- ABSOLUTE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.PropNames
-
- ABSOLUTE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- AbstractAccessReferenceMap<K> - Class in org.owasp.esapi.reference
-
Abstract Implementation of the AccessReferenceMap.
- AbstractAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Instantiates a new access reference map.
- AbstractAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Instantiates a new access reference map with the specified size allotment
to reduce Map resizing overhead.
- AbstractAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
- AbstractAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
- AbstractAuthenticator - Class in org.owasp.esapi.reference
-
A partial implementation of the Authenticator interface.
- AbstractAuthenticator() - Constructor for class org.owasp.esapi.reference.AbstractAuthenticator
-
- AbstractCharacterCodec - Class in org.owasp.esapi.codecs
-
This abstract Impl is broken off from the original Codec
class and
provides the Character
parsing logic that has been with ESAPI from the beginning.
- AbstractCharacterCodec() - Constructor for class org.owasp.esapi.codecs.AbstractCharacterCodec
-
- AbstractCodec<T> - Class in org.owasp.esapi.codecs
-
The Coded
interface defines a set of methods for encoding and decoding application level encoding schemes,
such as HTML entity encoding and percent encoding (aka URL encoding).
- AbstractCodec() - Constructor for class org.owasp.esapi.codecs.AbstractCodec
-
Default constructor
- AbstractIntegerCodec - Class in org.owasp.esapi.codecs
-
This class is intended to be an alternative Abstract Implementation for parsing encoding
data by focusing on int
as opposed to Character
.
- AbstractIntegerCodec() - Constructor for class org.owasp.esapi.codecs.AbstractIntegerCodec
-
- AbstractPrioritizedPropertyLoader - Class in org.owasp.esapi.configuration
-
Abstrace class that supports two "levels" of priorities for ESAPI properties.
- AbstractPrioritizedPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
-
- AbstractPushbackSequence<T> - Class in org.owasp.esapi.codecs
-
This Abstract class provides the generic logic for using a
PushbackSequence
in regards to iterating strings.
- AbstractPushbackSequence(String) - Constructor for class org.owasp.esapi.codecs.AbstractPushbackSequence
-
- ACCEPT_LENIENT_DATES - Static variable in class org.owasp.esapi.PropNames
-
- ACCEPT_LENIENT_DATES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
-
- ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- AccessControlException - Exception in org.owasp.esapi.errors
-
An AccessControlException should be thrown when a user attempts to access a
resource that they are not authorized for.
- AccessControlException() - Constructor for exception org.owasp.esapi.errors.AccessControlException
-
Instantiates a new access control exception.
- AccessControlException(String, String) - Constructor for exception org.owasp.esapi.errors.AccessControlException
-
Creates a new instance of AccessControlException
.
- AccessControlException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AccessControlException
-
Instantiates a new access control exception.
- AccessController - Interface in org.owasp.esapi
-
The AccessController interface defines a set of methods that can be used in a wide variety of applications to
enforce access control.
- accessController() - Static method in class org.owasp.esapi.ESAPI
-
- AccessControlRule<P,R> - Interface in org.owasp.esapi
-
- AccessReferenceMap<K> - Interface in org.owasp.esapi
-
The AccessReferenceMap interface is used to map from a set of internal
direct object references to a set of indirect references that are safe to
disclose publicly.
- ACRParameterLoader<T> - Interface in org.owasp.esapi.reference.accesscontrol.policyloader
-
- ACRParameterLoaderHelper - Class in org.owasp.esapi.reference.accesscontrol.policyloader
-
- ACRParameterLoaderHelper() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
-
- ACRPolicyFileLoader - Class in org.owasp.esapi.reference.accesscontrol.policyloader
-
- ACRPolicyFileLoader() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
-
- Action - Class in org.owasp.esapi.waf.actions
-
The base class indicating what is to be done after a rule executes.
- Action() - Constructor for class org.owasp.esapi.waf.actions.Action
-
- actionNecessary - Variable in class org.owasp.esapi.waf.actions.Action
-
- actions - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
-
The list of actions to take if the threshold is met.
- addAccessControlRule(String, String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
-
- addAfterBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- addAttributes(Map<String, String>) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Add the specified collection of attributes to the current attributes.
- addBeforeBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- addBeforeResponseRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- addBlacklistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
- addBlacklistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
- addCookie(Cookie) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a cookie to the response after ensuring that there are no encoded or
illegal characters in the name and name and value.
- addCookie(Cookie) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls addCookie with the *current* request.
- addCookie(HttpServletResponse, Cookie) - Method in interface org.owasp.esapi.HTTPUtilities
-
Add a cookie to the response after ensuring that there are no encoded or
illegal characters in the name and name and value.
- addCookie(Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls addCookie with the *current* request.
- addCookie(HttpServletResponse, Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Add a cookie to the response after ensuring that there are no encoded or
illegal characters in the name and name and value.
- addCookie(Cookie) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- addCookie(Cookie, boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- addCookieRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- addCSRFToken(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
- addCSRFToken(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
- addDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a cookie to the response after ensuring that there are no encoded or
illegal characters in the name.
- addDirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Adds a direct reference to the AccessReferenceMap, then generates and returns
an associated indirect reference.
- addDirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Adds a direct reference to the AccessReferenceMap, then generates and returns
an associated indirect reference.
- addError(String, ValidationException) - Method in class org.owasp.esapi.ValidationErrorList
-
Adds a new error to list with a unique named context.
- addEvent(String, String) - Method in interface org.owasp.esapi.IntrusionDetector
-
Adds the event to the IntrusionDetector.
- addEvent(String, String) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector
-
Adds the event to the IntrusionDetector.
- addException(Exception) - Method in interface org.owasp.esapi.IntrusionDetector
-
Adds the exception to the IntrusionDetector.
- addException(Exception) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector
-
Adds the exception to the IntrusionDetector.
- addHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a header to the response after ensuring that there are no encoded or
illegal characters in the name and name and value.
- addHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls addHeader with the *current* request.
- addHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or
illegal characters in the name and name and value.
- addHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls addHeader with the *current* request.
- addHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or
illegal characters in the name and name and value.
- AddHeaderRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <add-header> rules.
- AddHeaderRule(String, String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AddHeaderRule
-
- AddHTTPOnlyFlagRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <add-http-only-flag> rules.
- AddHTTPOnlyFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
-
- addIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add an int header to the response after ensuring that there are no
encoded or illegal characters in the name and value.
- ADDITIONAL_ALLOWED_CIPHER_MODES - Static variable in class org.owasp.esapi.PropNames
-
- ADDITIONAL_ALLOWED_CIPHER_MODES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- addProperty(Properties, String, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
-
Adds a new key-value property to the passed Properties object
- addReferer(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a referer header to the response, after validating there are no illegal characters according to the
Validator.isValidURI() method, as well as ensuring there are no instances of mixed or double encoding
depending on how you have configured ESAPI defaults.
- addRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Adds a role to this user's account.
- addRole(String) - Method in interface org.owasp.esapi.User
-
Adds a role to this user's account.
- addRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser
-
Adds a set of roles to this user's account.
- addRoles(Set<String>) - Method in interface org.owasp.esapi.User
-
Adds a set of roles to this user's account.
- addRule(ValidationRule) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Add a validation rule to the registry using the "type name" of the rule as the key.
- addRule(ValidationRule) - Method in interface org.owasp.esapi.Validator
-
Add a validation rule to the registry using the "type name" of the rule as the key.
- AddSecureFlagRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <add-secure-flag> rules.
- AddSecureFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddSecureFlagRule
-
- addSession(HttpSession) - Method in class org.owasp.esapi.reference.DefaultUser
-
Adds a session for this User.
- addSession(HttpSession) - Method in interface org.owasp.esapi.User
-
Adds a session for this User.
- addWhitelistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
- addWhitelistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
- ALL - Static variable in interface org.owasp.esapi.Logger
-
ALL indicates that all messages should be logged.
- ALLOW_MIXED_ENCODING - Static variable in class org.owasp.esapi.PropNames
-
- ALLOW_MIXED_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- ALLOW_MULTIPLE_ENCODING - Static variable in class org.owasp.esapi.PropNames
-
- ALLOW_MULTIPLE_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- ALLOWED_LOGIN_ATTEMPTS - Static variable in class org.owasp.esapi.PropNames
-
- ALLOWED_LOGIN_ATTEMPTS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- allowNull - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
-
- ALPHANUMERICS - Static variable in class org.owasp.esapi.EncoderConstants
-
- always(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log an event regardless of what logging level is enabled.
- always(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log an event regardless of what logging level is enabled
and also record the stack trace associated with the event.
- always(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- always(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- always(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- always(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- ALWAYS_LEVEL - Static variable in class org.owasp.esapi.logging.java.ESAPICustomJavaLevel
-
Defines a custom level that should result in content always being recorded, unless the Java Logging configuration is set to OFF.
- AlwaysFalseACR - Class in org.owasp.esapi.reference.accesscontrol
-
- AlwaysFalseACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR
-
- AlwaysTrueACR - Class in org.owasp.esapi.reference.accesscontrol
-
- AlwaysTrueACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR
-
- ANONYMOUS - Static variable in interface org.owasp.esapi.User
-
The ANONYMOUS user is used to represent an unidentified user.
- ANONYMOUS_USER - Static variable in class org.owasp.esapi.crypto.CryptoToken
-
Represents an anonymous user.
- ANSI_MODE - Static variable in class org.owasp.esapi.codecs.MySQLCodec
-
Target MySQL Server is running in ANSI_QUOTES Mode
- append(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
-
- append(CharSequence, int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
-
- append(CharSequence) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
-
- appendTo(String, Logger.EventType, String) - Method in interface org.owasp.esapi.logging.appender.LogAppender
-
Creates a replacement Log Message and returns it to the caller.
- appendTo(String, Logger.EventType, String) - Method in class org.owasp.esapi.logging.appender.LogPrefixAppender
-
- AppGuardianConfiguration - Class in org.owasp.esapi.waf.configuration
-
This class is the object model of the policy file.
- AppGuardianConfiguration() - Constructor for class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- APPLICATION_NAME - Static variable in class org.owasp.esapi.PropNames
-
- APPLICATION_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- APPROVED_EXECUTABLES - Static variable in class org.owasp.esapi.PropNames
-
- APPROVED_EXECUTABLES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- APPROVED_UPLOAD_EXTENSIONS - Static variable in class org.owasp.esapi.PropNames
-
- APPROVED_UPLOAD_EXTENSIONS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- arrayCompare(byte[], byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
- arrayToSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Converts an array of chars to a Set of Characters.
- arrayToUnmodifiableSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a char array to a unmodifiable Set.
- asBytes() - Method in class org.owasp.esapi.crypto.PlainText
-
Convert the PlainText
object to a byte array.
- asCipherText() - Method in class org.owasp.esapi.crypto.CipherTextSerializer
-
Return the actual CipherText
object.
- asPortableSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherText
-
Return this CipherText
object as a portable (i.e., network byte
ordered) serialized byte array.
- asSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherTextSerializer
-
Return this CipherText
object as a specialized, portable
serialized byte array.
- assertAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController
-
assertAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
- assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
- assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
assertAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
- assertAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced data.
- assertAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Deprecated.
- assertAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced function.
- assertAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced service.
- assertAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced URL.
- assertSecureChannel() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls assertSecureChannel with the *current* request.
- assertSecureChannel(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Ensures the use of SSL to protect any sensitive parameters in the request and
any sensitive data in the response.
- assertSecureChannel() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls assertSecureChannel with the *current* request.
- assertSecureChannel(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Ensures the use of SSL to protect any sensitive parameters in the request and
any sensitive data in the response.
- assertSecureRequest() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls assertSecureRequest with the *current* request.
- assertSecureRequest(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Ensures that the request uses both SSL and POST to protect any sensitive parameters
in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
- assertSecureRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls assertSecureRequest with the *current* request.
- assertSecureRequest(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Ensures that the request uses both SSL and POST to protect any sensitive parameters
in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
- assertValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Check if the input is valid, throw an Exception otherwise
- assertValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
-
Check if the input is valid, throw an Exception otherwise
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates the filepath
, filename
, and content
of a file.
