Package | Description |
---|---|
org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
org.owasp.esapi.crypto |
This package contains ESAPI cryptography-related classes used throughout
ESAPI.
|
org.owasp.esapi.errors |
A set of exception classes designed to model the error conditions that
frequently arise in enterprise web applications and web services.
|
org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
org.owasp.esapi.reference.validation |
This package contains data format-specific validation rule functions.
|
Modifier and Type | Method and Description |
---|---|
ValidationException |
ValidationErrorList.getError(String context)
Retrieves ValidationException for given context if one exists.
|
Modifier and Type | Method and Description |
---|---|
List<ValidationException> |
ValidationErrorList.errors()
Returns list of ValidationException, or empty list of no errors exist.
|
Modifier and Type | Method and Description |
---|---|
void |
ValidationErrorList.addError(String context,
ValidationException vex)
Adds a new error to list with a unique named context.
|
Modifier and Type | Method and Description |
---|---|
void |
ValidationRule.assertValid(String context,
String input)
Check if the input is valid, throw an Exception otherwise
|
void |
Validator.assertValidFileUpload(String context,
String filepath,
String filename,
File parent,
byte[] content,
int maxBytes,
List<String> allowedExtensions,
boolean allowNull)
Validates the filepath, filename, and content of a file.
|
void |
Validator.assertValidHTTPRequestParameterSet(String context,
javax.servlet.http.HttpServletRequest request,
Set<String> required,
Set<String> optional)
Validates that the parameters in the current request contain all required parameters and only optional ones in
addition.
|
String |
HTTPUtilities.getCookie(javax.servlet.http.HttpServletRequest request,
String name)
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
value of the named cookie after "global" validation against the
general type defined in ESAPI.properties.
|
String |
HTTPUtilities.getCookie(String name)
Calls getCookie with the *current* response.
|
List |
HTTPUtilities.getFileUploads()
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
|
List |
HTTPUtilities.getFileUploads(javax.servlet.http.HttpServletRequest request)
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
|
List |
HTTPUtilities.getFileUploads(javax.servlet.http.HttpServletRequest request,
File finalDir)
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
|
List |
HTTPUtilities.getFileUploads(javax.servlet.http.HttpServletRequest request,
File destinationDir,
List allowedExtensions)
Extract uploaded files from a multipart HTTP requests.
|
String |
HTTPUtilities.getHeader(javax.servlet.http.HttpServletRequest request,
String name)
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
value of the named header after "global" validation against the
general type defined in ESAPI.properties.
|
String |
HTTPUtilities.getHeader(String name)
Calls getHeader with the *current* request.
|
String |
HTTPUtilities.getParameter(javax.servlet.http.HttpServletRequest request,
String name)
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
value of the named parameter after "global" validation against the
general type defined in ESAPI.properties.
|
String |
HTTPUtilities.getParameter(String name)
Calls getParameter with the *current* request.
|
Object |
ValidationRule.getValid(String context,
String input)
Parse the input, throw exceptions if validation fails
|
Object |
ValidationRule.getValid(String context,
String input,
ValidationErrorList errorList)
Get a validated value, add the errors to an existing error list
|
String |
Validator.getValidCreditCard(String context,
String input,
boolean allowNull)
Returns a canonicalized and validated credit card number as a String.
|
Date |
Validator.getValidDate(String context,
String input,
DateFormat format,
boolean allowNull)
Returns a valid date as a Date.
|
String |
Validator.getValidDirectoryPath(String context,
String input,
File parent,
boolean allowNull)
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
|
Double |
Validator.getValidDouble(String context,
String input,
double minValue,
double maxValue,
boolean allowNull)
Returns a validated real number as a double.
|
byte[] |
Validator.getValidFileContent(String context,
byte[] input,
int maxBytes,
boolean allowNull)
Returns validated file content as a byte array.
|
String |
Validator.getValidFileName(String context,
String input,
List<String> allowedExtensions,
boolean allowNull)
Returns a canonicalized and validated file name as a String.
|
String |
Validator.getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull)
Returns canonicalized and validated input as a String.
|
String |
Validator.getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
boolean canonicalize)
Returns validated input as a String with optional canonicalization.
|
Integer |
Validator.getValidInteger(String context,
String input,
int minValue,
int maxValue,
boolean allowNull)
Returns a validated integer.
|
String |
Validator.getValidListItem(String context,
String input,
List<String> list)
Returns the list item that exactly matches the canonicalized input.
|
Double |
Validator.getValidNumber(String context,
String input,
long minValue,
long maxValue,
boolean allowNull)
Returns a validated number as a double within the range of minValue to maxValue.
|
char[] |
Validator.getValidPrintable(String context,
char[] input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a byte array.
|
String |
Validator.getValidPrintable(String context,
String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a String.
|
String |
Validator.getValidRedirectLocation(String context,
String input,
boolean allowNull)
Returns a canonicalized and validated redirect location as a String.
|
String |
Validator.getValidSafeHTML(String context,
String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
|
String |
Validator.safeReadLine(InputStream inputStream,
int maxLength)
Reads from an input stream until end-of-line or a maximum number of
characters.
|
Constructor and Description |
---|
SafeFile(File parent,
String child) |
SafeFile(String path) |
SafeFile(String parent,
String child) |
SafeFile(URI uri) |
Modifier and Type | Method and Description |
---|---|
void |
CryptoToken.addAttributes(Map<String,String> attrs)
Add the specified collection of attributes to the current attributes.
|
void |
CryptoToken.setAttribute(String name,
String value)
Set a name/value pair as an attribute.
