValidCreditCard(java.lang.String context,
java.lang.String input,
boolean allowNull)
Calls getValidCreditCard and returns true if no exceptions are thrown. |
boolean |
isValidDate(java.lang.String context,
java.lang.String input,
java.text.DateFormat format,
boolean allowNull)
Calls isValidDate and returns true if no exceptions are thrown. |
boolean |
isValidDirectoryPath(java.lang.String context,
java.lang.String input,
java.io.File parent,
boolean allowNull)
Calls getValidDirectoryPath and returns true if no exceptions are thrown. |
boolean |
isValidDouble(java.lang.String context,
java.lang.String input,
double minValue,
double maxValue,
boolean allowNull)
Calls getValidDouble and returns true if no exceptions are thrown. |
boolean |
isValidFileContent(java.lang.String context,
byte[] input,
int maxBytes,
boolean allowNull)
Calls getValidFileContent and returns true if no exceptions are thrown. |
boolean |
isValidFileName(java.lang.String context,
java.lang.String input,
boolean allowNull)
Calls getValidFileName with the default list of allowedExtensions |
boolean |
isValidFileName(java.lang.String context,
java.lang.String input,
java.util.List<java.lang.String> allowedExtensions,
boolean allowNull)
Calls getValidFileName and returns true if no exceptions are thrown. |
boolean |
isValidFileUpload(java.lang.String context,
java.lang.String filepath,
java.lang.String filename,
java.io.File parent,
byte[] content,
int maxBytes,
boolean allowNull)
Calls getValidFileUpload and returns true if no exceptions are thrown. |
boolean |
isValidHTTPRequestParameterSet(java.lang.String context,
javax.servlet.http.HttpServletRequest request,
java.util.Set<java.lang.String> required,
java.util.Set<java.lang.String> optional)
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown. |
boolean |
isValidInput(java.lang.String context,
java.lang.String input,
java.lang.String type,
int maxLength,
boolean allowNull)
Calls isValidInput and returns true if no exceptions are thrown. |
boolean |
isValidInput(java.lang.String context,
java.lang.String input,
java.lang.String type,
int maxLength,
boolean allowNull,
boolean canonicalize)
Calls isValidInput and returns true if no exceptions are thrown. |
boolean |
isValidInteger(java.lang.String context,
java.lang.String input,
int minValue,
int maxValue,
boolean allowNull)
Calls getValidInteger and returns true if no exceptions are thrown. |
boolean |
isValidListItem(java.lang.String context,
java.lang.String input,
java.util.List<java.lang.String> list)
Calls getValidListItem and returns true if no exceptions are thrown. |
boolean |
isValidNumber(java.lang.String context,
java.lang.String input,
long minValue,
long maxValue,
boolean allowNull)
Calls getValidNumber and returns true if no exceptions are thrown. |
boolean |
isValidPrintable(java.lang.String context,
char[] input,
int maxLength,
boolean allowNull)
Calls getValidPrintable and returns true if no exceptions are thrown. |
boolean |
isValidPrintable(java.lang.String context,
java.lang.String input,
int maxLength,
boolean allowNull)
Calls getValidPrintable and returns true if no exceptions are thrown. |
boolean |
isValidRedirectLocation(java.lang.String context,
java.lang.String input,
boolean allowNull)
Calls getValidRedirectLocation and returns true if no exceptions are thrown. |
boolean |
isValidSafeHTML(java.lang.String context,
java.lang.String input,
int maxLength,
boolean allowNull)
Calls getValidSafeHTML and returns true if no exceptions are thrown. |
java.lang.String |
safeReadLine(java.io.InputStream inputStream,
int maxLength)
Reads from an input stream until end-of-line or a maximum number of characters. |
Method Detail |
---|
void addRule(ValidationRule rule)
ValidationRule getRule(java.lang.String name)
boolean isValidInput(java.lang.String context, java.lang.String input, java.lang.String type, int maxLength, boolean allowNull) throws IntrusionException
IntrusionException
boolean isValidInput(java.lang.String context, java.lang.String input, java.lang.String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException
IntrusionException
java.lang.String getValidInput(java.lang.String context, java.lang.String input, java.lang.String type, int maxLength, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.type
- The regular expression name that maps to the actual regular expression from "ESAPI.properties".maxLength
- The maximum post-canonicalized String length allowed.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
java.lang.String getValidInput(java.lang.String context, java.lang.String input, java.lang.String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.type
- The regular expression name that maps to the actual regular expression from "ESAPI.properties".maxLength
- The maximum post-canonicalized String length allowed.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.canonicalize
- If canonicalize is true then input will be canonicalized before validation
ValidationException
IntrusionException
java.lang.String getValidInput(java.lang.String context, java.lang.String input, java.lang.String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
java.lang.String getValidInput(java.lang.String context, java.lang.String input, java.lang.String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidDate(java.lang.String context, java.lang.String input, java.text.DateFormat format, boolean allowNull) throws IntrusionException
IntrusionException
java.util.Date getValidDate(java.lang.String context, java.lang.String input, java.text.DateFormat format, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.format
- Required formatting of date inputted.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
java.util.Date getValidDate(java.lang.String context, java.lang.String input, java.text.DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidSafeHTML(java.lang.String context, java.lang.String input, int maxLength, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.String getValidSafeHTML(java.lang.String context, java.lang.String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.maxLength
- The maximum String length allowed.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
java.lang.String getValidSafeHTML(java.lang.String context, java.lang.String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidCreditCard(java.lang.String context, java.lang.String input, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.String getValidCreditCard(java.lang.String context, java.lang.String input, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
java.lang.String getValidCreditCard(java.lang.String context, java.lang.String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidDirectoryPath(java.lang.String context, java.lang.String input, java.io.File parent, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.String getValidDirectoryPath(java.lang.String context, java.lang.String input, java.io.File parent, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
java.lang.String getValidDirectoryPath(java.lang.String context, java.lang.String input, java.io.File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidFileName(java.lang.String context, java.lang.String input, boolean allowNull) throws IntrusionException
IntrusionException
boolean isValidFileName(java.lang.String context, java.lang.String input, java.util.List<java.lang.String> allowedExtensions, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.String getValidFileName(java.lang.String context, java.lang.String input, java.util.List<java.lang.String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
java.lang.String getValidFileName(java.lang.String context, java.lang.String input, java.util.List<java.lang.String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidNumber(java.lang.String context, java.lang.String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.Double getValidNumber(java.lang.String context, java.lang.String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.minValue
- Lowest legal value for input.maxValue
- Highest legal value for input.