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates the filepath
, filename
, and content
of a file,
any validation exceptions are added to the supplied errorList
.
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
-
Validates the filepath
, filename
, and content
of a file.
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Validates the filepath
, filename
, and content
of a file,
any validation exceptions are added to the supplied errorList
.
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates that the parameters in the current request contain all required parameters
and only optional ones in addition.
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates that the parameters in the current request contain all required parameters
and only optional ones in addition,
any validation exceptions are added to the supplied errorList
.
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator
-
Validates that the parameters in the current request contain all required parameters
and only optional ones in addition.
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Validates that the parameters in the current request contain all required parameters
and only optional ones in addition,
any validation exceptions are added to the supplied errorList
.
- AuthenticatedRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <authentication-rules> rules.
- AuthenticatedRule(String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AuthenticatedRule
-
- AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
-
- AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- AuthenticationAccountsException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
- AuthenticationAccountsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
-
Instantiates a new authentication exception.
- AuthenticationAccountsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
-
Creates a new instance of AuthenticationAccountsException
.
- AuthenticationAccountsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
-
Instantiates a new authentication exception.
- AuthenticationCredentialsException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
- AuthenticationCredentialsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
-
Instantiates a new authentication exception.
- AuthenticationCredentialsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
-
Creates a new instance of AuthenticationCredentialsException
.
- AuthenticationCredentialsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
-
Instantiates a new authentication exception.
- AuthenticationException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
- AuthenticationException() - Constructor for exception org.owasp.esapi.errors.AuthenticationException
-
Instantiates a new authentication exception.
- AuthenticationException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationException
-
Creates a new instance of AuthenticationException
.
- AuthenticationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationException
-
Instantiates a new authentication exception.
- AuthenticationHostException - Exception in org.owasp.esapi.errors
-
An AuthenticationHostException should be thrown when there is a problem with
the host involved with authentication, particularly if the host changes unexpectedly.
- AuthenticationHostException() - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
-
Instantiates a new authentication exception.
- AuthenticationHostException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
-
Creates a new instance of AuthenticationHostException.
- AuthenticationHostException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
-
Instantiates a new authentication exception.
- AuthenticationLoginException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
- AuthenticationLoginException() - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
-
Instantiates a new authentication exception.
- AuthenticationLoginException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
-
Creates a new instance of EnterpriseSecurityException.
- AuthenticationLoginException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
-
Instantiates a new authentication exception.
- Authenticator - Interface in org.owasp.esapi
-
The Authenticator interface defines a set of methods for generating and
handling account credentials and session identifiers.
- authenticator() - Static method in class org.owasp.esapi.ESAPI
-
- AvailabilityException - Exception in org.owasp.esapi.errors
-
An AvailabilityException should be thrown when the availability of a limited
resource is in jeopardy.
- AvailabilityException() - Constructor for exception org.owasp.esapi.errors.AvailabilityException
-
Instantiates a new availability exception.
- AvailabilityException(String, String) - Constructor for exception org.owasp.esapi.errors.AvailabilityException
-
Creates a new instance of AvailabilityException.
- AvailabilityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AvailabilityException
-
Instantiates a new AvailabilityException.
- EchoDynaBeanPolicyParameterACR - Class in org.owasp.esapi.reference.accesscontrol.policyloader
-
- EchoDynaBeanPolicyParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR
-
- EchoRuntimeParameterACR - Class in org.owasp.esapi.reference.accesscontrol
-
- EchoRuntimeParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
-
- elements() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to throw an UnsupportedOperationException
- ELEncodeFunctions - Class in org.owasp.esapi.tags
-
Static encoder methods for JSP EL expression functions.
- enable() - Method in class org.owasp.esapi.reference.DefaultUser
-
Enable this user's account.
- enable() - Method in interface org.owasp.esapi.User
-
Enable this user's account.
- ENABLE_UNSAFE_SERIALIZATION - Static variable in class org.owasp.esapi.codecs.Base64
-
System property name that must be set to true in order to invoke Base64.decodeToObject()
.
- encode(char[], String) - Method in class org.owasp.esapi.codecs.AbstractCodec
-
Encode a String so that it can be safely used in a specific context.
- ENCODE - Static variable in class org.owasp.esapi.codecs.Base64
-
Specify encoding.
- encode(char[], String) - Method in interface org.owasp.esapi.codecs.Codec
-
Encode a String so that it can be safely used in a specific context.
- encode(char[], String) - Method in class org.owasp.esapi.codecs.CSSCodec
-
- encode(byte[], boolean) - Static method in class org.owasp.esapi.codecs.Hex
-
Output byte representation as hexadecimal representation.
- encode(char[], String) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec
-
Given an array of char
, scan the input String
and encode unsafe
codePoints, except for codePoints passed into the char
array.
- encode(char[], String) - Method in class org.owasp.esapi.codecs.VBScriptCodec
-
Encode a String so that it can be safely used in a specific context.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.BaseEncodeTag
-
Encode tag's content.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Encode tag's content using Base64.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForCSSTag
-
Encode tag's content for usage in CSS.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLAttributeTag
-
Encode tag's content for usage as a HTML attribute.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLTag
-
Encode tag's content for usage in HTML.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForJavaScriptTag
-
Encode tag's content for usage in JavaScript
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForURLTag
-
Encode tag's content for usage in a URL.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForVBScriptTag
-
Encode tag's content for usage in VBScript.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLAttributeTag
-
Encode tag's content for usage as a XML attribute.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLTag
-
Encode tag's content for usage in XML.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXPathTag
-
Encode tag's content for usage in XPath.
- encodeBytes(byte[]) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeBytes(byte[], int) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeBytes(byte[], int, int) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeBytes(byte[], int, int, int) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.AbstractCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], char) - Method in class org.owasp.esapi.codecs.AbstractCodec
-
- encodeCharacter(char[], int) - Method in class org.owasp.esapi.codecs.AbstractCodec
-
- encodeCharacter(char[], Character) - Method in interface org.owasp.esapi.codecs.Codec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], int) - Method in interface org.owasp.esapi.codecs.Codec
-
Default codepoint implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.CSSCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.DB2Codec
-
- encodeCharacter(char[], int) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec
-
Default codepoint implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.JavaScriptCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.LegacyHTMLEntityCodec
-
Deprecated.
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.MySQLCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.OracleCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.PercentCodec
-
Encode a character for URLs
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.UnixCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.VBScriptCodec
-
Returns quote-encoded character
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.WindowsCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.XMLEntityCodec
-
Default implementation that should be overridden in specific codecs.
- encodeFileToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64
-
Reads infile and encodes it to outfile.
- encodeForBase64(byte[], boolean) - Method in interface org.owasp.esapi.Encoder
-
Encode for Base64.
- encodeForBase64(byte[], boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode for Base64.
- encodeForBase64(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string.
- encodeForBase64Charset(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string after converting to bytes using the specified character set.
- encodeForBase64CharsetWrap(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string after converting to bytes using the specified character set and wrapping lines.
- EncodeForBase64Tag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body using Base64.
- EncodeForBase64Tag() - Constructor for class org.owasp.esapi.tags.EncodeForBase64Tag
-
- encodeForBase64Wrap(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string with line wrapping.
- encodeForCSS(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in Cascading Style Sheets (CSS) content.
- encodeForCSS(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in Cascading Style Sheets (CSS) content.
- encodeForCSS(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in CSS.
- EncodeForCSSTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in CSS.
- EncodeForCSSTag() - Constructor for class org.owasp.esapi.tags.EncodeForCSSTag
-
- encodeForDN(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an LDAP distinguished name.
- encodeForDN(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an LDAP distinguished name.
- encodeForHTML(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in HTML using HTML entity encoding
- encodeForHTML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in HTML using HTML entity encoding
- encodeForHTML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in HTML.
- encodeForHTMLAttribute(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in HTML attributes.
- encodeForHTMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in HTML attributes.
- encodeForHTMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in a HTML attribute.
- EncodeForHTMLAttributeTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in a HTML attribute.
- EncodeForHTMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLAttributeTag
-
- EncodeForHTMLTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in HTML.
- EncodeForHTMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLTag
-
- encodeForJavaScript(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for insertion inside a data value or function argument in JavaScript.
- encodeForJavaScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for insertion inside a data value or function argument in JavaScript.
- encodeForJavaScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in JavaScript.
- EncodeForJavaScriptTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in JavaScript.
- EncodeForJavaScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForJavaScriptTag
-
- encodeForLDAP(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in LDAP queries.
- encodeForLDAP(String, boolean) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in LDAP queries.
- encodeForLDAP(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in LDAP queries.
- encodeForLDAP(String, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in LDAP queries.
- encodeForOS(Codec, String) - Method in interface org.owasp.esapi.Encoder
-
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
- encodeForOS(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
- encodeForSQL(Codec, String) - Method in interface org.owasp.esapi.Encoder
-
Encode input for use in a SQL query, according to the selected codec
(appropriate codecs include the MySQLCodec and OracleCodec).
- encodeForSQL(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode input for use in a SQL query, according to the selected codec
(appropriate codecs include the MySQLCodec and OracleCodec).
- encodeForURL(String) - Method in interface org.owasp.esapi.Encoder
-
Encode for use in a URL.
- encodeForURL(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode for use in a URL.
- encodeForURL(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in a URL.
- EncodeForURLTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in a URL.
- EncodeForURLTag() - Constructor for class org.owasp.esapi.tags.EncodeForURLTag
-
- encodeForVBScript(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for insertion inside a data value in a Visual Basic script.
- encodeForVBScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for insertion inside a data value in a Visual Basic script.
- encodeForVBScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in VBScript.
- EncodeForVBScriptTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in VBScript.
- EncodeForVBScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForVBScriptTag
-
- encodeForXML(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an XML element.
- encodeForXML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an XML element.
- encodeForXML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in XML.
- encodeForXMLAttribute(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an XML attribute.
- encodeForXMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an XML attribute.
- encodeForXMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in a XML attribute.
- EncodeForXMLAttributeTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in a XML attribute.
- EncodeForXMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLAttributeTag
-
- EncodeForXMLTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in XML.
- EncodeForXMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLTag
-
- encodeForXPath(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an XPath query.
- encodeForXPath(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an XPath query.
- encodeForXPath(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in XPath.
- EncodeForXPathTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in XPath.
- EncodeForXPathTag() - Constructor for class org.owasp.esapi.tags.EncodeForXPathTag
-
- encodeFromFile(String) - Static method in class org.owasp.esapi.codecs.Base64
-
Convenience method for reading a binary file
and base64-encoding it.
- Encoder - Interface in org.owasp.esapi
-
The Encoder
interface contains a number of methods for decoding input and encoding output
so that it will be safe for a variety of interpreters.
- encoder() - Static method in class org.owasp.esapi.ESAPI
-
The ESAPI Encoder is primarilly used to provide output encoding to
prevent Cross-Site Scripting (XSS).
- encoder - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
-
- ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
-
- ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- EncoderConstants - Class in org.owasp.esapi
-
Common character classes used for input validation, output encoding, verifying password strength
CSRF token generation, generating salts, etc
- encodeRedirectUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
- encodeRedirectURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Return the URL without any changes, to prevent disclosure of the
Session ID The default implementation of this method can add the
Session ID to the URL if support for cookies is not detected.
- encodeToFile(byte[], String) - Static method in class org.owasp.esapi.codecs.Base64
-
Convenience method for encoding data to a file.
- encodeUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
- encodeURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Return the URL without any changes, to prevent disclosure of the
Session ID The default implementation of this method can add the
Session ID to the URL if support for cookies is not detected.
- EncodingException - Exception in org.owasp.esapi.errors
-
An EncodingException should be thrown for any problems that occur when
encoding or decoding data.
- EncodingException() - Constructor for exception org.owasp.esapi.errors.EncodingException
-
Instantiates a new service exception.
- EncodingException(String, String) - Constructor for exception org.owasp.esapi.errors.EncodingException
-
Creates a new instance of EncodingException.
- EncodingException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncodingException
-
Instantiates a new EncodingException.
- EncodingPatternPreservation - Class in org.owasp.esapi.codecs.ref
-
String mutation utility which can be used to replace all occurrences of a
defined regular expression with a marker string, and also restore the
original string content.
- EncodingPatternPreservation(Pattern) - Constructor for class org.owasp.esapi.codecs.ref.EncodingPatternPreservation
-
Constructor.
- encrypt(PlainText) - Method in interface org.owasp.esapi.Encryptor
-
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey
as defined in the ESAPI.properties
file.
- encrypt(SecretKey, PlainText) - Method in interface org.owasp.esapi.Encryptor
-
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property Encryptor.CipherTransformation
as defined in the ESAPI.properties
file and the
specified secret key.
- encrypt(PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey
as defined in the ESAPI.properties
file.
- encrypt(SecretKey, PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property Encryptor.CipherTransformation
as defined in the ESAPI.properties
file and the
specified secret key.
- EncryptedProperties - Interface in org.owasp.esapi
-
The EncryptedProperties
interface represents a properties file
where all the data is encrypted before it is added, and decrypted when it
retrieved.
- EncryptedPropertiesUtils - Class in org.owasp.esapi.reference.crypto
-
Command line utilities for reading, writing and creating encrypted properties files.
- EncryptedPropertiesUtils() - Constructor for class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
-
- encryptHiddenField(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Encrypts a hidden field value for use in HTML.
- encryptHiddenField(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Encrypts a hidden field value for use in HTML.
- ENCRYPTION_ALGORITHM - Static variable in class org.owasp.esapi.PropNames
-
- ENCRYPTION_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
-
- ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- EncryptionException - Exception in org.owasp.esapi.errors
-
An EncryptionException should be thrown for any problems related to
encryption, hashing, or digital signatures.
- EncryptionException() - Constructor for exception org.owasp.esapi.errors.EncryptionException
-
Instantiates a new EncryptionException.
- EncryptionException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionException
-
Creates a new instance of EncryptionException.
- EncryptionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionException
-
Instantiates a new EncryptionException.
- EncryptionRuntimeException - Exception in org.owasp.esapi.errors
-
An EncryptionRuntimeException should be thrown for any problems related to
encryption, hashing, or digital signatures.
- EncryptionRuntimeException() - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
-
Instantiates a new EncryptionException.
- EncryptionRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
-
Creates a new instance of EncryptionException.
- EncryptionRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
-
Instantiates a new EncryptionException.
- Encryptor - Interface in org.owasp.esapi
-
The Encryptor interface provides a set of methods for performing common
encryption, random number, and hashing operations.
- encryptor() - Static method in class org.owasp.esapi.ESAPI
-
- encryptQueryString(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
- encryptQueryString(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
- encryptStateInCookie(Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls encryptStateInCookie with the *current* response.
- encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities
-
Stores a Map of data in an encrypted cookie.
- encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Stores a Map of data in an encrypted cookie.
- encryptStateInCookie(Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls encryptStateInCookie with the *current* response.
- EnforceHTTPSRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <enforce-https> rules.
- EnforceHTTPSRule(String, Pattern, List<Object>, String) - Constructor for class org.owasp.esapi.waf.rules.EnforceHTTPSRule
-
- EnterpriseSecurityException - Exception in org.owasp.esapi.errors
-
EnterpriseSecurityException is the base class for all security related exceptions.
- EnterpriseSecurityException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Instantiates a new enterprise security exception.
- EnterpriseSecurityException(String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Instantiates a new enterprise security exception with a user message.
- EnterpriseSecurityException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Instantiates a new enterprise security exception with a user message
and cause.
- EnterpriseSecurityException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Creates a new instance of EnterpriseSecurityException.
- EnterpriseSecurityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
- EnterpriseSecurityRuntimeException - Exception in org.owasp.esapi.errors
-
EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions.
- EnterpriseSecurityRuntimeException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Instantiates a new enterprise security runtime exception.
- EnterpriseSecurityRuntimeException(String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Instantiates a new enterprise security runtime exception with a user
message.
- EnterpriseSecurityRuntimeException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Instantiates a new enterprise security runtime exception with a
user message and cause.
- EnterpriseSecurityRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Creates a new instance of EnterpriseSecurityException.
- EnterpriseSecurityRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
- entrySet() - Method in class org.owasp.esapi.codecs.HashTrie
- entrySet() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- entrySet() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
-
- entrySet() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to throw an UnsupportedOperationException
- equals(Object) - Method in class org.owasp.esapi.codecs.HashTrie
- equals(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- equals(Object) - Method in class org.owasp.esapi.crypto.CipherSpec
- equals(Object) - Method in class org.owasp.esapi.crypto.CipherText
- equals(Object) - Method in class org.owasp.esapi.crypto.PlainText
- equals(Object, Object) - Static method in class org.owasp.esapi.util.NullSafe
-
- ERROR - Static variable in interface org.owasp.esapi.Logger
-
ERROR indicates that ERROR messages and above should be logged.
- error(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log an error level security event if 'error' level logging is enabled.
- error(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log an error level security event if 'error' level logging is enabled
and also record the stack trace associated with the event.
- error(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- error(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- error(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- error(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- ERROR_LEVEL - Static variable in class org.owasp.esapi.logging.java.ESAPICustomJavaLevel
-
Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
by java.util.Logger already.
- ERROR_LEVEL - Static variable in class org.owasp.esapi.logging.java.ESAPIErrorJavaLevel
-
Deprecated.
- errors() - Method in class org.owasp.esapi.ValidationErrorList
-
Returns list of ValidationException, or empty list of no errors exist.
- ESAPI - Class in org.owasp.esapi
-
ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
- ESAPI_STATE - Static variable in interface org.owasp.esapi.HTTPUtilities
-
- EsapiConfiguration - Enum in org.owasp.esapi.configuration.consts
-
Enum used for initialization of esapi configuration files.
- EsapiConfigurationType - Enum in org.owasp.esapi.configuration.consts
-
Supported esapi configuration file types.
- ESAPICustomJavaLevel - Class in org.owasp.esapi.logging.java
-
Definitions of customized Java Logging Level options to map ESAPI behavior to the desired Java Log output behaviors.
- ESAPIErrorJavaLevel - Class in org.owasp.esapi.logging.java
-
- ESAPIFilter - Class in org.owasp.esapi.filters
-
- ESAPIFilter() - Constructor for class org.owasp.esapi.filters.ESAPIFilter
-
- EsapiPropertyLoader - Interface in org.owasp.esapi.configuration
-
Generic interface for loading security configuration properties.
- EsapiPropertyLoaderFactory - Class in org.owasp.esapi.configuration
-
Factory class that takes care of initialization of proper instance of EsapiPropertyLoader
based on EsapiPropertiesStore
- EsapiPropertyLoaderFactory() - Constructor for class org.owasp.esapi.configuration.EsapiPropertyLoaderFactory
-
- EsapiPropertyManager - Class in org.owasp.esapi.configuration
-
Manager used for loading security configuration properties.
- EsapiPropertyManager() - Constructor for class org.owasp.esapi.configuration.EsapiPropertyManager
-
- ESAPIWebApplicationFirewallFilter - Class in org.owasp.esapi.waf
-
This is the main class for the ESAPI Web Application Firewall (WAF).
- ESAPIWebApplicationFirewallFilter() - Constructor for class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
-
- EVENT_FAILURE - Static variable in interface org.owasp.esapi.Logger
-
A non-security type of log event that has failed.
- EVENT_SUCCESS - Static variable in interface org.owasp.esapi.Logger
-
A non-security type of log event that has succeeded.
- EVENT_UNSPECIFIED - Static variable in interface org.owasp.esapi.Logger
-
A non-security type of log event that is unspecified.
- EventType(String, Boolean) - Constructor for class org.owasp.esapi.Logger.EventType
-
- EventTypeLogSupplier - Class in org.owasp.esapi.logging.appender
-
Supplier implementation which returns a consistent String representation of
an EventType for logging
- EventTypeLogSupplier(Logger.EventType) - Constructor for class org.owasp.esapi.logging.appender.EventTypeLogSupplier
-
Ctr
- ExecuteResult - Class in org.owasp.esapi
-
The ExecuteResult class encapsulates the pieces of data that can be returned
from a process executed by the Executor interface.
- ExecuteResult(int, String, String) - Constructor for class org.owasp.esapi.ExecuteResult
-
Constructs an ExecuteResult from the given values.
- executeSystemCommand(File, List) - Method in interface org.owasp.esapi.Executor
-
Invokes the specified executable with default workdir and codec and not logging parameters.
- executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in interface org.owasp.esapi.Executor
-
Executes a system command after checking that the executable exists and
escaping all the parameters to ensure that injection is impossible.
- executeSystemCommand(File, List) - Method in class org.owasp.esapi.reference.DefaultExecutor
-
Invokes the specified executable with default workdir and codec and not logging parameters.
- executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultExecutor
-
Executes a system command after checking that the executable exists and
escaping all the parameters to ensure that injection is impossible.
- executor() - Static method in class org.owasp.esapi.ESAPI
-
- Executor - Interface in org.owasp.esapi
-
The Executor interface is used to run an OS command with reduced security risk.
- EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
-
- EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- ExecutorException - Exception in org.owasp.esapi.errors
-
An ExecutorException should be thrown for any problems that arise during the
execution of a system executable.
- ExecutorException() - Constructor for exception org.owasp.esapi.errors.ExecutorException
-
Instantiates a new ExecutorException.
- ExecutorException(String, String) - Constructor for exception org.owasp.esapi.errors.ExecutorException
-
Creates a new instance of ExecutorException.
- ExecutorException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ExecutorException
-
Instantiates a new ExecutorException.
- exists(String) - Method in interface org.owasp.esapi.Authenticator
-
Determine if the account exists.
- exists(String) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Determine if the account exists.
- ExperimentalAccessController - Class in org.owasp.esapi.reference.accesscontrol
-
- ExperimentalAccessController(Map) - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
- ExperimentalAccessController() - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
- GeneralAttackSignatureRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <general-attack-signature> rules, which
are not currently implemented.
- GeneralAttackSignatureRule(String, Pattern) - Constructor for class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule
-
- generateSecretKey(String, int) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Generate a random secret key appropriate to the specified cipher algorithm
and key size.
- generateStrongPassword() - Method in interface org.owasp.esapi.Authenticator
-
Generate a strong password.
- generateStrongPassword(User, String) - Method in interface org.owasp.esapi.Authenticator
-
Generate strong password that takes into account the user's information and old password.
- generateStrongPassword() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Generate a strong password.
- generateStrongPassword(User, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Generate strong password that takes into account the user's information and old password.
- get(Object) - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the value for a key.
- get(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- get() - Method in class org.owasp.esapi.logging.appender.ClientInfoSupplier
-
- get() - Method in class org.owasp.esapi.logging.appender.EventTypeLogSupplier
-
- get() - Method in class org.owasp.esapi.logging.appender.ServerInfoSupplier
-
- get() - Method in class org.owasp.esapi.logging.appender.UserInfoSupplier
-
- get(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
- get(String) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
-
Follows the contract for java.util.Map;
- getAccessControlImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Access Control implementation.
- getAccessControlImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getAccessControlRules() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
-
- getAccountId() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets this user's account id number.
- getAccountId() - Method in interface org.owasp.esapi.User
-
Gets this user's account id number.
- getAccountName() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets this user's account name.
- getAccountName() - Method in interface org.owasp.esapi.User
-
Gets this user's account name.
- getAdditionalAllowedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getAdditionalAllowedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getAfterBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- getAlgName() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
-
- getAllowableContentRoot() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
- getAllowedExecutables() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the allowed executables to run with the Executor.
- getAllowedExecutables() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the allowed executables to run with the Executor.
- getAllowedFileExtensions() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the allowed file extensions for files that are uploaded to this application.
- getAllowedFileExtensions() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the allowed file extensions for files that are uploaded to this application.
- getAllowedFileUploadSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the maximum allowed file upload size.
- getAllowedFileUploadSize() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getAllowedLoginAttempts() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the number of login attempts allowed before the user's account is locked.
- getAllowedLoginAttempts() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getAllowMixedEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Return true if mixed encoding is allowed
- getAllowMixedEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getAllowMultipleEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Return true if multiple encoding is allowed
- getAllowMultipleEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the application name, used for logging
- getApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getAttribute(String) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Retrieve the attribute with the specified name.
- getAttribute(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getAttributeNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getAttributes() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Retrieve a Map
that is a clone of all the attributes.
- getAuthenticationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Authentication implementation.
- getAuthenticationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getAuthType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getBase64EncodedRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText
-
Return a base64-encoded representation of the raw ciphertext alone.
- getBeforeBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- getBeforeResponseRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- getBigDecimal(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getBigInteger(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getBits() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
-
- getBlockSize() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the block size, in bytes.
- getBlockSize() - Method in class org.owasp.esapi.crypto.CipherText
-
Retrieve the block size (in bytes!) of the cipher used for encryption.
- getBoolean(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getBooleanProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
-
Get any Boolean type property from security configuration.
- getBooleanProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
-
Get any Boolean type property from security configuration.
- getBooleanProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
-
Get any Boolean type property from security configuration.
- getBooleanProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
-
Get any Boolean type property from security configuration.
- getBooleanProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Get any Boolean type property from security configuration.
- getBufferSize() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getByte(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getByteArrayProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
-
Get any byte array type property from security configuration.
- getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
-
Get any byte array type property from security configuration.
- getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
-
Get any byte array type property from security configuration.
- getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
-
Get any byte array type property from security configuration.
- getByteArrayProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Get any byte array type property from security configuration.
- getCanonicalizedURI(URI) - Method in interface org.owasp.esapi.Encoder
-
Get a version of the input URI that will be safe to run regex and other validations against.
- getCanonicalizedURI(URI) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Get a version of the input URI that will be safe to run regex and other validations against.
- getChar(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getCharacterEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the character encoding scheme supported by this application.
- getCharacterEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the cipher algorithm.
- getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherText
-
Obtain the name of the cipher algorithm used for encrypting the
plaintext.
- getCipherMode() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the cipher mode.
- getCipherMode() - Method in class org.owasp.esapi.crypto.CipherText
-
Get the name of the cipher mode used to encrypt some plaintext.
- getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Get the cipher transformation.
- getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherText
-
Obtain the String representing the cipher transformation used to encrypt
the plaintext.
- getCipherTransformation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieve the cipher transformation.
- getCipherTransformation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getClass(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
-
Convert a single fully qualified class name into a Class object
- getCombinedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Return a List
of strings of combined cipher modes that support
both confidentiality and authenticity.
- getCombinedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Return a List
of strings of combined cipher modes that support
both confidentiality and authenticity.
- getConfigName() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
-
- getConfiguration() - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
-
- getContentLength() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getContentType() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- getContext() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Return the optional 'context' that typically contains information
related to the keying material, such as the identities of the message
sender and recipient.
- getContext() - Method in exception org.owasp.esapi.errors.ValidationException
-
Returns the UI reference that caused this ValidationException
- getContextPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the context path from the HttpServletRequest after canonicalizing
and filtering out any dangerous characters.
- getCookie(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getCookie with the *current* response.
- getCookie(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
value of the named cookie after "global" validation against the
general type defined in ESAPI.properties.
- getCookie(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
value of the named cookie after "global" validation against the
general type defined in ESAPI.properties.
- getCookie(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getCookie with the *current* response.
- getCookieRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- getCookies() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the array of Cookies from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getCSRFToken() - Method in interface org.owasp.esapi.HTTPUtilities
-
Returns the current user's CSRF token.
- getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Returns the current user's CSRF token.
- getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the CSRF token for this user's current sessions.
- getCSRFToken() - Method in interface org.owasp.esapi.User
-
Gets the CSRF token for this user's current sessions.
- getCurrentRequest() - Method in interface org.owasp.esapi.HTTPUtilities
-
Retrieves the current HttpServletRequest
- getCurrentRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Retrieves the current HttpServletRequest
- getCurrentResponse() - Method in interface org.owasp.esapi.HTTPUtilities
-
Retrieves the current HttpServletResponse
- getCurrentResponse() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Retrieves the current HttpServletResponse
- getCurrentUser() - Method in interface org.owasp.esapi.Authenticator
-
Returns the currently logged in User.
- getCurrentUser() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Returns the currently logged in User.
- getDate(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getDateHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getDefaultCanonicalizationCodecs() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the List of Codecs to use when canonicalizing data
- getDefaultCanonicalizationCodecs() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the List of Codecs to use when canonicalizing data
- getDefaultErrorPage() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- getDefaultResponseCode() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- getDictionaryParameter(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
-
- getDictionaryParameterNames() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
-
- getDigitalSignatureAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
- getDigitalSignatureAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getDigitalSignatureKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the digital signature key length used by ESAPI to generate and verify signatures.
- getDigitalSignatureKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getDirectReference(K) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Get the original direct object reference from an indirect reference.
- getDirectReference(K) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Get the original direct object reference from an indirect reference.
- getDisableIntrusionDetection() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Allows for complete disabling of all intrusion detection mechanisms
- getDisableIntrusionDetection() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getDouble(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getEncodedIVCipherText() - Method in class org.owasp.esapi.crypto.CipherText
-
Return the ciphertext as a base64-encoded String
.
- getEncoder() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
- getEncoderImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Encoder implementation.
- getEncoderImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getEncoding() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Get the encoding used to convert the content to bytes for
encoding.
- getEncryptionAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the encryption algorithm used by ESAPI to protect data.
- getEncryptionAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getEncryptionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Encryption implementation.
- getEncryptionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getEncryptionKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getEncryptionKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getEncryptionTimestamp() - Method in class org.owasp.esapi.crypto.CipherText
-
Get stored time stamp representing when data was encrypted.
- getError(String) - Method in class org.owasp.esapi.ValidationErrorList
-
Retrieves ValidationException for given context if one exists.
- getErrors() - Method in class org.owasp.esapi.ExecuteResult
-
- getESAPILevel() - Method in interface org.owasp.esapi.Logger
-
Retrieve the current ESAPI logging level for this logger.
- getESAPILevel() - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- getESAPILevel() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- getESAPIProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getESAPIProperty(String, String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getESAPIProperty(String, boolean) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getESAPIProperty(String, int) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getESAPIProperty(String, List<String>) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns a List
representing the parsed, comma-separated property.
- getESAPIPropertyEncoded(String, byte[]) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getEventMap() - Method in class org.owasp.esapi.reference.DefaultUser
-
- getEventMap() - Method in interface org.owasp.esapi.User
-
Returns the hashmap used to store security events for this user.
- getExecutorImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI OS Execution implementation.
- getExecutorImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getExitValue() - Method in class org.owasp.esapi.ExecuteResult
-
- getExpiration() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the expiration time in milliseconds since epoch time (midnight,
January 1, 1970 UTC).
- getExpirationDate() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the expiration time as a Date
.
- getExpirationTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the date that this user's account will expire.
- getExpirationTime() - Method in interface org.owasp.esapi.User
-
Returns the date that this user's account will expire.
- getFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the number of failed login attempts since the last successful login for an account.
- getFailedLoginCount() - Method in interface org.owasp.esapi.User
-
Returns the number of failed login attempts since the last successful login for an account.
- getFileUploads() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest, File) - Method in interface org.owasp.esapi.HTTPUtilities
-
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest, File, List) - Method in interface org.owasp.esapi.HTTPUtilities
-
Extract uploaded files from a multipart HTTP requests.
- getFileUploads() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest, File) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest, File, List) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Extract uploaded files from a multipart HTTP requests.
- getFloat(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getForceHttpOnlyCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns true if new cookies are required to have HttpOnly flag set.
- getForceHttpOnlyCookies() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getForceHttpOnlySession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns true if session cookies are required to have HttpOnly flag set.
- getForceHttpOnlySession() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getForceSecureCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns true if new cookies are required to have Secure flag set.
- getForceSecureCookies() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getForceSecureSession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns true if session cookies are required to have Secure flag set.
- getForceSecureSession() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getHashAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the hashing algorithm used by ESAPI to hash data.
- getHashAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getHashIterations() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the hash iterations used by ESAPI to hash data.
- getHashIterations() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named header from the HttpServletRequest after canonicalizing
and filtering out any dangerous characters.
- getHeader(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getHeader with the *current* request.
- getHeader(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
value of the named header after "global" validation against the
general type defined in ESAPI.properties.
- getHeader(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
value of the named header after "global" validation against the
general type defined in ESAPI.properties.
- getHeader(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getHeader with the *current* request.
- getHeaderNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the enumeration of header names from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getHeaders(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the enumeration of headers from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getHexForNonAlphanumeric(char) - Method in class org.owasp.esapi.codecs.AbstractCodec
-
Lookup the hex value of any character that is not alphanumeric.
- getHexForNonAlphanumeric(int) - Method in class org.owasp.esapi.codecs.AbstractCodec
-
Lookup the hex value of any character that is not alphanumeric.
- getHexForNonAlphanumeric(char) - Method in interface org.owasp.esapi.codecs.Codec
-
Lookup the hex value of any character that is not alphanumeric.
- getHexForNonAlphanumeric(int) - Method in interface org.owasp.esapi.codecs.Codec
-
Lookup the hex value of any character that is not alphanumeric.
- getHttpSessionIdName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
This method returns the configured name of the session identifier,
likely "JSESSIONID" though this can be overridden.
- getHttpSessionIdName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getHTTPUtilitiesImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
- getHTTPUtilitiesImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getIndirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Get a safe indirect reference to use in place of a potentially sensitive
direct object reference.
- getIndirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Get a safe indirect reference to use in place of a potentially sensitive
direct object reference.
- getInputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getInputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
-
- getInstance() - Static method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultAccessController
-
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultEncoder
-
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultExecutor
-
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultRandomizer
-
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultValidator
-
- getInstance() - Static method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
- getInt(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getInterceptingServletOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- getIntHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getIntProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
-
Get any int type property from security configuration.
- getIntProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
-
Get any int type property from security configuration.
- getIntProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
-
Get any int type property from security configuration.
- getIntProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
-
Get any int type property from security configuration.
- getIntProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Get any int type property from security configuration.
- getIntrusionDetectionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
- getIntrusionDetectionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getIV() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the initialization vector (IV).
- getIV() - Method in class org.owasp.esapi.crypto.CipherText
-
Return the initialization vector (IV) used to encrypt the plaintext
if applicable.
- getIVType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Deprecated.
- getIVType() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getKDF_PRF() - Method in class org.owasp.esapi.crypto.CipherText
-
- getKDFInfo() - Method in class org.owasp.esapi.crypto.CipherText
-
Based on the KDF version and the selected MAC algorithm for the KDF PRF,
calculate the 32-bit quantity representing these.
- getKDFPseudoRandomFunction() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieve the Pseudo Random Function (PRF) used by the ESAPI
Key Derivation Function (KDF).
- getKDFPseudoRandomFunction() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getKDFVersion() - Method in class org.owasp.esapi.crypto.CipherText
-
- getKeySize() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the key size, in bits.
- getKeySize() - Method in class org.owasp.esapi.crypto.CipherText
-
Retrieve the key size used with the cipher algorithm that was used to
encrypt data to produce this ciphertext.
- getLastFailedLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the date of the last failed login time for a user.
- getLastFailedLoginTime() - Method in interface org.owasp.esapi.User
-
Returns the date of the last failed login time for a user.
- getLastHostAddress() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the last host address used by the user.
- getLastHostAddress() - Method in interface org.owasp.esapi.User
-
Returns the last host address used by the user.
- getLastLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the date of the last successful login time for a user.
- getLastLoginTime() - Method in interface org.owasp.esapi.User
-
Returns the date of the last successful login time for a user.
- getLastPasswordChangeTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the date of user's last password change.
- getLastPasswordChangeTime() - Method in interface org.owasp.esapi.User
-
Gets the date of user's last password change.
- getLenientDatesAccepted() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Determines whether ESAPI will accept "lenient" dates when attempt
to parse dates.
- getLenientDatesAccepted() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getLevenshteinDistance(String, String) - Static method in class org.owasp.esapi.StringUtilities
-
Calculate the Edit Distance between 2 Strings as a measure of similarity.
- getLocalAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getLocale() - Method in class org.owasp.esapi.reference.DefaultUser
-
- getLocale() - Method in interface org.owasp.esapi.User
-
- getLocales() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocalName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocalPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLogApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns whether ESAPI should log the application name.
- getLogApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getLogEncodingRequired() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns whether HTML entity encoding should be applied to log entries.
- getLogEncodingRequired() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getLogger(Class) - Static method in class org.owasp.esapi.ESAPI
-
- getLogger(String) - Static method in class org.owasp.esapi.ESAPI
-
- getLogger(String) - Method in interface org.owasp.esapi.LogFactory
-
Gets the logger associated with the specified module name.
- getLogger(Class) - Method in interface org.owasp.esapi.LogFactory
-
Gets the logger associated with the specified class.
- getLogger(String) - Method in class org.owasp.esapi.logging.java.JavaLogFactory
-
- getLogger(Class) - Method in class org.owasp.esapi.logging.java.JavaLogFactory
-
- getLogger(String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogFactory
-
- getLogger(Class) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogFactory
-
- getLogImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Logging implementation.
- getLogImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Returns a message that is safe to display in logs, but may contain
sensitive information and therefore probably should not be displayed to
users.
- getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Returns a message that is safe to display in logs, but may contain
sensitive information and therefore probably should not be displayed to
users.
- getLogMessage() - Method in exception org.owasp.esapi.errors.IntrusionException
-
Returns a String that is safe to display in logs, but probably not to users
- getLogServerIP() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns whether ESAPI should log the server IP.
- getLogServerIP() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getLong(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the key value entry who's key is the longest prefix match.
- getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the key value entry who's key is the longest prefix match.
- getLongestMatch(CharSequence) - Method in interface org.owasp.esapi.codecs.Trie
-
- getLongestMatch(PushbackReader) - Method in interface org.owasp.esapi.codecs.Trie
-
- getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- getMasterKey() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the master key.
- getMasterKey() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getMasterSalt() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the master salt that is used to salt stored password hashes and any other location
where a salt is needed.
- getMasterSalt() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getMaxCardLength() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
- getMaxHttpHeaderSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the maximum allowable HTTP header size.
- getMaxHttpHeaderSize() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getMaxKeyLength() - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the maximum key length.
- getMaxKeyLength() - Method in interface org.owasp.esapi.codecs.Trie
-
- getMaxKeyLength() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- getMaxOldPasswordHashes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the maximum number of old password hashes that should be retained.
- getMaxOldPasswordHashes() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getMessage(String, Object[]) - Method in class org.owasp.esapi.util.DefaultMessageUtil
-
- getMethod() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getName() - Method in class org.owasp.esapi.reference.DefaultUser
- getName() - Method in class org.owasp.esapi.waf.internal.Parameter
-
- getObject(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getOutput() - Method in class org.owasp.esapi.ExecuteResult
-
- getOutputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the cipher padding scheme.
- getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherText
-
Get the name of the padding scheme used to encrypt some plaintext.
- getParameter(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getParameter(String, boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getParameter(String, boolean, int) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getParameter(String, boolean, int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getParameter(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getParameter with the *current* request.
- getParameter(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
value of the named parameter after "global" validation against the
general type defined in ESAPI.properties.
- getParameter(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
value of the named parameter after "global" validation against the
general type defined in ESAPI.properties.
- getParameter(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getParameter with the *current* request.
- getParameterMap() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the parameter map from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getParameterNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the enumeration of parameter names from the HttpServletRequest
after canonicalizing and filtering out any dangerous characters.
- getParameters(String[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
-
Convert an array of fully qualified class names into an array of Class objects
- getParameters(XMLConfiguration, int) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoader
-
- getParameters(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader
-
- getParameterValue(XMLConfiguration, int, int, String) - Static method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
-
- getParameterValues(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the array of matching parameter values from the
HttpServletRequest after canonicalizing and filtering out any dangerous
characters.
- getPasswordParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the name of the password parameter used during user authentication.
- getPasswordParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getPathInfo() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the path info from the HttpServletRequest after canonicalizing
and filtering out any dangerous characters.
- getPathTranslated() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getPolicyParameter(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
-
- getPolicyParameters() - Method in interface org.owasp.esapi.AccessControlRule
-
- getPolicyParameters() - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR
-
- getPreferredJCEProvider() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieve the preferred JCE provider for ESAPI and your application.
- getPreferredJCEProvider() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getPRFAlgName() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Return the name of the algorithm for the Pseudo Random Function (PRF)
that is being used.
- getPriority() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
-
- getProperty(String) - Method in interface org.owasp.esapi.EncryptedProperties
-
Gets the property value from the encrypted store, decrypts it, and
returns the plaintext value to the caller.
- getProperty(String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Gets the property value from the encrypted store, decrypts it, and
returns the plaintext value to the caller.
- getProperty(String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
Gets the property value from the encrypted store, decrypts it, and
returns the plaintext value to the caller.
- getProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
- getProtocol() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getQueryString() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the query string from the HttpServletRequest after canonicalizing
and filtering out any dangerous characters.
- getQuota(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the intrusion detection quota for the specified event.
- getQuota(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the intrusion detection quota for the specified event.
- getRandomAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the random number generation algorithm used to generate random numbers where needed.
- getRandomAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getRandomBoolean() - Method in interface org.owasp.esapi.Randomizer
-
Returns a random boolean.
- getRandomBoolean() - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Returns a random boolean.
- getRandomBytes(int) - Method in interface org.owasp.esapi.Randomizer
-
Generates a specified number of random bytes.
- getRandomBytes(int) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Generates a specified number of random bytes.
- getRandomFilename(String) - Method in interface org.owasp.esapi.Randomizer
-
Returns an unguessable random filename with the specified extension.
- getRandomFilename(String) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Returns an unguessable random filename with the specified extension.
- getRandomGUID() - Method in interface org.owasp.esapi.Randomizer
-
Generates a random GUID.
- getRandomGUID() - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Generates a random GUID.
- getRandomInteger(int, int) - Method in interface org.owasp.esapi.Randomizer
-
Gets the random integer in the range of [min, max).
- getRandomInteger(int, int) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets the random integer in the range of [min, max).
- getRandomizerImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Randomizer implementation.
- getRandomizerImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getRandomLong() - Method in interface org.owasp.esapi.Randomizer
-
Gets the random long.
- getRandomLong() - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets the random long.
- getRandomReal(float, float) - Method in interface org.owasp.esapi.Randomizer
-
Gets the random real in the range of [min, max].
- getRandomReal(float, float) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets the random real in the range of [min, max].
- getRandomString(int, char[]) - Method in interface org.owasp.esapi.Randomizer
-
Gets a random string of a desired length and character set.
- getRandomString(int, char[]) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets a random string of a desired length and character set.
- getRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText
-
Get the raw ciphertext byte array resulting from encrypting some
plaintext.
- getRawCipherTextByteLength() - Method in class org.owasp.esapi.crypto.CipherText
-
Get number of bytes in raw ciphertext.
- getReader() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getReader() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
-
- getRealPath(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
- getRedirectURL() - Method in class org.owasp.esapi.waf.actions.RedirectAction
-
- getRelativeTimeStamp(long) - Method in interface org.owasp.esapi.Encryptor
-
Gets an absolute timestamp representing an offset from the current time to be used by
other functions in the library.
- getRelativeTimeStamp(long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Gets an absolute timestamp representing an offset from the current time to be used by
other functions in the library.
- getRememberTokenDuration() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the length of the time to live window for remember me tokens (in milliseconds).
- getRememberTokenDuration() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the length of the time to live window for remember me tokens (in milliseconds).
- getRemoteAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getRemoteHost() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getRemotePort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getRemoteUser() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the name of the ESAPI user associated with this getHttpServletRequest().
- getRequestAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the HttpServletRequest
associated
with the caller thread.
- getRequestAttribute(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the HttpServletRequest
associated
with the passed in request.
- getRequestAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the HttpServletRequest
associated
with the caller thread.
- getRequestAttribute(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the HttpServletRequest
associated
with the passed in request.
- getRequestDispatcher(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Checks to make sure the path to forward to is within the WEB-INF
directory and then returns the dispatcher.
- getRequestedSessionId() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the URI from the HttpServletRequest after canonicalizing and
filtering out any dangerous characters.
- getRequestURI() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the URI from the HttpServletRequest after canonicalizing and
filtering out any dangerous characters.
- getRequestURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the URL from the HttpServletRequest after canonicalizing and
filtering out any dangerous characters.
- getResourceFile(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets a file from the resource directory
- getResourceFile(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets a file from the resource directory
- getResourceStream(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- getResourceStream(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets an InputStream to a file in the resource directory
- getResponseBytes() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
-
- getResponseContentType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the content type for responses used when setSafeContentType() is called.
- getResponseContentType() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getRfcCompliantURI(String) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Will return a URI
object that will represent a fully parsed and legal URI
as specified in RFC-3986.
- getRfcCompliantURI(String) - Method in interface org.owasp.esapi.Validator
-
Will return a URI
object that will represent a fully parsed and legal URI
as specified in RFC-3986.
- getRoles() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the roles assigned to a particular account.
- getRoles() - Method in interface org.owasp.esapi.User
-
Gets the roles assigned to a particular account.
- getRule(String) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Get a validation rule from the registry with the "type name" of the rule as the key.
- getRule(String) - Method in interface org.owasp.esapi.Validator
-
Get a validation rule from the registry with the "type name" of the rule as the key.
- getSafe(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Try to call getvalid
, then call a 'sanitize' method for sanitization (if one exists),
finally return a default value.
- getSafe(String, String) - Method in interface org.owasp.esapi.ValidationRule
-
Try to call getvalid
, then call a 'sanitize' method for sanitization (if one exists),
finally return a default value.
- getScheme() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the scheme from the HttpServletRequest after canonicalizing and
filtering out any dangerous characters.
- getScreenName() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the screen name (alias) for the current user.
- getScreenName() - Method in interface org.owasp.esapi.User
-
Gets the screen name (alias) for the current user.
- getSeparateMAC() - Method in class org.owasp.esapi.crypto.CipherText
-
Return the separately calculated Message Authentication Code (MAC) that
is computed via the computeAndStoreMAC(SecretKey authKey)
method.
- getServerName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the server name (host header) from the HttpServletRequest after
canonicalizing and filtering out any dangerous characters.
- getServerPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the server port (after the : in the host header) from the
HttpServletRequest after parsing and checking the range 0-65536.
- getServletPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the server path from the HttpServletRequest after canonicalizing
and filtering out any dangerous characters.
- getSession() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns a session, creating it if necessary, and sets the HttpOnly flag
on the Session ID cookie.
- getSession(boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the current session associated with this request or, if there is no current session and
create
is true
, returns a new session and sets the HttpOnly flag on the session ID cookie.
- getSessionAbsoluteTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the absolute timeout length for sessions (in milliseconds).
- getSessionAbsoluteTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getSessionAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the session associated with the calling thread.
- getSessionAttribute(HttpSession, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the passed in session.
- getSessionAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the session associated with the calling thread.
- getSessionAttribute(HttpSession, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the passed in session.
- getSessionCookieName() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- getSessionIdleTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the idle timeout length for sessions (in milliseconds).
- getSessionIdleTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getSessions() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns a Set containing the sessions associated with this User.
- getSessions() - Method in interface org.owasp.esapi.User
-
Returns a Set containing the sessions associated with this User.
- getString(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getString(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getStringArray(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getStringProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
-
Get any property from security configuration.
- getStringProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
-
Get any property from security configuration.
- getStringProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
-
Get any property from security configuration.
- getStringProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
-
Get any property from security configuration.
- getStringProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Get any property from security configuration.
- getStringValidatorRule() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
- getTime(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getTimeStamp() - Method in interface org.owasp.esapi.Encryptor
-
Gets a timestamp representing the current date and time to be used by
other functions in the library.
- getTimeStamp() - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Gets a timestamp representing the current date and time to be used by
other functions in the library.
- getToken(SecretKey) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the new encrypted token as a base64-encoded string, encrypted with
the specified SecretKey
which may be a different key than what the
token was originally encrypted with.
- getToken() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the new encrypted token as a base64-encoded string, encrypted with
the specified SecretKey
with which this object was constructed.
- getTypeName() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfigurationType
-
- getTypeName() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Programmatically supplied name for the validator
- getTypeName() - Method in interface org.owasp.esapi.ValidationRule
-
Programmatically supplied name for the validator
- getUniqueReference() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Returns a Unique Reference Key to be associated with a new directReference being
inserted into the AccessReferenceMap.
- getUniqueReference() - Method in class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
Returns a Unique Reference Key to be associated with a new directReference being
inserted into the AccessReferenceMap.
- getUniqueReference() - Method in class org.owasp.esapi.reference.RandomAccessReferenceMap
-
Returns a Unique Reference Key to be associated with a new directReference being
inserted into the AccessReferenceMap.
- getUploadDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieves the upload directory as specified in the ESAPI.properties file.
- getUploadDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Retrieves the upload directory as specified in the ESAPI.properties file.
- getUploadTempDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
- getUploadTempDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
- getUser(long) - Method in interface org.owasp.esapi.Authenticator
-
Returns the User matching the provided accountId.
- getUser(String) - Method in interface org.owasp.esapi.Authenticator
-
Returns the User matching the provided accountName.
- getUser(long) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Returns the User matching the provided accountId.
- getUser(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Returns the User matching the provided accountName.
- getUserAccountName() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Retrieve the user account name associated with this CryptoToken
object.
- getUserFromRememberToken() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Returns the user if a matching remember token is found, or null if the token
is missing, token is corrupt, token is expired, account name does not match
and existing account, or hashed password does not match user's hashed password.
- getUserFromSession() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Gets the user from session.
- getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Returns message meant for display to users
Note that if you are unsure of what set this message, it would probably
be a good idea to encode this message before displaying it to the end user.
- getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Returns message meant for display to users
Note that if you are unsure of what set this message, it would probably
be a good idea to encode this message before displaying it to the end user.
- getUserMessage() - Method in exception org.owasp.esapi.errors.IntrusionException
-
Returns a String containing a message that is safe to display to users
- getUsernameParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the name of the username parameter used during user authentication.
- getUsernameParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getUserNames() - Method in interface org.owasp.esapi.Authenticator
-
Gets a collection containing all the existing user names.
- getUserNames() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Gets a collection containing all the existing user names.
- getUserPrincipal() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the ESAPI User associated with this getHttpServletRequest().
- getValid(String, String, ValidationErrorList) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Get a validated value, add the errors to an existing error list
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule
-
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String, ValidationErrorList) - Method in interface org.owasp.esapi.ValidationRule
-
Get a validated value, add the errors to an existing error list
- getValidationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Validation implementation.
- getValidationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
- getValidationPattern(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
getValidationPattern returns a single pattern based upon key
- getValidationPattern(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the validation pattern for a particular type
- getValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated credit card number as a String.
- getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated credit card number as a String,
any validation exceptions are added to the supplied errorList
.
- getValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated credit card number as a String.
- getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated credit card number as a String,
any validation exceptions are added to the supplied errorList
.
- getValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a valid date as a
Date
.
- getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a valid date as a
Date
,
any validation exceptions are added to the supplied
errorList
.
- getValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a valid date as a
Date
.
- getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a valid date as a
Date
,
any validation exceptions are added to the supplied
errorList
.
- getValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
- getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent;
any validation exceptions are added to the supplied errorList
.
- getValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
- getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent;
any validation exceptions are added to the supplied errorList
.
- getValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated real number as a double.
- getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated real number as a double,
any validation exceptions are added to the supplied errorList
.
- getValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a validated real number as a double.
- getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a validated real number as a double,
any validation exceptions are added to the supplied errorList
.
- getValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns validated file content as a byte array.
- getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns validated file content as a byte array,
any validation exceptions are added to the supplied errorList
.
- getValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns validated file content as a byte array.
- getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns validated file content as a byte array,
any validation exceptions are added to the supplied errorList
.
- getValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated file name as a String.
- getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated file name as a String,
any validation exceptions are added to the supplied errorList
.
- getValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated file name as a String.
- getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated file name as a String,
any validation exceptions are added to the supplied errorList
.
- getValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns validated canonicalized input
as a String.
- getValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns validated input
as a String with optional canonicalization.
- getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized validated input
as a String,
and adds validation exceptions to the supplied errorList
.
- getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns validated input
as a String with optional canonicalization,
and adds validation exceptions to the supplied errorList
.
- getValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns validated canonicalized input
as a String.
- getValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns validated input
as a String with optional canonicalization.
- getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized validated input
as a String,
and adds validation exceptions to the supplied errorList
.
- getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns validated input
as a String with optional canonicalization,
and adds validation exceptions to the supplied errorList
.
- getValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated integer,
input
is a valid integer if it is between minValue
and maxValue
inclusive.
- getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated integer,
any validation exceptions are added to the supplied errorList
.
- getValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a validated integer,
input
is a valid integer if it is between minValue
and maxValue
inclusive.
- getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a validated integer,
any validation exceptions are added to the supplied errorList
.
- getValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns the list item that exactly matches the canonicalized input.
- getValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns the list item that exactly matches the canonicalized input,
any validation exceptions are added to the supplied errorList
.
- getValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator
-
Returns the list item that exactly matches the canonicalized input.
- getValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns the list item that exactly matches the canonicalized input,
any validation exceptions are added to the supplied errorList
.
- getValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated number as a double within the range of minValue to maxValue.
- getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated number as a double within the range of minValue to maxValue,
any validation exceptions are added to the supplied errorList
.
- getValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a validated number as a double within the range of minValue to maxValue.
- getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a validated number as a double within the range of minValue to maxValue,
any validation exceptions are added to the supplied errorList
.
- getValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated printable characters as a byte array.
- getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated printable characters as a byte array,
any validation exceptions are added to the supplied errorList
.
- getValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated printable characters as a String.
- getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated printable characters as a String,
any validation exceptions are added to the supplied errorList
.
- getValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated printable characters as a byte array.
- getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated printable characters as a byte array,
any validation exceptions are added to the supplied errorList
.
- getValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated printable characters as a String.
- getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated printable characters as a String,
any validation exceptions are added to the supplied errorList
.
- getValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated redirect location as a String.
- getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated redirect location as a String,
any validation exceptions are added to the supplied errorList
.
- getValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated redirect location as a String.
- getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated redirect location as a String,
any validation exceptions are added to the supplied errorList
.
- getValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
- getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else,
any validation exceptions are added to the supplied errorList
.
- getValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
- getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else,
any validation exceptions are added to the supplied errorList
.
- getValue() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
-
- getValue() - Method in class org.owasp.esapi.waf.internal.Parameter
-
- getVersion() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Return the version used for backward compatibility.
- getWorkingDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
getWorkingDirectory returns the default directory where processes will be executed
by the Executor.
- getWorkingDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the default working directory for executing native processes with Runtime.exec().
- getWrap() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Get whether line wrapping at 64 characters is performed.
- getWrapped() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- getWriter() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- GZIP - Static variable in class org.owasp.esapi.codecs.Base64
-
Specify that data should be gzip-compressed.
- id - Variable in class org.owasp.esapi.waf.rules.Rule
-
- IDLE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.PropNames
-
- IDLE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- incrementFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser
-
Increment failed login count.
- incrementFailedLoginCount() - Method in interface org.owasp.esapi.User
-
Increment failed login count.
- index - Variable in class org.owasp.esapi.codecs.AbstractPushbackSequence
-
- index() - Method in class org.owasp.esapi.codecs.AbstractPushbackSequence
-
Get the current index of the PushbackString.
- index() - Method in interface org.owasp.esapi.codecs.PushbackSequence
-
Get the current index of the PushbackString.
- index() - Method in class org.owasp.esapi.codecs.PushbackString
-
- INFO - Static variable in interface org.owasp.esapi.Logger
-
INFO indicates that INFO messages and above should be logged.
- info(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log an info level security event if 'info' level logging is enabled.
- info(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log an info level security event if 'info' level logging is enabled
and also record the stack trace associated with the event.
- info(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- info(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- info(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- info(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- init(FilterConfig) - Method in class org.owasp.esapi.filters.ClickjackFilter
-
Initialize "mode" parameter from web.xml.
- init(FilterConfig) - Method in class org.owasp.esapi.filters.ESAPIFilter
-
Called by the web container to indicate to a filter that it is being
placed into service.
- init(FilterConfig) - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter
-
Called by the web container to indicate to a filter that it is being
placed into service.
- init(FilterConfig) - Method in class org.owasp.esapi.filters.SecurityWrapper
-
- init(FilterConfig) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
-
This function is invoked at application startup and when the
configuration file polling period has elapsed and a change in the
configuration file has been detected.
- initialize(String) - Static method in class org.owasp.esapi.ESAPI
-
- initialize() - Method in class org.owasp.esapi.util.DefaultMessageUtil
-
- input - Variable in class org.owasp.esapi.codecs.AbstractPushbackSequence
-
- InputStream(InputStream) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream
-
- InputStream(InputStream, int) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream
-
- insertProviderAt(String, int) - Static method in class org.owasp.esapi.crypto.SecurityProviderLoader
-
This methods adds a provider to the SecurityManager
either by some generic name or by the class name.
- IntegerAccessReferenceMap - Class in org.owasp.esapi.reference
-
Reference implementation of the AccessReferenceMap interface.
- IntegerAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
- IntegerValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule
-
- IntegerValidationRule(String, Encoder, int, int) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule
-
- IntegrityException - Exception in org.owasp.esapi.errors
-
An IntegrityException should be thrown when a problem with the integrity of data
has been detected.
- IntegrityException() - Constructor for exception org.owasp.esapi.errors.IntegrityException
-
Instantiates a new availability exception.
- IntegrityException(String, String) - Constructor for exception org.owasp.esapi.errors.IntegrityException
-
Creates a new instance of IntegrityException.
- IntegrityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntegrityException
-
Instantiates a new IntegrityException.
- InterceptingHTTPServletRequest - Class in org.owasp.esapi.waf.internal
-
The wrapper for the HttpServletRequest object which will be passed to the application
being protected by the WAF.
- InterceptingHTTPServletRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
-
- InterceptingHTTPServletResponse - Class in org.owasp.esapi.waf.internal
-
The wrapper for the HttpServletResponse object which will be passed to the application
being protected by the WAF.
- InterceptingHTTPServletResponse(HttpServletResponse, boolean, List<Rule>) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- InterceptingPrintWriter - Class in org.owasp.esapi.waf.internal
-
The PrintWriter needed to buffer outbound data generated by the application
being protected by the WAF.
- InterceptingPrintWriter(Writer) - Constructor for class org.owasp.esapi.waf.internal.InterceptingPrintWriter
-
- InterceptingServletOutputStream - Class in org.owasp.esapi.waf.internal
-
This class was inspired by ModSecurity for Java by Ivan Ristic.
- InterceptingServletOutputStream(ServletOutputStream, boolean) - Constructor for class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
-
- interval - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
-
The time frame within which 'count' number of actions has to be detected in order to
trigger this threshold.
- INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
-
- INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- intrusionDetector() - Static method in class org.owasp.esapi.ESAPI
-
- IntrusionDetector - Interface in org.owasp.esapi
-
The IntrusionDetector interface is intended to track security relevant events and identify attack behavior.
- IntrusionException - Exception in org.owasp.esapi.errors
-
An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack
in progress.
- IntrusionException(String, String) - Constructor for exception org.owasp.esapi.errors.IntrusionException
-
Creates a new instance of IntrusionException.
- IntrusionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntrusionException
-
Instantiates a new intrusion exception.
- IPRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <detect-source-ip> rules.
- IPRule(String, Pattern, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule
-
- IPRule(String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule
-
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.Action
-
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.BlockAction
-
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DefaultAction
-
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DoNothingAction
-
- isAllowedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Return true if specified cipher mode is one that may be used for
encryption / decryption operations via
Encryptor
.
- isAllowNull() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
- isAnonymous() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if user is anonymous.
- isAnonymous() - Method in interface org.owasp.esapi.User
-
Checks if user is anonymous.
- isAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController
-
isAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
- isAuthorized(R) - Method in interface org.owasp.esapi.AccessControlRule
-
- isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR
-
- isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR
-
- isAuthorized(Object[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
-
Delegates to the method specified in setPolicyParameters
- isAuthorized(Boolean) - Method in class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
-
Returns true iff runtimeParameter is a Boolean true.
- isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
- isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR
-
Returns true if runtimeParameter is a Boolean true.
- isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
isAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
- isAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced data, represented as an Object.
- isAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced file.
- isAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced function.
- isAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced service.
- isAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController
-
Deprecated.
- isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
Check if URL is authorized.
- isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced URL.
- isCipherTextMACvalid(SecretKey, CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
If a Message Authentication Code (MAC) is required for the specified
CipherText
object, then attempt to validate the MAC that
should be embedded within the CipherText
object by using a
derived key based on the specified SecretKey
.
- isCombinedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Return true if specified cipher mode is one of those specified in the
ESAPI.properties
file that supports both confidentiality
and authenticity (i.e., a "combined cipher mode" as NIST refers
to it).
- isCommitted() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- isDebugEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level
will be discarded, to avoid performing expensive processing.
- isDebugEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- isDebugEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- isEmpty() - Method in class org.owasp.esapi.codecs.HashTrie
- isEmpty() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- isEmpty(String) - Static method in class org.owasp.esapi.StringUtilities
-
Returns true if String is empty ("") or null.
- isEmpty() - Method in class org.owasp.esapi.ValidationErrorList
-
Returns true if no error are present.
- isEnabled(Logger) - Method in enum org.owasp.esapi.logging.java.JavaLogLevelHandlers
-
- isEnabled(Logger) - Method in enum org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers
-
- isEnabled() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is currently enabled.
- isEnabled() - Method in interface org.owasp.esapi.User
-
Checks if this user's account is currently enabled.
- isErrorEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level
will be discarded, to avoid performing expensive processing.
- isErrorEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- isErrorEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- isExpired() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Check if token has expired yet.
- isExpired() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is expired.
- isExpired() - Method in interface org.owasp.esapi.User
-
Checks if this user's account is expired.
- isFatalEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level
will be discarded, to avoid performing expensive processing.
- isFatalEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- isFatalEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- isHexDigit(Integer) - Static method in class org.owasp.esapi.codecs.PushBackSequenceImpl
-
Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
- isHexDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString
-
Returns true if the parameter character is a hexidecimal digit 0 through
9, a through f, or A through F.
- isInfoEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level
will be discarded, to avoid performing expensive processing.
- isInfoEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- isInfoEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- isInList(Map, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
-
- isInList(Collection, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
-
- isInList(Enumeration, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
-
- isInRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is assigned a particular role.
- isInRole(String) - Method in interface org.owasp.esapi.User
-
Checks if this user's account is assigned a particular role.
- isLocked() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is locked.
- isLocked() - Method in interface org.owasp.esapi.User
-
Checks if this user's account is locked.
- isLoggedIn() - Method in class org.owasp.esapi.reference.DefaultUser
-
Tests to see if the user is currently logged in.
- isLoggedIn() - Method in interface org.owasp.esapi.User
-
Tests to see if the user is currently logged in.
- isMACRequired(CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Check to see if a Message Authentication Code (MAC) is required
for a given CipherText
object and the current ESAPI.property
settings.
- isOctalDigit(Integer) - Static method in class org.owasp.esapi.codecs.PushBackSequenceImpl
-
Returns true if the parameter character is an octal digit 0 through 7.
- isOctalDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString
-
Returns true if the parameter character is an octal digit 0 through 7.
- isReady() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
-
- isRequestedSessionIdFromCookie() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isRequestedSessionIdFromUrl() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
- isRequestedSessionIdFromURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isRequestedSessionIdValid() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isSecure() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isSessionAbsoluteTimeout() - Method in class org.owasp.esapi.reference.DefaultUser
-
Tests to see if this user's session has exceeded the absolute time out based
on ESAPI's configuration settings.
- isSessionAbsoluteTimeout() - Method in interface org.owasp.esapi.User
-
Tests to see if this user's session has exceeded the absolute time out based
on ESAPI's configuration settings.
- isSessionTimeout() - Method in class org.owasp.esapi.reference.DefaultUser
-
Tests to see if the user's session has timed out from inactivity based
on ESAPI's configuration settings.
- isSessionTimeout() - Method in interface org.owasp.esapi.User
-
Tests to see if the user's session has timed out from inactivity based
on ESAPI's configuration settings.
- isSuccess() - Method in class org.owasp.esapi.Logger.EventType
-
- isTraceEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level
will be discarded, to avoid performing expensive processing.
- isTraceEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- isTraceEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- isUserInRole(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns true if the ESAPI User associated with this request has the
specified role.
- isUsingHttpOnlyFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- isUsingSecureFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- isUsingWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- isValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- isValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
-
- isValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
matches the pattern for a valid credit card number.
- isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
matches the pattern for a valid credit card number,
any validation exceptions are added to the supplied errorList
.
- isValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
matches the pattern for a valid credit card number.
- isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
matches the pattern for a valid credit card number,
any validation exceptions are added to the supplied errorList
.
- isValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileName(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidFileName(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileName(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidFileName(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if filepath
, filename
, and content
of a file are valid.
- isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if filepath
, filename
, and content
of a file are valid,
any validation exceptions are added to the supplied errorList
.
- isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if filepath
, filename
, and content
of a file are valid.
- isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if filepath
, filename
, and content
of a file are valid,
any validation exceptions are added to the supplied errorList
.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if only required and optional parameters are in the request.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if only required and optional parameters are in the request,
any validation exceptions are added to the supplied errorList
.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator
-
Returns true if only required and optional parameters are in the request.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if only required and optional parameters are in the request,
any validation exceptions are added to the supplied errorList
.
- isValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if canonicalized input is valid.
- isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if canonicalized input is valid,
any validation exceptions are added to the supplied errorList
.
- isValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if canonicalized input is valid.
- isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if canonicalized input is valid,
any validation exceptions are added to the supplied errorList
.
- isValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is a valid integer between minValue
and maxValue
inclusive.
- isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is a valid integer between minValue
and maxValue
inclusive,
any validation exceptions are added to the supplied errorList
.
- isValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is a valid integer between minValue
and maxValue
inclusive.
- isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is a valid integer between minValue
and maxValue
inclusive,
any validation exceptions are added to the supplied errorList
.
- isValidKDFVersion(int, boolean, boolean) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Is this particular KDF version number one that is sane? For that, we
just make sure it is inbounds of the valid range which is:
- isValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidPRF(String) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Check if specified algorithm name is a valid PRF that can be used.
- isValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid.
- isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid.
- isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Returns true if input
is valid,
any validation exceptions are added to the supplied errorList
.
- isValidURI(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Parses and ensures that the URI in question is a valid RFC-3986 URI.
- isValidURI(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Parses and ensures that the URI in question is a valid RFC-3986 URI.
- isWarningEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level
will be discarded, to avoid performing expensive processing.
- isWarningEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- isWarningEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- iterator() - Method in interface org.owasp.esapi.AccessReferenceMap
-
Get an iterator through the direct object references.
- iterator() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Get an iterator through the direct object references.
- itod - Variable in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
The Indirect to Direct Map
- IV_TYPE - Static variable in class org.owasp.esapi.PropNames
-
- IV_TYPE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Deprecated.
- SafeFile - Class in org.owasp.esapi
-
Extension to java.io.File to prevent against null byte injections and
other unforeseen problems resulting from unprintable characters
causing problems in path lookups.
- SafeFile(String) - Constructor for class org.owasp.esapi.SafeFile
-
- SafeFile(String, String) - Constructor for class org.owasp.esapi.SafeFile
-
- SafeFile(File, String) - Constructor for class org.owasp.esapi.SafeFile
-
- SafeFile(URI) - Constructor for class org.owasp.esapi.SafeFile
-
- safeReadLine(InputStream, int) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Reads from an input stream until end-of-line or a maximum number of
characters.
- safeReadLine(InputStream, int) - Method in interface org.owasp.esapi.Validator
-
Reads from an input stream until end-of-line or a maximum number of
characters.
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care).
- sanitize(String, String, ValidationErrorList) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
-
Same as sanitize(String, String) except it returns any ValidationException generated in the provided errorList.
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule
-
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care).
- saveUsers() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Saves the user database to the file system.
- saveUsers(PrintWriter) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Save users.
- seal(String, long) - Method in interface org.owasp.esapi.Encryptor
-
Creates a seal that binds a set of data and includes an expiration timestamp.
- seal(String, long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Creates a seal that binds a set of data and includes an expiration timestamp.
- SECURITY_AUDIT - Static variable in interface org.owasp.esapi.Logger
-
A security type of log event that is associated with an audit trail of some type,
but the log event is not specifically something that has either succeeded or failed
or that is irrelevant in the case of this logged message.
- SECURITY_FAILURE - Static variable in interface org.owasp.esapi.Logger
-
A security type of log event that has failed.
- SECURITY_SUCCESS - Static variable in interface org.owasp.esapi.Logger
-
A security type of log event that has succeeded.
- securityConfiguration() - Static method in class org.owasp.esapi.ESAPI
-
- SecurityConfiguration - Interface in org.owasp.esapi
-
The SecurityConfiguration
interface stores all configuration information
that directs the behavior of the ESAPI implementation.
- SecurityConfiguration.Threshold - Class in org.owasp.esapi
-
Models a simple threshold as a count and an interval, along with a set of actions to take if
the threshold is exceeded.
- SecurityProviderLoader - Class in org.owasp.esapi.crypto
-
This class provides a generic static method that loads a
java.security.Provider
either by some generic name
(i.e., Provider.getName()
) or by a fully-qualified class name.
- SecurityProviderLoader() - Constructor for class org.owasp.esapi.crypto.SecurityProviderLoader
-
- SecurityWrapper - Class in org.owasp.esapi.filters
-
This filter wraps the incoming request and outgoing response and overrides
many methods with safer versions.
- SecurityWrapper() - Constructor for class org.owasp.esapi.filters.SecurityWrapper
-
- SecurityWrapperRequest - Class in org.owasp.esapi.filters
-
This request wrapper simply overrides unsafe methods in the
HttpServletRequest API with safe versions that return canonicalized data
where possible.
- SecurityWrapperRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.filters.SecurityWrapperRequest
-
Construct a safe request that overrides the default request methods with
safer versions.
- SecurityWrapperResponse - Class in org.owasp.esapi.filters
-
This response wrapper simply overrides unsafe methods in the
HttpServletResponse API with safe versions.
- SecurityWrapperResponse(HttpServletResponse) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse
-
Construct a safe response that overrides the default response methods
with safer versions.
- SecurityWrapperResponse(HttpServletResponse, String) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse
-
Construct a safe response that overrides the default response methods
with safer versions.
- sendError(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Override the error code with a 200 in order to confound attackers using
automated scanners.
- sendError(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Override the error code with a 200 in order to confound attackers using
automated scanners.
- sendForward(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls sendForward with the *current* request and response.
- sendForward(HttpServletRequest, HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- sendForward(HttpServletRequest, HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- sendForward(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls sendForward with the *current* request and response.
- sendRedirect(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
This method generates a redirect response that can only be used to
redirect the browser to safe locations, as configured in the ESAPI
security configuration.
- sendRedirect(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls sendRedirect with the *current* response.
- sendRedirect(HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- sendRedirect(HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- sendRedirect(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls sendRedirect with the *current* response.
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.ConfigurationException
-
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityException
-
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.ValidationException
-
- serialVersionUID - Static variable in class org.owasp.esapi.logging.java.ESAPICustomJavaLevel
-
- serialVersionUID - Static variable in class org.owasp.esapi.logging.java.ESAPIErrorJavaLevel
-
Deprecated.
- serialVersionUID - Static variable in exception org.owasp.esapi.waf.ConfigurationException
-
- ServerInfoSupplier - Class in org.owasp.esapi.logging.appender
-
Supplier which can provide a String representing the server-side connection
information.
- ServerInfoSupplier(String) - Constructor for class org.owasp.esapi.logging.appender.ServerInfoSupplier
-
Ctr.
- set(int, String) - Method in class org.owasp.esapi.PreparedString
-
Set the parameter at index with supplied value using the default Codec to escape.
- set(int, String, Codec) - Method in class org.owasp.esapi.PreparedString
-
Set the parameter at index with supplied value using the supplied Codec to escape.
- set(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
- set(String, Object) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
-
This works just like a Map, except it will throw an exception if lock()
has been called.
- setAccountName(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets this user's account name.
- setAccountName(String) - Method in interface org.owasp.esapi.User
-
Sets this user's account name.
- setActionNecessary(boolean) - Method in class org.owasp.esapi.waf.actions.Action
-
- setAllowableContentRoot(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
- setAllowNull(boolean) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Whether or not a valid valid can be null.
- setAllowNull(boolean) - Method in interface org.owasp.esapi.ValidationRule
-
Whether or not a valid valid can be null.
- setApplyHTTPOnlyFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- setApplySecureFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- setAttribute(String, String) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set a name/value pair as an attribute.
- setAttribute(String, Object) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- setBlockSize(int) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the block size for this CipherSpec
.
- setBufferSize(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setCache(boolean) - Static method in class org.owasp.esapi.util.ObjFactory
-
Control whether cache for classes and method names should be enabled or disabled.
- setCanonicalize(boolean) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
- setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Sets the character encoding scheme to the ESAPI configured encoding scheme.
- setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Sets the character encoding to the ESAPI configured encoding.
- setCiphertext(byte[]) - Method in class org.owasp.esapi.crypto.CipherText
-
Set the raw ciphertext.
- setCipherTransformation(String) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the cipher transformation for this CipherSpec
.
- setCipherTransformation(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Set the cipher transformation.
- setCipherTransformation(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
- setConfiguration(String, String) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
-
This function is used in testing to dynamically alter the configuration.
- setContentLength(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setContentType(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setContentType() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls setContentType with the *current* request and response.
- setContentType(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
-
Set the content type character encoding header on every HttpServletResponse in order to limit
the ways in which the input data can be represented.
- setContentType() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setContentType with the *current* request and response.
- setContentType(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Set the content type character encoding header on every HttpServletResponse in order to limit
the ways in which the input data can be represented.
- setContentType(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
-
- setContext(String) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Set the 'context' as specified by NIST Special Publication 800-108.
- setContext(String) - Method in exception org.owasp.esapi.errors.ValidationException
-
Set's the UI reference that caused this ValidationException
- setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
-
Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout
ESAPI (and elsewhere)
- setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout
ESAPI (and elsewhere)
- setCurrentUser(User) - Method in interface org.owasp.esapi.Authenticator
-
Sets the currently logged in User.
- setCurrentUser(User) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Sets the currently logged in User.
- setDateFormat(DateFormat) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
-
- setDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a date header to the response after ensuring that there are no
encoded or illegal characters in the name.
- setDefaultErrorPage(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- setDefaultResponseCode(int) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- setEncoder(Encoder) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- setEncoder(Encoder) - Method in interface org.owasp.esapi.ValidationRule
-
- setEncoding(String) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Set the encoding used to convert the content to bytes for
encoding.
- setError() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
-
- setExpiration(int) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set expiration time to expire in 'interval' seconds (NOT milliseconds).
- setExpiration(Date) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set expiration time for a specific date/time.
- setExpirationTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets the date and time when this user's account will expire.
- setExpirationTime(Date) - Method in interface org.owasp.esapi.User
-
Sets the date and time when this user's account will expire.
- setFailed(boolean) - Method in class org.owasp.esapi.waf.actions.Action
-
- setHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a header to the response after ensuring that there are no encoded or
illegal characters in the name and value.
- setHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls setHeader with the *current* response.
- setHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or
illegal characters in the name and value.
- setHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or
illegal characters in the name and value.
- setHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setHeader with the *current* response.
- setId(String) - Method in class org.owasp.esapi.waf.rules.Rule
-
- setIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add an int header to the response after ensuring that there are no
encoded or illegal characters in the name.
- setIV(byte[]) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the initialization vector (IV).
- setIVandCiphertext(byte[], byte[]) - Method in class org.owasp.esapi.crypto.CipherText
-
Set the IV and raw ciphertext.
- setKDF_PRF(int) - Method in class org.owasp.esapi.crypto.CipherText
-
- setKDFVersion(int) - Method in class org.owasp.esapi.crypto.CipherText
-
- setKeySize(int) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the key size for this CipherSpec
.
- setLastFailedLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the time of the last failed login for this user.
- setLastFailedLoginTime(Date) - Method in interface org.owasp.esapi.User
-
Set the time of the last failed login for this user.
- setLastHostAddress(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the last remote host address used by this user.
- setLastHostAddress(String) - Method in interface org.owasp.esapi.User
-
Set the last remote host address used by this user.
- setLastLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the time of the last successful login for this user.
- setLastLoginTime(Date) - Method in interface org.owasp.esapi.User
-
Set the time of the last successful login for this user.
- setLastPasswordChangeTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the time of the last password change for this user.
- setLastPasswordChangeTime(Date) - Method in interface org.owasp.esapi.User
-
Set the time of the last password change for this user.
- setLevel(int) - Method in interface org.owasp.esapi.Logger
-
Dynamically set the ESAPI logging severity level.
- setLevel(int) - Method in class org.owasp.esapi.logging.java.JavaLogger
-
- setLevel(int) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
- setLocale(Locale) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setLocale(Locale) - Method in class org.owasp.esapi.reference.DefaultUser
-
- setLocale(Locale) - Method in interface org.owasp.esapi.User
-
- setLogApplicationName(boolean, String) - Method in class org.owasp.esapi.logging.appender.ServerInfoSupplier
-
Specify whether the instance should record the application name
- setLogClientInfo(boolean) - Method in class org.owasp.esapi.logging.appender.ClientInfoSupplier
-
Specify whether the instance should record the client info.
- setLogServerIp(boolean) - Method in class org.owasp.esapi.logging.appender.ServerInfoSupplier
-
Specify whether the instance should record the server connection info.
- setLogUserInfo(boolean) - Method in class org.owasp.esapi.logging.appender.UserInfoSupplier
-
Specify whether the instance should record the client info.
- setMaxCardLength(int) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
- setMaximumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
- setMinimumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
- setName(String) - Method in class org.owasp.esapi.waf.internal.Parameter
-
- setNoCacheHeaders() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls setNoCacheHeaders with the *current* response.
- setNoCacheHeaders(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
-
Set headers to protect sensitive information against being cached in the browser.
- setNoCacheHeaders() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setNoCacheHeaders with the *current* response.
- setNoCacheHeaders(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Set headers to protect sensitive information against being cached in the browser.
- setPolicyParameters(P) - Method in interface org.owasp.esapi.AccessControlRule
-
- setPolicyParameters(P) - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR
-
- setPolicyParameters(DynaBeanACRParameter) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
-
- setProperty(String, String) - Method in interface org.owasp.esapi.EncryptedProperties
-
Encrypts the plaintext property value and stores the ciphertext value
in the encrypted store.
- setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Encrypts the plaintext property value and stores the ciphertext value
in the encrypted store.
- setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
Encrypts the plaintext property value and stores the ciphertext value
in the encrypted store.
- setRedirectURL(String) - Method in class org.owasp.esapi.waf.actions.RedirectAction
-
- setRememberToken(String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Deprecated.
- setRememberToken(HttpServletRequest, HttpServletResponse, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
- setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Deprecated.
- setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Set a cookie containing the current User's remember me token for automatic authentication.
- setRememberToken(HttpServletRequest, HttpServletResponse, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
- setRememberToken(String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setNoCacheHeaders with the *current* response.
- setReplacementMarker(String) - Method in class org.owasp.esapi.codecs.ref.EncodingPatternPreservation
-
Allows the marker used as a replacement to be altered.
- setResourceDirectory(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Sets the ESAPI resource directory.
- setResourceDirectory(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Sets the ESAPI resource directory.
- setResponseBytes(byte[]) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
-
- setRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets the roles for this account.
- setRoles(Set<String>) - Method in interface org.owasp.esapi.User
-
Sets the roles for this account.
- setScreenName(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets the screen name (username alias) for this user.
- setScreenName(String) - Method in interface org.owasp.esapi.User
-
Sets the screen name (username alias) for this user.
- setSessionCookieName(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
- setStatus(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Override the status code with a 200 in order to confound attackers using
automated scanners.
- setStatus(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
- setStringValidatorRule(StringValidationRule) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
- setTypeName(String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- setTypeName(String) - Method in interface org.owasp.esapi.ValidationRule
-
- setUserAccountName(String) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set the user account name associated with this cryptographic token
object.
- setValue(String) - Method in class org.owasp.esapi.waf.internal.Parameter
-
- setVersion(int) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Set version so backward compatibility can be supported.
- setWrap(boolean) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Set whether line wrapping at 64 characters is performed.
- setWriteListener(WriteListener) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
-
- shouldPrintProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
- sign(String) - Method in interface org.owasp.esapi.Encryptor
-
Create a digital signature for the provided data and return it in a
string.
- sign(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Create a digital signature for the provided data and return it in a
string.
- SimpleVirtualPatchRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <virtual-patch> rules.
- SimpleVirtualPatchRule(String, Pattern, String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule
-
- size() - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the number of entries.
- size() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
-
- size() - Method in class org.owasp.esapi.ValidationErrorList
-
Returns the numbers of errors present.
- Slf4JLogBridge - Interface in org.owasp.esapi.logging.slf4j
-
Contract for translating an ESAPI log event into an SLF4J log event.
- Slf4JLogBridgeImpl - Class in org.owasp.esapi.logging.slf4j
-
Implementation which is intended to bridge the ESAPI Logging API into SLF4J supported Object structures.
- Slf4JLogBridgeImpl(LogAppender, LogScrubber, Map<Integer, Slf4JLogLevelHandler>) - Constructor for class org.owasp.esapi.logging.slf4j.Slf4JLogBridgeImpl
-
Constructor.
- Slf4JLogFactory - Class in org.owasp.esapi.logging.slf4j
-
LogFactory implementation which creates SLF4J supporting Loggers.
- Slf4JLogFactory() - Constructor for class org.owasp.esapi.logging.slf4j.Slf4JLogFactory
-
- Slf4JLogger - Class in org.owasp.esapi.logging.slf4j
-
ESAPI Logger implementation which relays events to an SLF4J delegate.
- Slf4JLogger(Logger, Slf4JLogBridge, int) - Constructor for class org.owasp.esapi.logging.slf4j.Slf4JLogger
-
Constructs a new instance.
- Slf4JLogLevelHandlers - Enum in org.owasp.esapi.logging.slf4j
-
Enumeration capturing the propagation of SLF4J level events.
- SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
-
- splitQuery(URI) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
The meat of this method was taken from StackOverflow: http://stackoverflow.com/a/13592567/557153
It has been modified to return a canonicalized key and value pairing.
- StandardEsapiPropertyLoader - Class in org.owasp.esapi.configuration
-
Loader capable of loading single security configuration property from standard java properties configuration file.
- StandardEsapiPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
-
- store(OutputStream, String) - Method in interface org.owasp.esapi.EncryptedProperties
-
Writes this property list (key and element pairs) in this Properties table to
the output stream in a format suitable for loading into a Properties table using the load method.
- store(OutputStream, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Writes this property list (key and element pairs) in this Properties table to
the output stream in a format suitable for loading into a Properties table using the load method.
- storeProperties(String, Properties, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
-
Stores a Properties object to a file.
- StringUtilities - Class in org.owasp.esapi
-
String utilities used in various filters.
- StringUtilities() - Constructor for class org.owasp.esapi.StringUtilities
-
- StringValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
- StringValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
-
- StringValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
-
- StringValidationRule(String, Encoder, String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
-
- stripControls(String) - Static method in class org.owasp.esapi.StringUtilities
-
Removes all unprintable characters from a string
and replaces with a space.
- strToChars(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a String to a char array
- strToSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a String to a set of characters.
- strToUnmodifiableSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a String to a unmodifiable set of characters.
- suspendEncoding() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
-
Suspends encoding of the stream.