|
void |
CryptoToken.setUserAccountName(String userAccountName)
Set the user account name associated with this cryptographic token
object.
|
String |
CryptoToken.updateToken(int additionalSecs)
Update the (current) expiration time by adding the specified number of
seconds to it and then re-encrypting with the current
SecretKey
that was used to construct this object. |
Modifier and Type | Class and Description |
---|---|
class |
ValidationAvailabilityException |
class |
ValidationUploadException |
Modifier and Type | Method and Description |
---|---|
void |
DefaultValidator.assertValidFileUpload(String context,
String directorypath,
String filename,
File parent,
byte[] content,
int maxBytes,
List<String> allowedExtensions,
boolean allowNull)
Validates the filepath, filename, and content of a file.
|
void |
DefaultValidator.assertValidHTTPRequestParameterSet(String context,
javax.servlet.http.HttpServletRequest request,
Set<String> required,
Set<String> optional)
Validates that the parameters in the current request contain all required parameters and only optional ones in
addition.
|
String |
DefaultHTTPUtilities.getCookie(javax.servlet.http.HttpServletRequest request,
String name)
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
value of the named cookie after "global" validation against the
general type defined in ESAPI.properties.
|
String |
DefaultHTTPUtilities.getCookie(String name)
Calls getCookie with the *current* response.
|
List<File> |
DefaultHTTPUtilities.getFileUploads()
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
|
List<File> |
DefaultHTTPUtilities.getFileUploads(javax.servlet.http.HttpServletRequest request)
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
|
List<File> |
DefaultHTTPUtilities.getFileUploads(javax.servlet.http.HttpServletRequest request,
File finalDir)
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
|
List<File> |
DefaultHTTPUtilities.getFileUploads(javax.servlet.http.HttpServletRequest request,
File finalDir,
List allowedExtensions)
Extract uploaded files from a multipart HTTP requests.
|
String |
DefaultHTTPUtilities.getHeader(javax.servlet.http.HttpServletRequest request,
String name)
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
value of the named header after "global" validation against the
general type defined in ESAPI.properties.
|
String |
DefaultHTTPUtilities.getHeader(String name)
Calls getHeader with the *current* request.
|
String |
DefaultHTTPUtilities.getParameter(javax.servlet.http.HttpServletRequest request,
String name)
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
value of the named parameter after "global" validation against the
general type defined in ESAPI.properties.
|
String |
DefaultHTTPUtilities.getParameter(String name)
Calls getParameter with the *current* request.
|
String |
DefaultValidator.getValidCreditCard(String context,
String input,
boolean allowNull)
Returns a canonicalized and validated credit card number as a String.
|
Date |
DefaultValidator.getValidDate(String context,
String input,
DateFormat format,
boolean allowNull)
Returns a valid date as a Date.
|
String |
DefaultValidator.getValidDirectoryPath(String context,
String input,
File parent,
boolean allowNull)
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
|
Double |
DefaultValidator.getValidDouble(String context,
String input,
double minValue,
double maxValue,
boolean allowNull)
Returns a validated real number as a double.
|
byte[] |
DefaultValidator.getValidFileContent(String context,
byte[] input,
int maxBytes,
boolean allowNull)
Returns validated file content as a byte array.
|
String |
DefaultValidator.getValidFileName(String context,
String input,
List<String> allowedExtensions,
boolean allowNull)
Returns a canonicalized and validated file name as a String.
|
String |
DefaultValidator.getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull)
Validates data received from the browser and returns a safe version.
|
String |
DefaultValidator.getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
boolean canonicalize)
Validates data received from the browser and returns a safe version.
|
Integer |
DefaultValidator.getValidInteger(String context,
String input,
int minValue,
int maxValue,
boolean allowNull)
Returns a validated integer.
|
String |
DefaultValidator.getValidListItem(String context,
String input,
List<String> list)
Returns the list item that exactly matches the canonicalized input.
|
Double |
DefaultValidator.getValidNumber(String context,
String input,
long minValue,
long maxValue,
boolean allowNull)
Returns a validated number as a double within the range of minValue to maxValue.
|
char[] |
DefaultValidator.getValidPrintable(String context,
char[] input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a byte array.
|
String |
DefaultValidator.getValidPrintable(String context,
String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a String.
|
String |
DefaultValidator.getValidRedirectLocation(String context,
String input,
boolean allowNull)
Returns a canonicalized and validated redirect location as a String.
|
String |
DefaultValidator.getValidSafeHTML(String context,
String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
|
String |
DefaultValidator.safeReadLine(InputStream in,
int max)
Reads from an input stream until end-of-line or a maximum number of
characters.
|
Modifier and Type | Method and Description |
---|---|
void |
BaseValidationRule.assertValid(String context,
String input)
Check if the input is valid, throw an Exception otherwise
|
String |
StringValidationRule.getValid(String context,
String input)
Parse the input, throw exceptions if validation fails
|
Double |
NumberValidationRule.getValid(String context,
String input)
Parse the input, throw exceptions if validation fails
|
Integer |
IntegerValidationRule.getValid(String context,
String input) |
String |
HTMLValidationRule.getValid(String context,
String input)
Parse the input, throw exceptions if validation fails
|
Date |
DateValidationRule.getValid(String context,
String input)
Parse the input, throw exceptions if validation fails
|
String |
CreditCardValidationRule.getValid(String context,
String input)
Parse the input, throw exceptions if validation fails
|
Object |
BaseValidationRule.getValid(String context,
String input,
ValidationErrorList errorList)
Get a validated value, add the errors to an existing error list
|
Copyright © 2020 The Open Web Application Security Project (OWASP). All rights reserved.