ValidationException
IntrusionException
java.lang.Double getValidNumber(java.lang.String context, java.lang.String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidInteger(java.lang.String context, java.lang.String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.Integer getValidInteger(java.lang.String context, java.lang.String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.minValue
- Lowest legal value for input.maxValue
- Highest legal value for input.
ValidationException
IntrusionException
java.lang.Integer getValidInteger(java.lang.String context, java.lang.String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidDouble(java.lang.String context, java.lang.String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.Double getValidDouble(java.lang.String context, java.lang.String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.minValue
- Lowest legal value for input.maxValue
- Highest legal value for input.
ValidationException
IntrusionException
java.lang.Double getValidDouble(java.lang.String context, java.lang.String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidFileContent(java.lang.String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException
IntrusionException
byte[] getValidFileContent(java.lang.String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.maxBytes
- The maximum number of bytes allowed in a legal file.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
byte[] getValidFileContent(java.lang.String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidFileUpload(java.lang.String context, java.lang.String filepath, java.lang.String filename, java.io.File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException
IntrusionException
void assertValidFileUpload(java.lang.String context, java.lang.String filepath, java.lang.String filename, java.io.File parent, byte[] content, int maxBytes, java.util.List<java.lang.String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.filepath
- The file path of the uploaded file.filename
- The filename of the uploaded filecontent
- A byte array containing the content of the uploaded file.maxBytes
- The max number of bytes allowed for a legal file upload.allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
void assertValidFileUpload(java.lang.String context, java.lang.String filepath, java.lang.String filename, java.io.File parent, byte[] content, int maxBytes, java.util.List<java.lang.String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidListItem(java.lang.String context, java.lang.String input, java.util.List<java.lang.String> list) throws IntrusionException
IntrusionException
java.lang.String getValidListItem(java.lang.String context, java.lang.String input, java.util.List<java.lang.String> list) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The value to search 'list' for.list
- The list to search for 'input'.
ValidationException
IntrusionException
java.lang.String getValidListItem(java.lang.String context, java.lang.String input, java.util.List<java.lang.String> list, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidHTTPRequestParameterSet(java.lang.String context, javax.servlet.http.HttpServletRequest request, java.util.Set<java.lang.String> required, java.util.Set<java.lang.String> optional) throws IntrusionException
IntrusionException
void assertValidHTTPRequestParameterSet(java.lang.String context, javax.servlet.http.HttpServletRequest request, java.util.Set<java.lang.String> required, java.util.Set<java.lang.String> optional) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.required
- parameters that are required to be in HTTP requestoptional
- additional parameters that may be in HTTP request
ValidationException
IntrusionException
void assertValidHTTPRequestParameterSet(java.lang.String context, javax.servlet.http.HttpServletRequest request, java.util.Set<java.lang.String> required, java.util.Set<java.lang.String> optional, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidPrintable(java.lang.String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException
IntrusionException
char[] getValidPrintable(java.lang.String context, char[] input, int maxLength, boolean allowNull) throws ValidationException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- data to be returned as valid and printablemaxLength
- Maximum number of bytes stored in 'input'allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
char[] getValidPrintable(java.lang.String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidPrintable(java.lang.String context, java.lang.String input, int maxLength, boolean allowNull) throws IntrusionException
IntrusionException
java.lang.String getValidPrintable(java.lang.String context, java.lang.String input, int maxLength, boolean allowNull) throws ValidationException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- data to be returned as valid and printablemaxLength
- Maximum number of bytes stored in 'input' after canonicalizationallowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
java.lang.String getValidPrintable(java.lang.String context, java.lang.String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
boolean isValidRedirectLocation(java.lang.String context, java.lang.String input, boolean allowNull)
java.lang.String getValidRedirectLocation(java.lang.String context, java.lang.String input, boolean allowNull) throws ValidationException, IntrusionException
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"allowNull
- If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
ValidationException
IntrusionException
java.lang.String getValidRedirectLocation(java.lang.String context, java.lang.String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException
IntrusionException
java.lang.String safeReadLine(java.io.InputStream inputStream, int maxLength) throws ValidationException
inputStream
- The InputStream from which to read datamaxLength
- Maximum characters allowed to be read in per line
ValidationException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |