Index (ESAPI 2.5.0.0 API)

A B C D E F G H I J K L M N O P R S T U V W X

A

ABSOLUTE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.PropNames
ABSOLUTE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
AbstractAccessReferenceMap<K> - Class in org.owasp.esapi.reference: Abstract Implementation of the AccessReferenceMap.
AbstractAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap: Instantiates a new access reference map.
AbstractAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap: Instantiates a new access reference map with the specified size allotment to reduce Map resizing overhead.
AbstractAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap: Deprecated.
This constructor internally calls the abstract method AbstractAccessReferenceMap.getUniqueReference(). Since this is a constructor, any subclass that implements getUniqueReference() has not had it's own constructor run. This leads to strange bugs because subclass internal state is initializaed after calls to getUniqueReference() have already happened. If this constructor is desired in a subclass, consider running AbstractAccessReferenceMap.update(Set) in the subclass constructor instead.
AbstractAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap: Deprecated.
This constructor internally calls the abstract method AbstractAccessReferenceMap.getUniqueReference(). Since this is a constructor, any subclass that implements getUniqueReference() has not had it's own constructor run. This leads to strange bugs because subclass internal state is initializaed after calls to getUniqueReference() have already happened. If this constructor is desired in a subclass, consider running AbstractAccessReferenceMap.update(Set) in the subclass constructor instead.
AbstractAuthenticator - Class in org.owasp.esapi.reference: A partial implementation of the Authenticator interface.
AbstractAuthenticator() - Constructor for class org.owasp.esapi.reference.AbstractAuthenticator
AbstractCharacterCodec - Class in org.owasp.esapi.codecs: This abstract Impl is broken off from the original Codec class and provides the Character parsing logic that has been with ESAPI from the beginning.
AbstractCharacterCodec() - Constructor for class org.owasp.esapi.codecs.AbstractCharacterCodec
AbstractCodec<T> - Class in org.owasp.esapi.codecs: The Coded interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding).
AbstractCodec() - Constructor for class org.owasp.esapi.codecs.AbstractCodec: Default constructor
AbstractIntegerCodec - Class in org.owasp.esapi.codecs: This class is intended to be an alternative Abstract Implementation for parsing encoding data by focusing on int as opposed to Character.
AbstractIntegerCodec() - Constructor for class org.owasp.esapi.codecs.AbstractIntegerCodec
AbstractPrioritizedPropertyLoader - Class in org.owasp.esapi.configuration: Abstrace class that supports two "levels" of priorities for ESAPI properties.
AbstractPrioritizedPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
AbstractPushbackSequence<T> - Class in org.owasp.esapi.codecs: This Abstract class provides the generic logic for using a PushbackSequence in regards to iterating strings.
AbstractPushbackSequence(String) - Constructor for class org.owasp.esapi.codecs.AbstractPushbackSequence
ACCEPT_LENIENT_DATES - Static variable in class org.owasp.esapi.PropNames
ACCEPT_LENIENT_DATES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
AccessControlException - Exception in org.owasp.esapi.errors: An AccessControlException should be thrown when a user attempts to access a resource that they are not authorized for.
AccessControlException() - Constructor for exception org.owasp.esapi.errors.AccessControlException: Instantiates a new access control exception.
AccessControlException(String, String) - Constructor for exception org.owasp.esapi.errors.AccessControlException: Creates a new instance of AccessControlException.
AccessControlException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AccessControlException: Instantiates a new access control exception.
AccessController - Interface in org.owasp.esapi: The AccessController interface defines a set of methods that can be used in a wide variety of applications to enforce access control.
accessController() - Static method in class org.owasp.esapi.ESAPI
AccessControlRule<P,R> - Interface in org.owasp.esapi
AccessReferenceMap<K> - Interface in org.owasp.esapi: The AccessReferenceMap interface is used to map from a set of internal direct object references to a set of indirect references that are safe to disclose publicly.
ACRParameterLoader<T> - Interface in org.owasp.esapi.reference.accesscontrol.policyloader
ACRParameterLoaderHelper - Class in org.owasp.esapi.reference.accesscontrol.policyloader
ACRParameterLoaderHelper() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
ACRPolicyFileLoader - Class in org.owasp.esapi.reference.accesscontrol.policyloader
ACRPolicyFileLoader() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
Action - Class in org.owasp.esapi.waf.actions: The base class indicating what is to be done after a rule executes.
Action() - Constructor for class org.owasp.esapi.waf.actions.Action
actionNecessary - Variable in class org.owasp.esapi.waf.actions.Action
actions - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold: The list of actions to take if the threshold is met.
addAccessControlRule(String, String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
addAfterBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
addAttributes(Map<String, String>) - Method in class org.owasp.esapi.crypto.CryptoToken: Add the specified collection of attributes to the current attributes.
addBeforeBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
addBeforeResponseRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
addBlacklistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
addBlacklistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
addCookie(Cookie) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addCookie(Cookie) - Method in interface org.owasp.esapi.HTTPUtilities: Calls addCookie with the *current* request.
addCookie(HttpServletResponse, Cookie) - Method in interface org.owasp.esapi.HTTPUtilities: Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addCookie(Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls addCookie with the *current* request.
addCookie(HttpServletResponse, Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addCookie(Cookie) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
addCookie(Cookie, boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
addCookieRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
addCSRFToken(String) - Method in interface org.owasp.esapi.HTTPUtilities: Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
addCSRFToken(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
addDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name.
addDirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap: Adds a direct reference to the AccessReferenceMap, then generates and returns an associated indirect reference.
addDirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap: Adds a direct reference to the AccessReferenceMap, then generates and returns an associated indirect reference.
addError(String, ValidationException) - Method in class org.owasp.esapi.ValidationErrorList: Adds a new error to list with a unique named context.
addEvent(String, String) - Method in interface org.owasp.esapi.IntrusionDetector: Adds the event to the IntrusionDetector.
addEvent(String, String) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector: Adds the event to the IntrusionDetector.
addException(Exception) - Method in interface org.owasp.esapi.IntrusionDetector: Adds the exception to the IntrusionDetector.
addException(Exception) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector: Adds the exception to the IntrusionDetector.
addHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities: Calls addHeader with the *current* request.
addHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities: Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls addHeader with the *current* request.
addHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
AddHeaderRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <add-header> rules.
AddHeaderRule(String, String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AddHeaderRule
AddHTTPOnlyFlagRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <add-http-only-flag> rules.
AddHTTPOnlyFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
addIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Add an int header to the response after ensuring that there are no encoded or illegal characters in the name and value.
ADDITIONAL_ALLOWED_CIPHER_MODES - Static variable in class org.owasp.esapi.PropNames
ADDITIONAL_ALLOWED_CIPHER_MODES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
addProperty(Properties, String, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils: Adds a new key-value property to the passed Properties object
addReferer(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Add a referer header to the response, after validating there are no illegal characters according to the Validator.isValidURI() method, as well as ensuring there are no instances of mixed or double encoding depending on how you have configured ESAPI defaults.
addRole(String) - Method in class org.owasp.esapi.reference.DefaultUser: Adds a role to this user's account.
addRole(String) - Method in interface org.owasp.esapi.User: Adds a role to this user's account.
addRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser: Adds a set of roles to this user's account.
addRoles(Set<String>) - Method in interface org.owasp.esapi.User: Adds a set of roles to this user's account.
addRule(ValidationRule) - Method in class org.owasp.esapi.reference.DefaultValidator: Add a validation rule to the registry using the "type name" of the rule as the key.
addRule(ValidationRule) - Method in interface org.owasp.esapi.Validator: Add a validation rule to the registry using the "type name" of the rule as the key.
AddSecureFlagRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <add-secure-flag> rules.
AddSecureFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddSecureFlagRule
addSession(HttpSession) - Method in class org.owasp.esapi.reference.DefaultUser: Adds a session for this User.
addSession(HttpSession) - Method in interface org.owasp.esapi.User: Adds a session for this User.
addWhitelistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
addWhitelistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
ALL - Static variable in interface org.owasp.esapi.Logger: ALL indicates that all messages should be logged.
ALLOW_MIXED_ENCODING - Static variable in class org.owasp.esapi.PropNames
ALLOW_MIXED_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
ALLOW_MULTIPLE_ENCODING - Static variable in class org.owasp.esapi.PropNames
ALLOW_MULTIPLE_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
ALLOWED_LOGIN_ATTEMPTS - Static variable in class org.owasp.esapi.PropNames
ALLOWED_LOGIN_ATTEMPTS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
allowNull - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
ALPHANUMERICS - Static variable in class org.owasp.esapi.EncoderConstants
always(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger: Log an event regardless of what logging level is enabled.
always(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger: Log an event regardless of what logging level is enabled and also record the stack trace associated with the event.
always(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger
always(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger
always(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
always(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
ALWAYS_LEVEL - Static variable in class org.owasp.esapi.logging.java.ESAPICustomJavaLevel: Defines a custom level that should result in content always being recorded, unless the Java Logging configuration is set to OFF.
AlwaysFalseACR - Class in org.owasp.esapi.reference.accesscontrol
AlwaysFalseACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR
AlwaysTrueACR - Class in org.owasp.esapi.reference.accesscontrol
AlwaysTrueACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR
ANONYMOUS - Static variable in interface org.owasp.esapi.User: The ANONYMOUS user is used to represent an unidentified user.
ANONYMOUS_USER - Static variable in class org.owasp.esapi.crypto.CryptoToken: Represents an anonymous user.
ANSI_MODE - Static variable in class org.owasp.esapi.codecs.MySQLCodec: Target MySQL Server is running in ANSI_QUOTES Mode
append(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
append(CharSequence, int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
append(CharSequence) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
appendTo(String, Logger.EventType, String) - Method in interface org.owasp.esapi.logging.appender.LogAppender: Creates a replacement Log Message and returns it to the caller.
appendTo(String, Logger.EventType, String) - Method in class org.owasp.esapi.logging.appender.LogPrefixAppender
AppGuardianConfiguration - Class in org.owasp.esapi.waf.configuration: This class is the object model of the policy file.
AppGuardianConfiguration() - Constructor for class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
APPLICATION_NAME - Static variable in class org.owasp.esapi.PropNames
APPLICATION_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
APPROVED_EXECUTABLES - Static variable in class org.owasp.esapi.PropNames
APPROVED_EXECUTABLES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
APPROVED_UPLOAD_EXTENSIONS - Static variable in class org.owasp.esapi.PropNames
APPROVED_UPLOAD_EXTENSIONS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
arrayCompare(byte[], byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper: Deprecated.
Use java.security.MessageDigest#isEqual(byte[], byte[]) instead.
arrayToSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil: Converts an array of chars to a Set of Characters.
arrayToUnmodifiableSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil: Convert a char array to a unmodifiable Set.
asBytes() - Method in class org.owasp.esapi.crypto.PlainText: Convert the PlainText object to a byte array.
asCipherText() - Method in class org.owasp.esapi.crypto.CipherTextSerializer: Return the actual CipherText object.
asPortableSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherText: Return this CipherText object as a portable (i.e., network byte ordered) serialized byte array.
asSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherTextSerializer: Return this CipherText object as a specialized, portable serialized byte array.
assertAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController: assertAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.
assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController: assertAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.
assertAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController: Deprecated.
assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController: Deprecated.
assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController: Checks if the current user is authorized to access the referenced data.
assertAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController: Deprecated.
assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController: Deprecated.
assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController: Deprecated.
assertAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController: Deprecated.
assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController: Deprecated.
assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController: Checks if the current user is authorized to access the referenced function.
assertAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController: Deprecated.
assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController: Deprecated.
assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController: Checks if the current user is authorized to access the referenced service.
assertAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController: Deprecated.
assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController: Deprecated.
assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController: Checks if the current user is authorized to access the referenced URL.
assertSecureChannel() - Method in interface org.owasp.esapi.HTTPUtilities: Calls assertSecureChannel with the *current* request.
assertSecureChannel(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities: Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response.
assertSecureChannel() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls assertSecureChannel with the *current* request.
assertSecureChannel(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response.
assertSecureRequest() - Method in interface org.owasp.esapi.HTTPUtilities: Calls assertSecureRequest with the *current* request.
assertSecureRequest(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities: Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
assertSecureRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls assertSecureRequest with the *current* request.
assertSecureRequest(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
assertValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule: Check if the input is valid, throw an Exception otherwise
assertValid(String, String) - Method in interface org.owasp.esapi.ValidationRule: Check if the input is valid, throw an Exception otherwise
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Validates the filepath, filename, and content of a file.
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Validates the filepath, filename, and content of a file, any validation exceptions are added to the supplied errorList.
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in interface org.owasp.esapi.Validator: Validates the filepath, filename, and content of a file.
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Validates the filepath, filename, and content of a file, any validation exceptions are added to the supplied errorList.
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator: Validates that the parameters in the current request contain all required parameters and only optional ones in addition.
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Validates that the parameters in the current request contain all required parameters and only optional ones in addition, any validation exceptions are added to the supplied errorList.
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator: Validates that the parameters in the current request contain all required parameters and only optional ones in addition.
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Validates that the parameters in the current request contain all required parameters and only optional ones in addition, any validation exceptions are added to the supplied errorList.
AuthenticatedRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <authentication-rules> rules.
AuthenticatedRule(String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AuthenticatedRule
AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
AuthenticationAccountsException - Exception in org.owasp.esapi.errors: An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationAccountsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException: Instantiates a new authentication exception.
AuthenticationAccountsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException: Creates a new instance of AuthenticationAccountsException.
AuthenticationAccountsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException: Instantiates a new authentication exception.
AuthenticationCredentialsException - Exception in org.owasp.esapi.errors: An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationCredentialsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException: Instantiates a new authentication exception.
AuthenticationCredentialsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException: Creates a new instance of AuthenticationCredentialsException.
AuthenticationCredentialsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException: Instantiates a new authentication exception.
AuthenticationException - Exception in org.owasp.esapi.errors: An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationException() - Constructor for exception org.owasp.esapi.errors.AuthenticationException: Instantiates a new authentication exception.
AuthenticationException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationException: Creates a new instance of AuthenticationException.
AuthenticationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationException: Instantiates a new authentication exception.
AuthenticationHostException - Exception in org.owasp.esapi.errors: An AuthenticationHostException should be thrown when there is a problem with the host involved with authentication, particularly if the host changes unexpectedly.
AuthenticationHostException() - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException: Instantiates a new authentication exception.
AuthenticationHostException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException: Creates a new instance of AuthenticationHostException.
AuthenticationHostException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException: Instantiates a new authentication exception.
AuthenticationLoginException - Exception in org.owasp.esapi.errors: An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationLoginException() - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException: Instantiates a new authentication exception.
AuthenticationLoginException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException: Creates a new instance of EnterpriseSecurityException.
AuthenticationLoginException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException: Instantiates a new authentication exception.
Authenticator - Interface in org.owasp.esapi: The Authenticator interface defines a set of methods for generating and handling account credentials and session identifiers.
authenticator() - Static method in class org.owasp.esapi.ESAPI
AvailabilityException - Exception in org.owasp.esapi.errors: An AvailabilityException should be thrown when the availability of a limited resource is in jeopardy.
AvailabilityException() - Constructor for exception org.owasp.esapi.errors.AvailabilityException: Instantiates a new availability exception.
AvailabilityException(String, String) - Constructor for exception org.owasp.esapi.errors.AvailabilityException: Creates a new instance of AvailabilityException.
AvailabilityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AvailabilityException: Instantiates a new AvailabilityException.

B

Base64 - Class in org.owasp.esapi.codecs: Encodes and decodes to and from Base64 notation.
Base64.InputStream - Class in org.owasp.esapi.codecs: A Base64.InputStream will read data from another java.io.InputStream, given in the constructor, and encode/decode to/from Base64 notation on the fly.
Base64.OutputStream - Class in org.owasp.esapi.codecs: A Base64.OutputStream will write data to another java.io.OutputStream, given in the constructor, and encode/decode to/from Base64 notation on the fly.
BaseACR<P,R> - Class in org.owasp.esapi.reference.accesscontrol
BaseACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.BaseACR
BaseEncodeTag - Class in org.owasp.esapi.tags: Abstract base class for tags that just encode their bodies with Encoder methods.
BaseEncodeTag() - Constructor for class org.owasp.esapi.tags.BaseEncodeTag
BaseValidationRule - Class in org.owasp.esapi.reference.validation: A ValidationRule performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
BaseValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.BaseValidationRule
BaseValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.BaseValidationRule
BeanShellRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <bean-shell-script> rules.
BeanShellRule(String, String, Pattern) - Constructor for class org.owasp.esapi.waf.rules.BeanShellRule
blacklistPatterns - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
BLOCK - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
BlockAction - Class in org.owasp.esapi.waf.actions: The class that indicates the request processing should be halted and that a blank response should be returned.
BlockAction() - Constructor for class org.owasp.esapi.waf.actions.BlockAction
buildUrl(Map<DefaultEncoder.UriSegment, String>) - Method in class org.owasp.esapi.reference.DefaultEncoder: All the parts should be canonicalized by this point.
ByteConversionUtil - Class in org.owasp.esapi.util: Conversion to/from byte arrays to/from short, int, long.
ByteConversionUtil() - Constructor for class org.owasp.esapi.util.ByteConversionUtil

C

canEqual(Object) - Method in class org.owasp.esapi.crypto.CipherSpec: Needed for correct definition of equals for general classes.
canEqual(Object) - Method in class org.owasp.esapi.crypto.CipherText: Needed for correct definition of equals for general classes.
canEqual(Object) - Method in class org.owasp.esapi.crypto.PlainText: Needed for correct definition of equals for general classes.
CANONICALIZATION_CODECS - Static variable in class org.owasp.esapi.PropNames
CANONICALIZATION_CODECS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
canonicalize(String) - Method in interface org.owasp.esapi.Encoder: This method is equivalent to calling Encoder.canonicalize(input, restrictMultiple, restrictMixed);.
canonicalize(String, boolean) - Method in interface org.owasp.esapi.Encoder: This method is the equivalent to calling Encoder.canonicalize(input, strict, strict);.
canonicalize(String, boolean, boolean) - Method in interface org.owasp.esapi.Encoder: Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form.
canonicalize(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: This method is equivalent to calling Encoder.canonicalize(input, restrictMultiple, restrictMixed);.
canonicalize(String, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder: This method is the equivalent to calling Encoder.canonicalize(input, strict, strict);.
canonicalize(String, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder: Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form.
captureAndReplaceMatches(String) - Method in class org.owasp.esapi.codecs.ref.EncodingPatternPreservation: Replaces each matching instance of this instance's Pattern with an identifiable replacement marker.
CertificateException - Exception in org.owasp.esapi.errors: A CertificateException should be thrown for any problems that arise during processing of digital certificates.
CertificateException() - Constructor for exception org.owasp.esapi.errors.CertificateException: Instantiates a new certificate exception.
CertificateException(String, String) - Constructor for exception org.owasp.esapi.errors.CertificateException: Creates a new instance of CertificateException.
CertificateException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.CertificateException: Instantiates a new CertificateException.
changePassword(User, String, String, String) - Method in interface org.owasp.esapi.Authenticator: Changes the password for the specified user.
changePassword(String, String, String) - Method in class org.owasp.esapi.reference.DefaultUser: Sets the user's password, performing a verification of the user's old password, the equality of the two new passwords, and the strength of the new password.
changePassword(User, String, String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator: Changes the password for the specified user.
changePassword(String, String, String) - Method in interface org.owasp.esapi.User: Sets the user's password, performing a verification of the user's old password, the equality of the two new passwords, and the strength of the new password.
changeSessionIdentifier() - Method in interface org.owasp.esapi.HTTPUtilities: Calls changeSessionIdentifier with the *current* request.
changeSessionIdentifier(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities: Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
changeSessionIdentifier() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls changeSessionIdentifier with the *current* request.
changeSessionIdentifier(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
CHAR_ALPHANUMERICS - Static variable in class org.owasp.esapi.EncoderConstants: CHAR_LETTERS union CHAR_DIGITS
CHAR_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants: 0-9
CHAR_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants: CHAR_LOWERS union CHAR_UPPERS
CHAR_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants: a-b
CHAR_PASSWORD_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants: 2-9
CHAR_PASSWORD_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants: CHAR_PASSWORD_LOWERS union CHAR_PASSWORD_UPPERS
CHAR_PASSWORD_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants: Password character set, is alphanumerics (without l, i, I, o, O, and 0) selected specials like + (bad for URL encoding, | is like i and 1, etc...)
CHAR_PASSWORD_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants: !$*-.=?@_
CHAR_PASSWORD_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
CHAR_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants: !$*+-.=?@^_|~
CHAR_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants: A-Z
CHARACTER_ENCODING - Static variable in class org.owasp.esapi.PropNames
CHARACTER_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
charArrayToSet(char[]) - Static method in class org.owasp.esapi.reference.validation.BaseValidationRule: Convert an array of characters to a Set<Character> (so duplicates are removed).
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddHeaderRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddSecureFlagRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AuthenticatedRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.BeanShellRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.DetectOutboundContentRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.EnforceHTTPSRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.HTTPMethodRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.IPRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.MustMatchRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.PathExtensionRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.ReplaceContentRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.RestrictContentTypeRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.RestrictUserAgentRule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.Rule
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule
checkError() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
CIPHER_TRANSFORMATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
CIPHER_TRANSFORMATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
CipherSpec - Class in org.owasp.esapi.crypto: Specifies all the relevant configuration data needed in constructing and using a Cipher except for the encryption key.
CipherSpec(String, int, int, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec: CTOR that explicitly sets everything.
CipherSpec(String, int, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec: CTOR that sets everything but IV.
CipherSpec(String, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec: CTOR that sets everything but block size and IV.
CipherSpec(String, int, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec: CTOR that sets everything except block size.
CipherSpec(Cipher) - Constructor for class org.owasp.esapi.crypto.CipherSpec: CTOR that sets everything except for the cipher key size and possibly the IV.
CipherSpec(Cipher, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec: CTOR that sets everything.
CipherSpec(byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec
CipherSpec() - Constructor for class org.owasp.esapi.crypto.CipherSpec: Default CTOR.
CipherText - Class in org.owasp.esapi.crypto: A Serializable interface representing the result of encrypting plaintext and some additional information about the encryption algorithm, the IV (if pertinent), and an optional Message Authentication Code (MAC).
CipherText() - Constructor for class org.owasp.esapi.crypto.CipherText: Default CTOR.
CipherText(CipherSpec) - Constructor for class org.owasp.esapi.crypto.CipherText: Construct from a CipherSpec object.
CipherText(CipherSpec, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherText: Construct from a CipherSpec object and the raw ciphertext.
CIPHERTEXT_USE_MAC - Static variable in class org.owasp.esapi.PropNames
CIPHERTEXT_USE_MAC - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
CipherTextSerializer - Class in org.owasp.esapi.crypto: Helper class to assist with programming language and platform independent serialization of CipherText objects.
CipherTextSerializer(CipherText) - Constructor for class org.owasp.esapi.crypto.CipherTextSerializer
CipherTextSerializer(byte[]) - Constructor for class org.owasp.esapi.crypto.CipherTextSerializer: Given byte array in network byte order (i.e., big-endian order), convert it so that a CipherText can be constructed from it.
cipherTextSerializerVersion - Static variable in class org.owasp.esapi.crypto.CipherTextSerializer
cipherTextVersion - Static variable in class org.owasp.esapi.crypto.CipherText
cleanMessage(String) - Method in class org.owasp.esapi.logging.cleaning.CodecLogScrubber
cleanMessage(String) - Method in class org.owasp.esapi.logging.cleaning.CompositeLogScrubber
cleanMessage(String) - Method in interface org.owasp.esapi.logging.cleaning.LogScrubber: Updates the given message to account for restrictions for this implementation and returns the result.
cleanMessage(String) - Method in class org.owasp.esapi.logging.cleaning.NewlineLogScrubber
clear() - Method in class org.owasp.esapi.codecs.HashTrie: Clear all entries.
clear() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
clear() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
clearAttributes() - Method in class org.owasp.esapi.crypto.CryptoToken: Removes all the attributes (if any) associated with this token.
clearCurrent() - Method in interface org.owasp.esapi.Authenticator: Clears the current User.
clearCurrent() - Static method in class org.owasp.esapi.ESAPI: Clears the current User, HttpRequest, and HttpResponse associated with the current thread.
clearCurrent() - Method in interface org.owasp.esapi.HTTPUtilities: Clears the current HttpRequest and HttpResponse associated with the current thread.
clearCurrent() - Method in class org.owasp.esapi.reference.AbstractAuthenticator: Clears the current User.
clearCurrent() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Clears the current HttpRequest and HttpResponse associated with the current thread.
ClickjackFilter - Class in org.owasp.esapi.filters: The ClickjackFilter is configured as follows:
ClickjackFilter() - Constructor for class org.owasp.esapi.filters.ClickjackFilter
ClientInfoSupplier - Class in org.owasp.esapi.logging.appender: Supplier which can provide a String representing the client-side connection information.
ClientInfoSupplier() - Constructor for class org.owasp.esapi.logging.appender.ClientInfoSupplier
clone() - Method in class org.owasp.esapi.reference.DefaultUser: Override clone and make final to prevent duplicate user objects.
close() - Method in class org.owasp.esapi.codecs.Base64.OutputStream: Flushes and closes (I think, in the superclass) the stream.
close() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
close() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
Codec<T> - Interface in org.owasp.esapi.codecs: The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding).
CodecLogScrubber - Class in org.owasp.esapi.logging.cleaning: Implementation of a LogScrubber which passes strings through a delegate codec with specific character immunity sets.
CodecLogScrubber(Codec<?>, char[]) - Constructor for class org.owasp.esapi.logging.cleaning.CodecLogScrubber: Ctr.
CollectionsUtil - Class in org.owasp.esapi.util
COMBINED_CIPHER_MODES - Static variable in class org.owasp.esapi.PropNames
COMBINED_CIPHER_MODES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
commit() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
commit() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
compareTo(AbstractPrioritizedPropertyLoader) - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
CompositeLogScrubber - Class in org.owasp.esapi.logging.cleaning: LogScrubber implementation which performs iterative delegate to an ordered List of LogScrubbers.
CompositeLogScrubber(List<LogScrubber>) - Constructor for class org.owasp.esapi.logging.cleaning.CompositeLogScrubber: Ctr.
computeAndStoreMAC(SecretKey) - Method in class org.owasp.esapi.crypto.CipherText: Compute and store the Message Authentication Code (MAC) if the ESAPI property Encryptor.CipherText.useMAC is set to true.
computeDerivedKey(SecretKey, int, String) - Static method in class org.owasp.esapi.crypto.CryptoHelper: Deprecated.
Use same method in KeyDerivationFunction instead. This method will be removed as of ESAPI release 2.3 so if you are using this, please CHANGE YOUR CODE. Note that the replacement is not a static method, so create your own wrapper if you wish, but this will soon disappear.
computeDerivedKey(SecretKey, int, String) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction: The method is ESAPI's Key Derivation Function (KDF) that computes a derived key from the keyDerivationKey for either encryption / decryption or for authentication.
ConfigurationException - Exception in org.owasp.esapi.errors: A ConfigurationException should be thrown when a problem arises because of a problem in one of ESAPI's configuration files, such as a missing required property or invalid setting of a property, or missing or unreadable configuration file, etc.
ConfigurationException(Exception) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
ConfigurationException(String) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
ConfigurationException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
ConfigurationException(Throwable) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
ConfigurationException - Exception in org.owasp.esapi.waf: The Exception to be thrown when there is an error parsing a policy file.
ConfigurationException(String, String) - Constructor for exception org.owasp.esapi.waf.ConfigurationException
ConfigurationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.waf.ConfigurationException
ConfigurationParser - Class in org.owasp.esapi.waf.configuration: The class used to turn a policy file's contents into an object model.
ConfigurationParser() - Constructor for class org.owasp.esapi.waf.configuration.ConfigurationParser
contains(StringBuilder, char) - Static method in class org.owasp.esapi.StringUtilities: Returns true if the character is contained in the provided StringBuilder.
containsCharacter(char, char[]) - Method in class org.owasp.esapi.codecs.AbstractCodec: Utility to search a char[] for a specific char.
containsCharacter(char, char[]) - Method in interface org.owasp.esapi.codecs.Codec: Utility to search a char[] for a specific char.
containsHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
containsKey(Object) - Method in class org.owasp.esapi.codecs.HashTrie
containsKey(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
containsValue(Object) - Method in class org.owasp.esapi.codecs.HashTrie
containsValue(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
convertIntToPRF(int) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
convertNameToPRF(String) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
COOKIE - Static variable in interface org.owasp.esapi.HTTPUtilities
copyByteArray(byte[], byte[], int) - Static method in class org.owasp.esapi.crypto.CryptoHelper: Same as System.arraycopy(src, 0, dest, 0, length).
copyByteArray(byte[], byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper: Same as copyByteArray(src, dest, src.length).
count - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold: The count at which this threshold is triggered.
createPropertyLoader(EsapiConfiguration) - Static method in class org.owasp.esapi.configuration.EsapiPropertyLoaderFactory
createUser(String, String, String) - Method in interface org.owasp.esapi.Authenticator: Creates a new User with the information provided.
createUser(String, String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator: Creates a new User with the information provided.
CREDIT_CARD_VALIDATOR_KEY - Static variable in class org.owasp.esapi.reference.validation.CreditCardValidationRule: Key used to pull out encoder in configuration.
CreditCardValidationRule - Class in org.owasp.esapi.reference.validation: A validator performs syntax and possibly semantic validation of Credit Card String from an untrusted source.
CreditCardValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.CreditCardValidationRule: Creates a CreditCardValidator using the rule found in security configuration
CreditCardValidationRule(String, Encoder, StringValidationRule) - Constructor for class org.owasp.esapi.reference.validation.CreditCardValidationRule
CryptoDiscoverer - Class in org.owasp.esapi.crypto
CryptoDiscoverer() - Constructor for class org.owasp.esapi.crypto.CryptoDiscoverer
CryptoHelper - Class in org.owasp.esapi.crypto: Class to provide some convenience methods for encryption, decryption, etc.
CryptoToken - Class in org.owasp.esapi.crypto: Compute a cryptographically secure, encrypted token containing optional name/value pairs.
CryptoToken() - Constructor for class org.owasp.esapi.crypto.CryptoToken: Create a cryptographic token using default secret key from the ESAPI.properties property Encryptor.MasterKey.
CryptoToken(SecretKey) - Constructor for class org.owasp.esapi.crypto.CryptoToken: Create a cryptographic token using specified SecretKey.
CryptoToken(String) - Constructor for class org.owasp.esapi.crypto.CryptoToken: Create using previously encrypted token encrypted with default secret key from ESAPI.properties.
CryptoToken(SecretKey, String) - Constructor for class org.owasp.esapi.crypto.CryptoToken: Create cryptographic token using previously encrypted token that was encrypted with specified secret key.
CSRF_TOKEN_NAME - Static variable in interface org.owasp.esapi.HTTPUtilities
CSSCodec - Class in org.owasp.esapi.codecs: Implementation of the Codec interface for backslash encoding used in CSS.
CSSCodec() - Constructor for class org.owasp.esapi.codecs.CSSCodec
currentRequest() - Static method in class org.owasp.esapi.ESAPI: Get the current HTTP Servlet Request being processed.
currentResponse() - Static method in class org.owasp.esapi.ESAPI: Get the current HTTP Servlet Response being generated.

D

DateValidationRule - Class in org.owasp.esapi.reference.validation: A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
DateValidationRule(String, Encoder, DateFormat) - Constructor for class org.owasp.esapi.reference.validation.DateValidationRule
DB2Codec - Class in org.owasp.esapi.codecs: Implementation of the Codec interface for DB2 strings.
DB2Codec() - Constructor for class org.owasp.esapi.codecs.DB2Codec
DEBUG - Static variable in interface org.owasp.esapi.Logger: DEBUG indicates that DEBUG messages and above should be logged.
debug(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger: Log a debug level security event if 'debug' level logging is enabled.
debug(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger: Log a debug level security event if 'debug' level logging is enabled and also record the stack trace associated with the event.
debug(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger
debug(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger
debug(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
debug(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
decode(String) - Method in class org.owasp.esapi.codecs.AbstractCharacterCodec
decode(String) - Method in class org.owasp.esapi.codecs.AbstractIntegerCodec: Decode a String that was encoded using the encode method in this Class
DECODE - Static variable in class org.owasp.esapi.codecs.Base64: Specify decoding.
decode(byte[], int, int, int) - Static method in class org.owasp.esapi.codecs.Base64: Very low-level access to decoding ASCII characters in the form of a byte array.
decode(String) - Static method in class org.owasp.esapi.codecs.Base64: Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
decode(String, int) - Static method in class org.owasp.esapi.codecs.Base64: Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
decode(String) - Method in interface org.owasp.esapi.codecs.Codec: Decode a String that was encoded using the encode method in this Class
decode(String) - Static method in class org.owasp.esapi.codecs.Hex: Decode hexadecimal-encoded string and return raw byte array.
decodeCharacter(PushbackSequence<T>) - Method in class org.owasp.esapi.codecs.AbstractCodec
decodeCharacter(PushbackSequence<T>) - Method in interface org.owasp.esapi.codecs.Codec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.CSSCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.DB2Codec
decodeCharacter(PushbackSequence<Integer>) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.JavaScriptCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.LegacyHTMLEntityCodec: Deprecated.

Returns the decoded version of the character starting at index, or null if no decoding is possible.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.MySQLCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.OracleCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.PercentCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.UnixCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.VBScriptCodec: Returns the decoded version of the character starting at index, or null if no decoding is possible.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.WindowsCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeCharacter(PushbackSequence<Character>) - Method in class org.owasp.esapi.codecs.XMLEntityCodec: Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
decodeFileToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64: Reads infile and decodes it to outfile.
decodeForHTML(String) - Method in interface org.owasp.esapi.Encoder: Decodes HTML entities.
decodeForHTML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Decodes HTML entities.
decodeFromBase64(String) - Method in interface org.owasp.esapi.Encoder: Decode data encoded with BASE-64 encoding.
decodeFromBase64(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Decode data encoded with BASE-64 encoding.
decodeFromFile(String) - Static method in class org.owasp.esapi.codecs.Base64: Convenience method for reading a base64-encoded file and decoding it.
decodeFromURL(String) - Method in interface org.owasp.esapi.Encoder: Decode from URL.
decodeFromURL(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Decode from URL.
decodeToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64: Convenience method for decoding data to a file.
decrypt(CipherText) - Method in interface org.owasp.esapi.Encryptor: Decrypts the provided CipherText using the information from it and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
decrypt(SecretKey, CipherText) - Method in interface org.owasp.esapi.Encryptor: Decrypts the provided CipherText using the information from it and the specified secret key.
decrypt(CipherText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor: Decrypts the provided CipherText using the information from it and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
decrypt(SecretKey, CipherText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor: Decrypts the provided CipherText using the information from it and the specified secret key.
decryptHiddenField(String) - Method in interface org.owasp.esapi.HTTPUtilities: Decrypts an encrypted hidden field value and returns the cleartext.
decryptHiddenField(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Decrypts an encrypted hidden field value and returns the cleartext.
decryptQueryString(String) - Method in interface org.owasp.esapi.HTTPUtilities: Takes an encrypted querystring and returns a Map containing the original parameters.
decryptQueryString(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Takes an encrypted querystring and returns a Map containing the original parameters.
decryptStateFromCookie() - Method in interface org.owasp.esapi.HTTPUtilities: Calls decryptStateFromCookie with the *current* request.
decryptStateFromCookie(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities: Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
decryptStateFromCookie() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls decryptStateFromCookie with the *current* request.
decryptStateFromCookie(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
DEFAULT_ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_CHARACTER_ENCODING - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
DEFAULT_CONTENT_TYPE - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
DEFAULT_ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_FAIL_ACTION - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
DEFAULT_HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_RESOURCE_FILE - Static variable in class org.owasp.esapi.PropNames: The name of the ESAPI property file
DEFAULT_RESOURCE_FILE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DEFAULT_VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
DEFAULT_VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DefaultAccessController - Class in org.owasp.esapi.reference
DefaultAction - Class in org.owasp.esapi.waf.actions: The class that indicates the default action as indicated by the policy file should be executed.
DefaultAction() - Constructor for class org.owasp.esapi.waf.actions.DefaultAction
DefaultEncoder - Class in org.owasp.esapi.reference: Reference implementation of the Encoder interface.
DefaultEncoder(List<String>) - Constructor for class org.owasp.esapi.reference.DefaultEncoder: Instantiates a new DefaultEncoder based on the specified list of codec names.
DefaultEncoder.UriSegment - Enum in org.owasp.esapi.reference
DefaultEncryptedProperties - Class in org.owasp.esapi.reference.crypto: Reference implementation of the EncryptedProperties interface.
DefaultEncryptedProperties() - Constructor for class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties: Instantiates a new encrypted properties.
DefaultExecutor - Class in org.owasp.esapi.reference: Reference implementation of the Executor interface.
DefaultHTTPUtilities - Class in org.owasp.esapi.reference: Reference implementation of the HTTPUtilities interface.
DefaultHTTPUtilities() - Constructor for class org.owasp.esapi.reference.DefaultHTTPUtilities: No arg constructor.
DefaultIntrusionDetector - Class in org.owasp.esapi.reference: Reference implementation of the IntrusionDetector interface.
DefaultIntrusionDetector() - Constructor for class org.owasp.esapi.reference.DefaultIntrusionDetector
DefaultMessageUtil - Class in org.owasp.esapi.util
DefaultMessageUtil() - Constructor for class org.owasp.esapi.util.DefaultMessageUtil
DefaultRandomizer - Class in org.owasp.esapi.reference: Reference implementation of the Randomizer interface.
DefaultSecurityConfiguration - Class in org.owasp.esapi.reference: The reference SecurityConfiguration manages all the settings used by the ESAPI in a single place.
DefaultSecurityConfiguration(Properties) - Constructor for class org.owasp.esapi.reference.DefaultSecurityConfiguration: Instantiates a new configuration with the supplied properties.
DefaultSecurityConfiguration() - Constructor for class org.owasp.esapi.reference.DefaultSecurityConfiguration: Instantiates a new configuration.
DefaultUser - Class in org.owasp.esapi.reference: Reference implementation of the User interface.
DefaultUser(String) - Constructor for class org.owasp.esapi.reference.DefaultUser: Instantiates a new user.
DefaultValidator - Class in org.owasp.esapi.reference: Reference implementation of the Validator interface.
DefaultValidator() - Constructor for class org.owasp.esapi.reference.DefaultValidator: Default constructor uses the ESAPI standard encoder for canonicalization.
DefaultValidator(Encoder) - Constructor for class org.owasp.esapi.reference.DefaultValidator: Construct a new DefaultValidator that will use the specified Encoder for canonicalization.
delegateInstance - Variable in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
delegateMethod - Variable in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
DelegatingACR - Class in org.owasp.esapi.reference.accesscontrol
DelegatingACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.DelegatingACR
destroy() - Method in class org.owasp.esapi.filters.ClickjackFilter
destroy() - Method in class org.owasp.esapi.filters.ESAPIFilter: Called by the web container to indicate to a filter that it is being taken out of service.
destroy() - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter: Called by the web container to indicate to a filter that it is being taken out of service.
destroy() - Method in class org.owasp.esapi.filters.SecurityWrapper
destroy() - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
DetectOutboundContentRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <detect-content> rules.
DetectOutboundContentRule(String, Pattern, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.DetectOutboundContentRule
DIGITAL_SIGNATURE_ALGORITHM - Static variable in class org.owasp.esapi.PropNames
DIGITAL_SIGNATURE_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DIGITAL_SIGNATURE_KEY_LENGTH - Static variable in class org.owasp.esapi.PropNames
DIGITAL_SIGNATURE_KEY_LENGTH - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
disable() - Method in class org.owasp.esapi.reference.DefaultUser: Disable this user's account.
disable() - Method in interface org.owasp.esapi.User: Disable this user's account.
DISABLE_INTRUSION_DETECTION - Static variable in class org.owasp.esapi.PropNames
DISABLE_INTRUSION_DETECTION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
DISCARD_LOGSPECIAL - Static variable in class org.owasp.esapi.PropNames: Special java.lang.System property that, if set to true, will disable logging from DefaultSecurityConfiguration.logToStdout() methods, which is called from various logSpecial() methods.
DISCARD_LOGSPECIAL - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
doAfterBody() - Method in class org.owasp.esapi.tags.BaseEncodeTag: After tag body parsing handler.
doesCookieMatch(String) - Method in class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
doesCookieMatch(String) - Method in class org.owasp.esapi.waf.rules.AddSecureFlagRule
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.ClickjackFilter: Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.ESAPIFilter: The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter: Checks to see if the current session has exceeded the allowed number of requests in the specified time period.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.SecurityWrapper
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter: This is the where the main interception and rule-checking logic of the WAF resides.
DoNothingAction - Class in org.owasp.esapi.waf.actions: The class that indicates that no further action is necessary.
DoNothingAction() - Constructor for class org.owasp.esapi.waf.actions.DoNothingAction
DONT_BREAK_LINES - Static variable in class org.owasp.esapi.codecs.Base64: Don't break lines when encoding (violates strict Base64 specification)
dtoi - Variable in class org.owasp.esapi.reference.AbstractAccessReferenceMap: The Direct to Indirect Map
DynaBeanACRParameter - Class in org.owasp.esapi.reference.accesscontrol: A DynaBean comes from the apache bean utils.
DynaBeanACRParameter() - Constructor for class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
DynaBeanACRParameterLoader - Class in org.owasp.esapi.reference.accesscontrol.policyloader
DynaBeanACRParameterLoader() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader

E

EchoDynaBeanPolicyParameterACR - Class in org.owasp.esapi.reference.accesscontrol.policyloader
EchoDynaBeanPolicyParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR
EchoRuntimeParameterACR - Class in org.owasp.esapi.reference.accesscontrol
EchoRuntimeParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
elements() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties: This method has been overridden to throw an UnsupportedOperationException
ELEncodeFunctions - Class in org.owasp.esapi.tags: Static encoder methods for JSP EL expression functions.
enable() - Method in class org.owasp.esapi.reference.DefaultUser: Enable this user's account.
enable() - Method in interface org.owasp.esapi.User: Enable this user's account.
ENABLE_UNSAFE_SERIALIZATION - Static variable in class org.owasp.esapi.codecs.Base64: System property name that must be set to true in order to invoke Base64.decodeToObject().
encode(char[], String) - Method in class org.owasp.esapi.codecs.AbstractCodec: Encode a String so that it can be safely used in a specific context.
ENCODE - Static variable in class org.owasp.esapi.codecs.Base64: Specify encoding.
encode(char[], String) - Method in interface org.owasp.esapi.codecs.Codec: Encode a String so that it can be safely used in a specific context.
encode(char[], String) - Method in class org.owasp.esapi.codecs.CSSCodec
encode(byte[], boolean) - Static method in class org.owasp.esapi.codecs.Hex: Output byte representation as hexadecimal representation.
encode(char[], String) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec: Given an array of char, scan the input String and encode unsafe codePoints, except for codePoints passed into the char array.
encode(char[], String) - Method in class org.owasp.esapi.codecs.VBScriptCodec: Encode a String so that it can be safely used in a specific context.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.BaseEncodeTag: Encode tag's content.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag: Encode tag's content using Base64.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForCSSTag: Encode tag's content for usage in CSS.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLAttributeTag: Encode tag's content for usage as a HTML attribute.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLTag: Encode tag's content for usage in HTML.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForJavaScriptTag: Encode tag's content for usage in JavaScript
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForURLTag: Encode tag's content for usage in a URL.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForVBScriptTag: Encode tag's content for usage in VBScript.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLAttributeTag: Encode tag's content for usage as a XML attribute.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLTag: Encode tag's content for usage in XML.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXPathTag: Encode tag's content for usage in XPath.
encodeBytes(byte[]) - Static method in class org.owasp.esapi.codecs.Base64: Encodes a byte array into Base64 notation.
encodeBytes(byte[], int) - Static method in class org.owasp.esapi.codecs.Base64: Encodes a byte array into Base64 notation.
encodeBytes(byte[], int, int) - Static method in class org.owasp.esapi.codecs.Base64: Encodes a byte array into Base64 notation.
encodeBytes(byte[], int, int, int) - Static method in class org.owasp.esapi.codecs.Base64: Encodes a byte array into Base64 notation.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.AbstractCodec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], char) - Method in class org.owasp.esapi.codecs.AbstractCodec: To prevent accidental footgun usage and calling AbstractCodec.encodeCharacter( char[], int) when called with char and char is first silently converted to int and then the unexpected method is called.
encodeCharacter(char[], int) - Method in class org.owasp.esapi.codecs.AbstractCodec
encodeCharacter(char[], Character) - Method in interface org.owasp.esapi.codecs.Codec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], int) - Method in interface org.owasp.esapi.codecs.Codec: Default codepoint implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.CSSCodec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.DB2Codec
encodeCharacter(char[], int) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec: Default codepoint implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.JavaScriptCodec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.LegacyHTMLEntityCodec: Deprecated.

Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.MySQLCodec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.OracleCodec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.PercentCodec: Encode a character for URLs
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.UnixCodec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.VBScriptCodec: Returns quote-encoded character
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.WindowsCodec: Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.XMLEntityCodec: Default implementation that should be overridden in specific codecs.
encodeFileToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64: Reads infile and encodes it to outfile.
encodeForBase64(byte[], boolean) - Method in interface org.owasp.esapi.Encoder: Encode for Base64.
encodeForBase64(byte[], boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode for Base64.
encodeForBase64(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Base64 encode a string.
encodeForBase64Charset(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Base64 encode a string after converting to bytes using the specified character set.
encodeForBase64CharsetWrap(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Base64 encode a string after converting to bytes using the specified character set and wrapping lines.
EncodeForBase64Tag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body using Base64.
EncodeForBase64Tag() - Constructor for class org.owasp.esapi.tags.EncodeForBase64Tag
encodeForBase64Wrap(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Base64 encode a string with line wrapping.
encodeForCSS(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in Cascading Style Sheets (CSS) content.
encodeForCSS(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in Cascading Style Sheets (CSS) content.
encodeForCSS(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in CSS.
EncodeForCSSTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in CSS.
EncodeForCSSTag() - Constructor for class org.owasp.esapi.tags.EncodeForCSSTag
encodeForDN(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in an LDAP distinguished name.
encodeForDN(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in an LDAP distinguished name.
encodeForHTML(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in HTML using HTML entity encoding
encodeForHTML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in HTML using HTML entity encoding
encodeForHTML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in HTML.
encodeForHTMLAttribute(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in HTML attributes.
encodeForHTMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in HTML attributes.
encodeForHTMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in a HTML attribute.
EncodeForHTMLAttributeTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in a HTML attribute.
EncodeForHTMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLAttributeTag
EncodeForHTMLTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in HTML.
EncodeForHTMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLTag
encodeForJavaScript(String) - Method in interface org.owasp.esapi.Encoder: Encode data for insertion inside a data value or function argument in JavaScript.
encodeForJavaScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for insertion inside a data value or function argument in JavaScript.
encodeForJavaScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in JavaScript.
EncodeForJavaScriptTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in JavaScript.
EncodeForJavaScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForJavaScriptTag
encodeForLDAP(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in LDAP queries.
encodeForLDAP(String, boolean) - Method in interface org.owasp.esapi.Encoder: Encode data for use in LDAP queries.
encodeForLDAP(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in LDAP queries.
encodeForLDAP(String, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in LDAP queries.
encodeForOS(Codec, String) - Method in interface org.owasp.esapi.Encoder: Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
encodeForOS(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
encodeForSQL(Codec, String) - Method in interface org.owasp.esapi.Encoder: Encode input for use in a SQL query, according to the selected codec (appropriate codecs include the MySQLCodec and OracleCodec).
encodeForSQL(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode input for use in a SQL query, according to the selected codec (appropriate codecs include the MySQLCodec and OracleCodec).
encodeForURL(String) - Method in interface org.owasp.esapi.Encoder: Encode for use in a URL.
encodeForURL(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode for use in a URL.
encodeForURL(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in a URL.
EncodeForURLTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in a URL.
EncodeForURLTag() - Constructor for class org.owasp.esapi.tags.EncodeForURLTag
encodeForVBScript(String) - Method in interface org.owasp.esapi.Encoder: Encode data for insertion inside a data value in a Visual Basic script.
encodeForVBScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for insertion inside a data value in a Visual Basic script.
encodeForVBScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in VBScript.
EncodeForVBScriptTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in VBScript.
EncodeForVBScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForVBScriptTag
encodeForXML(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in an XML element.
encodeForXML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in an XML element.
encodeForXML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in XML.
encodeForXMLAttribute(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in an XML attribute.
encodeForXMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in an XML attribute.
encodeForXMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in a XML attribute.
EncodeForXMLAttributeTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in a XML attribute.
EncodeForXMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLAttributeTag
EncodeForXMLTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in XML.
EncodeForXMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLTag
encodeForXPath(String) - Method in interface org.owasp.esapi.Encoder: Encode data for use in an XPath query.
encodeForXPath(String) - Method in class org.owasp.esapi.reference.DefaultEncoder: Encode data for use in an XPath query.
encodeForXPath(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions: Encode string for use in XPath.
EncodeForXPathTag - Class in org.owasp.esapi.tags: JSP tag that encode's it's body for use in XPath.
EncodeForXPathTag() - Constructor for class org.owasp.esapi.tags.EncodeForXPathTag
encodeFromFile(String) - Static method in class org.owasp.esapi.codecs.Base64: Convenience method for reading a binary file and base64-encoding it.
Encoder - Interface in org.owasp.esapi: The Encoder interface contains a number of methods for decoding input and encoding output so that it will be safe for a variety of interpreters.
encoder() - Static method in class org.owasp.esapi.ESAPI: The ESAPI Encoder is primarilly used to provide output encoding to prevent Cross-Site Scripting (XSS).
encoder - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
EncoderConstants - Class in org.owasp.esapi: Common character classes used for input validation, output encoding, verifying password strength CSRF token generation, generating salts, etc
encodeRedirectUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Deprecated.
in servlet spec 2.1. Use SecurityWrapperResponse.encodeRedirectUrl(String) instead.
encodeRedirectURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected.
encodeToFile(byte[], String) - Static method in class org.owasp.esapi.codecs.Base64: Convenience method for encoding data to a file.
encodeUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Deprecated.
in servlet spec 2.1. Use SecurityWrapperResponse.encodeURL(String) instead.
encodeURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected.
EncodingException - Exception in org.owasp.esapi.errors: An EncodingException should be thrown for any problems that occur when encoding or decoding data.
EncodingException() - Constructor for exception org.owasp.esapi.errors.EncodingException: Instantiates a new service exception.
EncodingException(String, String) - Constructor for exception org.owasp.esapi.errors.EncodingException: Creates a new instance of EncodingException.
EncodingException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncodingException: Instantiates a new EncodingException.
EncodingPatternPreservation - Class in org.owasp.esapi.codecs.ref: String mutation utility which can be used to replace all occurrences of a defined regular expression with a marker string, and also restore the original string content.
EncodingPatternPreservation(Pattern) - Constructor for class org.owasp.esapi.codecs.ref.EncodingPatternPreservation: Constructor.
encrypt(PlainText) - Method in interface org.owasp.esapi.Encryptor: Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
encrypt(SecretKey, PlainText) - Method in interface org.owasp.esapi.Encryptor: Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation as defined in the ESAPI.properties file and the specified secret key.
encrypt(PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor: Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
encrypt(SecretKey, PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor: Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation as defined in the ESAPI.properties file and the specified secret key.
EncryptedProperties - Interface in org.owasp.esapi: The EncryptedProperties interface represents a properties file where all the data is encrypted before it is added, and decrypted when it retrieved.
EncryptedPropertiesUtils - Class in org.owasp.esapi.reference.crypto: Command line utilities for reading, writing and creating encrypted properties files.
EncryptedPropertiesUtils() - Constructor for class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
encryptHiddenField(String) - Method in interface org.owasp.esapi.HTTPUtilities: Encrypts a hidden field value for use in HTML.
encryptHiddenField(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Encrypts a hidden field value for use in HTML.
ENCRYPTION_ALGORITHM - Static variable in class org.owasp.esapi.PropNames
ENCRYPTION_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
EncryptionException - Exception in org.owasp.esapi.errors: An EncryptionException should be thrown for any problems related to encryption, hashing, or digital signatures.
EncryptionException() - Constructor for exception org.owasp.esapi.errors.EncryptionException: Instantiates a new EncryptionException.
EncryptionException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionException: Creates a new instance of EncryptionException.
EncryptionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionException: Instantiates a new EncryptionException.
EncryptionRuntimeException - Exception in org.owasp.esapi.errors: An EncryptionRuntimeException should be thrown for any problems related to encryption, hashing, or digital signatures.
EncryptionRuntimeException() - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException: Instantiates a new EncryptionException.
EncryptionRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException: Creates a new instance of EncryptionException.
EncryptionRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException: Instantiates a new EncryptionException.
Encryptor - Interface in org.owasp.esapi: The Encryptor interface provides a set of methods for performing common encryption, random number, and hashing operations.
encryptor() - Static method in class org.owasp.esapi.ESAPI
encryptQueryString(String) - Method in interface org.owasp.esapi.HTTPUtilities: Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
encryptQueryString(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
encryptStateInCookie(Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities: Calls encryptStateInCookie with the *current* response.
encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities: Stores a Map of data in an encrypted cookie.
encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Stores a Map of data in an encrypted cookie.
encryptStateInCookie(Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls encryptStateInCookie with the *current* response.
EnforceHTTPSRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <enforce-https> rules.
EnforceHTTPSRule(String, Pattern, List<Object>, String) - Constructor for class org.owasp.esapi.waf.rules.EnforceHTTPSRule
EnterpriseSecurityException - Exception in org.owasp.esapi.errors: EnterpriseSecurityException is the base class for all security related exceptions.
EnterpriseSecurityException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException: Instantiates a new enterprise security exception.
EnterpriseSecurityException(String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException: Instantiates a new enterprise security exception with a user message.
EnterpriseSecurityException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException: Instantiates a new enterprise security exception with a user message and cause.
EnterpriseSecurityException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException: Creates a new instance of EnterpriseSecurityException.
EnterpriseSecurityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException: Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
EnterpriseSecurityRuntimeException - Exception in org.owasp.esapi.errors: EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions.
EnterpriseSecurityRuntimeException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException: Instantiates a new enterprise security runtime exception.
EnterpriseSecurityRuntimeException(String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException: Instantiates a new enterprise security runtime exception with a user message.
EnterpriseSecurityRuntimeException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException: Instantiates a new enterprise security runtime exception with a user message and cause.
EnterpriseSecurityRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException: Creates a new instance of EnterpriseSecurityException.
EnterpriseSecurityRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException: Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
entrySet() - Method in class org.owasp.esapi.codecs.HashTrie
entrySet() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
entrySet() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
entrySet() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties: This method has been overridden to throw an UnsupportedOperationException
equals(Object) - Method in class org.owasp.esapi.codecs.HashTrie
equals(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
equals(Object) - Method in class org.owasp.esapi.crypto.CipherSpec
equals(Object) - Method in class org.owasp.esapi.crypto.CipherText
equals(Object) - Method in class org.owasp.esapi.crypto.PlainText
equals(Object, Object) - Static method in class org.owasp.esapi.util.NullSafe: Object.equals(Object) that safely handles nulls.
ERROR - Static variable in interface org.owasp.esapi.Logger: ERROR indicates that ERROR messages and above should be logged.
error(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger: Log an error level security event if 'error' level logging is enabled.
error(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger: Log an error level security event if 'error' level logging is enabled and also record the stack trace associated with the event.
error(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger
error(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger
error(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
error(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
ERROR_LEVEL - Static variable in class org.owasp.esapi.logging.java.ESAPICustomJavaLevel: Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly by java.util.Logger already.
ERROR_LEVEL - Static variable in class org.owasp.esapi.logging.java.ESAPIErrorJavaLevel: Deprecated.
errors() - Method in class org.owasp.esapi.ValidationErrorList: Returns list of ValidationException, or empty list of no errors exist.
ESAPI - Class in org.owasp.esapi: ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
ESAPI_STATE - Static variable in interface org.owasp.esapi.HTTPUtilities
EsapiConfiguration - Enum in org.owasp.esapi.configuration.consts: Enum used for initialization of esapi configuration files.
EsapiConfigurationType - Enum in org.owasp.esapi.configuration.consts: Supported esapi configuration file types.
ESAPICustomJavaLevel - Class in org.owasp.esapi.logging.java: Definitions of customized Java Logging Level options to map ESAPI behavior to the desired Java Log output behaviors.
ESAPIErrorJavaLevel - Class in org.owasp.esapi.logging.java: Deprecated.
10/24/2020 : References should use ESAPICustomJavaLevel.ERROR_LEVEL
ESAPIFilter - Class in org.owasp.esapi.filters
ESAPIFilter() - Constructor for class org.owasp.esapi.filters.ESAPIFilter
EsapiPropertyLoader - Interface in org.owasp.esapi.configuration: Generic interface for loading security configuration properties.
EsapiPropertyLoaderFactory - Class in org.owasp.esapi.configuration: Factory class that takes care of initialization of proper instance of EsapiPropertyLoader based on EsapiPropertiesStore
EsapiPropertyLoaderFactory() - Constructor for class org.owasp.esapi.configuration.EsapiPropertyLoaderFactory
EsapiPropertyManager - Class in org.owasp.esapi.configuration: Manager used for loading security configuration properties.
EsapiPropertyManager() - Constructor for class org.owasp.esapi.configuration.EsapiPropertyManager
ESAPIWebApplicationFirewallFilter - Class in org.owasp.esapi.waf: This is the main class for the ESAPI Web Application Firewall (WAF).
ESAPIWebApplicationFirewallFilter() - Constructor for class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
EVENT_FAILURE - Static variable in interface org.owasp.esapi.Logger: A non-security type of log event that has failed.
EVENT_SUCCESS - Static variable in interface org.owasp.esapi.Logger: A non-security type of log event that has succeeded.
EVENT_UNSPECIFIED - Static variable in interface org.owasp.esapi.Logger: A non-security type of log event that is unspecified.
EventType(String, Boolean) - Constructor for class org.owasp.esapi.Logger.EventType
EventTypeLogSupplier - Class in org.owasp.esapi.logging.appender: Supplier implementation which returns a consistent String representation of an EventType for logging
EventTypeLogSupplier(Logger.EventType) - Constructor for class org.owasp.esapi.logging.appender.EventTypeLogSupplier: Ctr
ExecuteResult - Class in org.owasp.esapi: The ExecuteResult class encapsulates the pieces of data that can be returned from a process executed by the Executor interface.
ExecuteResult(int, String, String) - Constructor for class org.owasp.esapi.ExecuteResult: Constructs an ExecuteResult from the given values.
executeSystemCommand(File, List) - Method in interface org.owasp.esapi.Executor: Invokes the specified executable with default workdir and codec and not logging parameters.
executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in interface org.owasp.esapi.Executor: Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
executeSystemCommand(File, List) - Method in class org.owasp.esapi.reference.DefaultExecutor: Invokes the specified executable with default workdir and codec and not logging parameters.
executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultExecutor: Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
executor() - Static method in class org.owasp.esapi.ESAPI
Executor - Interface in org.owasp.esapi: The Executor interface is used to run an OS command with reduced security risk.
EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames
EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
ExecutorException - Exception in org.owasp.esapi.errors: An ExecutorException should be thrown for any problems that arise during the execution of a system executable.
ExecutorException() - Constructor for exception org.owasp.esapi.errors.ExecutorException: Instantiates a new ExecutorException.
ExecutorException(String, String) - Constructor for exception org.owasp.esapi.errors.ExecutorException: Creates a new instance of ExecutorException.
ExecutorException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ExecutorException: Instantiates a new ExecutorException.
exists(String) - Method in interface org.owasp.esapi.Authenticator: Determine if the account exists.
exists(String) - Method in class org.owasp.esapi.reference.AbstractAuthenticator: Determine if the account exists.
ExperimentalAccessController - Class in org.owasp.esapi.reference.accesscontrol
ExperimentalAccessController(Map) - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
ExperimentalAccessController() - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

F

failed - Variable in class org.owasp.esapi.waf.actions.Action
failedRule() - Method in class org.owasp.esapi.waf.actions.Action
failedRule() - Method in class org.owasp.esapi.waf.actions.BlockAction
failedRule() - Method in class org.owasp.esapi.waf.actions.DefaultAction
failedRule() - Method in class org.owasp.esapi.waf.actions.DoNothingAction
FATAL - Static variable in interface org.owasp.esapi.Logger: FATAL indicates that only FATAL messages should be logged.
fatal(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger: Log a fatal event if 'fatal' level logging is enabled.
fatal(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger: Log a fatal level security event if 'fatal' level logging is enabled and also record the stack trace associated with the event.
fatal(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger
fatal(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger
fatal(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
fatal(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
FileBasedACRs - Class in org.owasp.esapi.reference.accesscontrol: This class exists for backwards compatibility with the AccessController 1.0 reference implementation.
FileBasedACRs() - Constructor for class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
FileBasedAuthenticator - Class in org.owasp.esapi.reference: Reference implementation of the Authenticator interface.
filename - Variable in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
flush() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
flush() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
flush() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
flushBase64() - Method in class org.owasp.esapi.codecs.Base64.OutputStream: Method added by PHIL.
flushBuffer() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
FORCE_HTTPONLYCOOKIES - Static variable in class org.owasp.esapi.PropNames
FORCE_HTTPONLYCOOKIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
FORCE_HTTPONLYSESSION - Static variable in class org.owasp.esapi.PropNames
FORCE_HTTPONLYSESSION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
FORCE_SECURECOOKIES - Static variable in class org.owasp.esapi.PropNames
FORCE_SECURECOOKIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
FORCE_SECURESESSION - Static variable in class org.owasp.esapi.PropNames
FORCE_SECURESESSION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.
format(Locale, String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
format(String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
fromHex(String) - Static method in class org.owasp.esapi.codecs.Hex: Decode hexadecimal-encoded string and return raw byte array.
fromInt(int) - Static method in class org.owasp.esapi.util.ByteConversionUtil: Returns a byte array containing 4 network byte-ordered bytes representing the given int.
fromLong(long) - Static method in class org.owasp.esapi.util.ByteConversionUtil: Returns a byte array containing 8 network byte-ordered bytes representing the given long.
fromPortableSerializedBytes(byte[]) - Static method in class org.owasp.esapi.crypto.CipherText: Create a CipherText object from what is supposed to be a portable serialized byte array, given in network byte order, that represents a valid, previously serialized CipherText object using CipherText.asPortableSerializedByteArray().
fromShort(short) - Static method in class org.owasp.esapi.util.ByteConversionUtil: Returns a byte array containing 2 network byte ordered bytes representing the given short.

G

GeneralAttackSignatureRule - Class in org.owasp.esapi.waf.rules: This is the Rule subclass executed for <general-attack-signature> rules, which are not currently implemented.
GeneralAttackSignatureRule(String, Pattern) - Constructor for class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule
generateSecretKey(String, int) - Static method in class org.owasp.esapi.crypto.CryptoHelper: Generate a random secret key appropriate to the specified cipher algorithm and key size.
generateStrongPassword() - Method in interface org.owasp.esapi.Authenticator: Generate a strong password.
generateStrongPassword(User, String) - Method in interface org.owasp.esapi.Authenticator: Generate strong password that takes into account the user's information and old password.
generateStrongPassword() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator: Generate a strong password.
generateStrongPassword(User, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator: Generate strong password that takes into account the user's information and old password.
get(Object) - Method in class org.owasp.esapi.codecs.HashTrie: Get the value for a key.
get(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
get() - Method in class org.owasp.esapi.logging.appender.ClientInfoSupplier
get() - Method in class org.owasp.esapi.logging.appender.EventTypeLogSupplier
get() - Method in class org.owasp.esapi.logging.appender.ServerInfoSupplier
get() - Method in class org.owasp.esapi.logging.appender.UserInfoSupplier
get(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
get(String) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters: Follows the contract for java.util.Map;
getAccessControlImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Access Control implementation.
getAccessControlImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getAccessControlRules() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
getAccountId() - Method in class org.owasp.esapi.reference.DefaultUser: Gets this user's account id number.
getAccountId() - Method in interface org.owasp.esapi.User: Gets this user's account id number.
getAccountName() - Method in class org.owasp.esapi.reference.DefaultUser: Gets this user's account name.
getAccountName() - Method in interface org.owasp.esapi.User: Gets this user's account name.
getAdditionalAllowedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Return List of strings of additional cipher modes that are permitted (i.e., in addition to those returned by SecurityConfiguration.getCombinedCipherModes()) to be used for encryption and decryption operations.
getAdditionalAllowedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration: Return List of strings of additional cipher modes that are permitted (i.e., in addition to those returned by SecurityConfiguration.getCombinedCipherModes()) to be used for encryption and decryption operations.
getAfterBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
getAlgName() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
getAllowableContentRoot() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
getAllowedExecutables() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the allowed executables to run with the Executor.
getAllowedExecutables() - Method in interface org.owasp.esapi.SecurityConfiguration: Gets the allowed executables to run with the Executor.
getAllowedFileExtensions() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the allowed file extensions for files that are uploaded to this application.
getAllowedFileExtensions() - Method in interface org.owasp.esapi.SecurityConfiguration: Gets the allowed file extensions for files that are uploaded to this application.
getAllowedFileUploadSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the maximum allowed file upload size.
getAllowedFileUploadSize() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getAllowedLoginAttempts() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the number of login attempts allowed before the user's account is locked.
getAllowedLoginAttempts() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getAllowMixedEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Return true if mixed encoding is allowed
getAllowMixedEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getAllowMultipleEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Return true if multiple encoding is allowed
getAllowMultipleEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the application name, used for logging
getApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getAttribute(String) - Method in class org.owasp.esapi.crypto.CryptoToken: Retrieve the attribute with the specified name.
getAttribute(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getAttributeNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getAttributes() - Method in class org.owasp.esapi.crypto.CryptoToken: Retrieve a Map that is a clone of all the attributes.
getAuthenticationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Authentication implementation.
getAuthenticationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getAuthType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getBase64EncodedRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText: Return a base64-encoded representation of the raw ciphertext alone.
getBeforeBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
getBeforeResponseRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
getBigDecimal(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getBigInteger(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getBits() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
getBlockSize() - Method in class org.owasp.esapi.crypto.CipherSpec: Retrieve the block size, in bytes.
getBlockSize() - Method in class org.owasp.esapi.crypto.CipherText: Retrieve the block size (in bytes!) of the cipher used for encryption.
getBoolean(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getBooleanProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader: Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager: Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader: Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader: Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Get any Boolean type property from security configuration.
getBufferSize() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
getByte(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getByteArrayProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader: Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager: Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader: Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader: Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Get any byte array type property from security configuration.
getCanonicalizedURI(URI) - Method in interface org.owasp.esapi.Encoder: Get a version of the input URI that will be safe to run regex and other validations against.
getCanonicalizedURI(URI) - Method in class org.owasp.esapi.reference.DefaultEncoder: Get a version of the input URI that will be safe to run regex and other validations against.
getChar(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
getCharacterEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the character encoding scheme supported by this application.
getCharacterEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherSpec: Retrieve the cipher algorithm.
getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherText: Obtain the name of the cipher algorithm used for encrypting the plaintext.
getCipherMode() - Method in class org.owasp.esapi.crypto.CipherSpec: Retrieve the cipher mode.
getCipherMode() - Method in class org.owasp.esapi.crypto.CipherText: Get the name of the cipher mode used to encrypt some plaintext.
getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherSpec: Get the cipher transformation.
getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherText: Obtain the String representing the cipher transformation used to encrypt the plaintext.
getCipherTransformation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Retrieve the cipher transformation.
getCipherTransformation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getClass(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR: Convert a single fully qualified class name into a Class object
getCombinedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Return a List of strings of combined cipher modes that support both confidentiality and authenticity.
getCombinedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration: Return a List of strings of combined cipher modes that support both confidentiality and authenticity.
getConfigName() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
getConfiguration() - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
getContentLength() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
getContentType() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
getContext() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction: Return the optional 'context' that typically contains information related to the keying material, such as the identities of the message sender and recipient.
getContext() - Method in exception org.owasp.esapi.errors.ValidationException: Returns the UI reference that caused this ValidationException
getContextPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the context path from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getCookie(String) - Method in interface org.owasp.esapi.HTTPUtilities: Calls getCookie with the *current* response.
getCookie(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities: A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized value of the named cookie after "global" validation against the general type defined in ESAPI.properties.
getCookie(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized value of the named cookie after "global" validation against the general type defined in ESAPI.properties.
getCookie(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls getCookie with the *current* response.
getCookieRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
getCookies() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the array of Cookies from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getCSRFToken() - Method in interface org.owasp.esapi.HTTPUtilities: Returns the current user's CSRF token.
getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Returns the current user's CSRF token.
getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultUser: Gets the CSRF token for this user's current sessions.
getCSRFToken() - Method in interface org.owasp.esapi.User: Gets the CSRF token for this user's current sessions.
getCurrentRequest() - Method in interface org.owasp.esapi.HTTPUtilities: Retrieves the current HttpServletRequest
getCurrentRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Retrieves the current HttpServletRequest
getCurrentResponse() - Method in interface org.owasp.esapi.HTTPUtilities: Retrieves the current HttpServletResponse
getCurrentResponse() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Retrieves the current HttpServletResponse
getCurrentUser() - Method in interface org.owasp.esapi.Authenticator: Returns the currently logged in User.
getCurrentUser() - Method in class org.owasp.esapi.reference.AbstractAuthenticator: Returns the currently logged in User.
getDate(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getDateHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getDefaultCanonicalizationCodecs() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the List of Codecs to use when canonicalizing data
getDefaultCanonicalizationCodecs() - Method in interface org.owasp.esapi.SecurityConfiguration: Returns the List of Codecs to use when canonicalizing data
getDefaultErrorPage() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
getDefaultResponseCode() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
getDictionaryParameter(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
getDictionaryParameterNames() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
getDigitalSignatureAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
getDigitalSignatureAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getDigitalSignatureKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the digital signature key length used by ESAPI to generate and verify signatures.
getDigitalSignatureKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getDirectReference(K) - Method in interface org.owasp.esapi.AccessReferenceMap: Get the original direct object reference from an indirect reference.
getDirectReference(K) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap: Get the original direct object reference from an indirect reference.
getDisableIntrusionDetection() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Allows for complete disabling of all intrusion detection mechanisms
getDisableIntrusionDetection() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getDouble(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getEncodedIVCipherText() - Method in class org.owasp.esapi.crypto.CipherText: Return the ciphertext as a base64-encoded String.
getEncoder() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
getEncoderImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Encoder implementation.
getEncoderImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getEncoding() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag: Get the encoding used to convert the content to bytes for encoding.
getEncryptionAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the encryption algorithm used by ESAPI to protect data.
getEncryptionAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getEncryptionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Encryption implementation.
getEncryptionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getEncryptionKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getEncryptionKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getEncryptionTimestamp() - Method in class org.owasp.esapi.crypto.CipherText: Get stored time stamp representing when data was encrypted.
getError(String) - Method in class org.owasp.esapi.ValidationErrorList: Retrieves ValidationException for given context if one exists.
getErrors() - Method in class org.owasp.esapi.ExecuteResult
getESAPILevel() - Method in interface org.owasp.esapi.Logger: Retrieve the current ESAPI logging level for this logger.
getESAPILevel() - Method in class org.owasp.esapi.logging.java.JavaLogger
getESAPILevel() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger
getESAPIProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getESAPIProperty(String, String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getESAPIProperty(String, boolean) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getESAPIProperty(String, int) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getESAPIProperty(String, List<String>) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns a List representing the parsed, comma-separated property.
getESAPIPropertyEncoded(String, byte[]) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getEventMap() - Method in class org.owasp.esapi.reference.DefaultUser
getEventMap() - Method in interface org.owasp.esapi.User: Returns the hashmap used to store security events for this user.
getExecutorImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI OS Execution implementation.
getExecutorImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getExitValue() - Method in class org.owasp.esapi.ExecuteResult
getExpiration() - Method in class org.owasp.esapi.crypto.CryptoToken: Return the expiration time in milliseconds since epoch time (midnight, January 1, 1970 UTC).
getExpirationDate() - Method in class org.owasp.esapi.crypto.CryptoToken: Return the expiration time as a Date.
getExpirationTime() - Method in class org.owasp.esapi.reference.DefaultUser: Returns the date that this user's account will expire.
getExpirationTime() - Method in interface org.owasp.esapi.User: Returns the date that this user's account will expire.
getFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser: Returns the number of failed login attempts since the last successful login for an account.
getFailedLoginCount() - Method in interface org.owasp.esapi.User: Returns the number of failed login attempts since the last successful login for an account.
getFileUploads() - Method in interface org.owasp.esapi.HTTPUtilities: Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities: Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File) - Method in interface org.owasp.esapi.HTTPUtilities: Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File, List) - Method in interface org.owasp.esapi.HTTPUtilities: Extract uploaded files from a multipart HTTP requests.
getFileUploads() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File, List) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Extract uploaded files from a multipart HTTP requests.
getFloat(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getForceHttpOnlyCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns true if new cookies are required to have HttpOnly flag set.
getForceHttpOnlyCookies() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getForceHttpOnlySession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns true if session cookies are required to have HttpOnly flag set.
getForceHttpOnlySession() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getForceSecureCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns true if new cookies are required to have Secure flag set.
getForceSecureCookies() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getForceSecureSession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns true if session cookies are required to have Secure flag set.
getForceSecureSession() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getHashAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the hashing algorithm used by ESAPI to hash data.
getHashAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getHashIterations() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the hash iterations used by ESAPI to hash data.
getHashIterations() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the named header from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getHeader(String) - Method in interface org.owasp.esapi.HTTPUtilities: Calls getHeader with the *current* request.
getHeader(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities: A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized value of the named header after "global" validation against the general type defined in ESAPI.properties.
getHeader(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized value of the named header after "global" validation against the general type defined in ESAPI.properties.
getHeader(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls getHeader with the *current* request.
getHeaderNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the enumeration of header names from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getHeaders(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the enumeration of headers from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getHexForNonAlphanumeric(char) - Method in class org.owasp.esapi.codecs.AbstractCodec: Lookup the hex value of any character that is not alphanumeric.
getHexForNonAlphanumeric(int) - Method in class org.owasp.esapi.codecs.AbstractCodec: Lookup the hex value of any character that is not alphanumeric.
getHexForNonAlphanumeric(char) - Method in interface org.owasp.esapi.codecs.Codec: Lookup the hex value of any character that is not alphanumeric.
getHexForNonAlphanumeric(int) - Method in interface org.owasp.esapi.codecs.Codec: Lookup the hex value of any character that is not alphanumeric.
getHttpSessionIdName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.
getHttpSessionIdName() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getHTTPUtilitiesImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
getHTTPUtilitiesImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getIndirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap: Get a safe indirect reference to use in place of a potentially sensitive direct object reference.
getIndirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap: Get a safe indirect reference to use in place of a potentially sensitive direct object reference.
getInputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getInputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
getInstance() - Static method in class org.owasp.esapi.reference.crypto.JavaEncryptor
getInstance() - Static method in class org.owasp.esapi.reference.DefaultAccessController
getInstance() - Static method in class org.owasp.esapi.reference.DefaultEncoder
getInstance() - Static method in class org.owasp.esapi.reference.DefaultExecutor
getInstance() - Static method in class org.owasp.esapi.reference.DefaultHTTPUtilities
getInstance() - Static method in class org.owasp.esapi.reference.DefaultRandomizer
getInstance() - Static method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getInstance() - Static method in class org.owasp.esapi.reference.DefaultValidator
getInstance() - Static method in class org.owasp.esapi.reference.FileBasedAuthenticator
getInt(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getInterceptingServletOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
getIntHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getIntProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader: Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager: Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader: Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader: Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Get any int type property from security configuration.
getIntrusionDetectionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
getIntrusionDetectionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getIV() - Method in class org.owasp.esapi.crypto.CipherSpec: Retrieve the initialization vector (IV).
getIV() - Method in class org.owasp.esapi.crypto.CipherText: Return the initialization vector (IV) used to encrypt the plaintext if applicable.
getIVType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Deprecated.
getIVType() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead. This method will be removed in a future release as it is now moot since it can only legitimately have the single value of "random".
getKDF_PRF() - Method in class org.owasp.esapi.crypto.CipherText
getKDFInfo() - Method in class org.owasp.esapi.crypto.CipherText: Based on the KDF version and the selected MAC algorithm for the KDF PRF, calculate the 32-bit quantity representing these.
getKDFPseudoRandomFunction() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).
getKDFPseudoRandomFunction() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getKDFVersion() - Method in class org.owasp.esapi.crypto.CipherText
getKeySize() - Method in class org.owasp.esapi.crypto.CipherSpec: Retrieve the key size, in bits.
getKeySize() - Method in class org.owasp.esapi.crypto.CipherText: Retrieve the key size used with the cipher algorithm that was used to encrypt data to produce this ciphertext.
getLastFailedLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser: Returns the date of the last failed login time for a user.
getLastFailedLoginTime() - Method in interface org.owasp.esapi.User: Returns the date of the last failed login time for a user.
getLastHostAddress() - Method in class org.owasp.esapi.reference.DefaultUser: Returns the last host address used by the user.
getLastHostAddress() - Method in interface org.owasp.esapi.User: Returns the last host address used by the user.
getLastLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser: Returns the date of the last successful login time for a user.
getLastLoginTime() - Method in interface org.owasp.esapi.User: Returns the date of the last successful login time for a user.
getLastPasswordChangeTime() - Method in class org.owasp.esapi.reference.DefaultUser: Gets the date of user's last password change.
getLastPasswordChangeTime() - Method in interface org.owasp.esapi.User: Gets the date of user's last password change.
getLenientDatesAccepted() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Determines whether ESAPI will accept "lenient" dates when attempt to parse dates.
getLenientDatesAccepted() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLevenshteinDistance(String, String) - Static method in class org.owasp.esapi.StringUtilities: Calculate the Edit Distance between 2 Strings as a measure of similarity.
getLocalAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
getLocale() - Method in class org.owasp.esapi.reference.DefaultUser
getLocale() - Method in interface org.owasp.esapi.User
getLocales() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getLocalName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getLocalPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getLogApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns whether ESAPI should log the application name.
getLogApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLogEncodingRequired() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns whether HTML entity encoding should be applied to log entries.
getLogEncodingRequired() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLogger(Class) - Static method in class org.owasp.esapi.ESAPI
getLogger(String) - Static method in class org.owasp.esapi.ESAPI
getLogger(String) - Method in interface org.owasp.esapi.LogFactory: Gets the logger associated with the specified module name.
getLogger(Class) - Method in interface org.owasp.esapi.LogFactory: Gets the logger associated with the specified class.
getLogger(String) - Method in class org.owasp.esapi.logging.java.JavaLogFactory
getLogger(Class) - Method in class org.owasp.esapi.logging.java.JavaLogFactory
getLogger(String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogFactory
getLogger(Class) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogFactory
getLogImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Logging implementation.
getLogImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException: Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException: Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
getLogMessage() - Method in exception org.owasp.esapi.errors.IntrusionException: Returns a String that is safe to display in logs, but probably not to users
getLogServerIP() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns whether ESAPI should log the server IP.
getLogServerIP() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLong(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.HashTrie: Get the key value entry who's key is the longest prefix match.
getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.HashTrie: Get the key value entry who's key is the longest prefix match.
getLongestMatch(CharSequence) - Method in interface org.owasp.esapi.codecs.Trie
getLongestMatch(PushbackReader) - Method in interface org.owasp.esapi.codecs.Trie
getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
getMasterKey() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the master key.
getMasterKey() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
getMasterSalt() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.
getMasterSalt() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
getMaxCardLength() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
getMaxHttpHeaderSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the maximum allowable HTTP header size.
getMaxHttpHeaderSize() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getMaxKeyLength() - Method in class org.owasp.esapi.codecs.HashTrie: Get the maximum key length.
getMaxKeyLength() - Method in interface org.owasp.esapi.codecs.Trie
getMaxKeyLength() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
getMaxOldPasswordHashes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the maximum number of old password hashes that should be retained.
getMaxOldPasswordHashes() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getMessage(String, Object[]) - Method in class org.owasp.esapi.util.DefaultMessageUtil
getMethod() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getName() - Method in class org.owasp.esapi.reference.DefaultUser
getName() - Method in class org.owasp.esapi.waf.internal.Parameter
getObject(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getOutput() - Method in class org.owasp.esapi.ExecuteResult
getOutputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
getOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherSpec: Retrieve the cipher padding scheme.
getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherText: Get the name of the padding scheme used to encrypt some plaintext.
getParameter(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String, boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String, boolean, int) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String, boolean, int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String) - Method in interface org.owasp.esapi.HTTPUtilities: Calls getParameter with the *current* request.
getParameter(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities: A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized value of the named parameter after "global" validation against the general type defined in ESAPI.properties.
getParameter(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized value of the named parameter after "global" validation against the general type defined in ESAPI.properties.
getParameter(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Calls getParameter with the *current* request.
getParameterMap() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the parameter map from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameterNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the enumeration of parameter names from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameters(String[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR: Convert an array of fully qualified class names into an array of Class objects
getParameters(XMLConfiguration, int) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoader
getParameters(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader
getParameterValue(XMLConfiguration, int, int, String) - Static method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
getParameterValues(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the array of matching parameter values from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getPasswordParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the name of the password parameter used during user authentication.
getPasswordParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getPathInfo() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the path info from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getPathTranslated() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getPolicyParameter(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
getPolicyParameters() - Method in interface org.owasp.esapi.AccessControlRule
getPolicyParameters() - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR
getPreferredJCEProvider() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Retrieve the preferred JCE provider for ESAPI and your application.
getPreferredJCEProvider() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getPRFAlgName() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction: Return the name of the algorithm for the Pseudo Random Function (PRF) that is being used.
getPriority() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
getProperty(String) - Method in interface org.owasp.esapi.EncryptedProperties: Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
getProperty(String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties: Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
getProperty(String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties: Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
getProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
getProtocol() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getQueryString() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the query string from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getQuota(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the intrusion detection quota for the specified event.
getQuota(String) - Method in interface org.owasp.esapi.SecurityConfiguration: Gets the intrusion detection quota for the specified event.
getRandomAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the random number generation algorithm used to generate random numbers where needed.
getRandomAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getRandomBoolean() - Method in interface org.owasp.esapi.Randomizer: Returns a random boolean.
getRandomBoolean() - Method in class org.owasp.esapi.reference.DefaultRandomizer: Returns a random boolean.
getRandomBytes(int) - Method in interface org.owasp.esapi.Randomizer: Generates a specified number of random bytes.
getRandomBytes(int) - Method in class org.owasp.esapi.reference.DefaultRandomizer: Generates a specified number of random bytes.
getRandomFilename(String) - Method in interface org.owasp.esapi.Randomizer: Returns an unguessable random filename with the specified extension.
getRandomFilename(String) - Method in class org.owasp.esapi.reference.DefaultRandomizer: Returns an unguessable random filename with the specified extension.
getRandomGUID() - Method in interface org.owasp.esapi.Randomizer: Generates a random GUID.
getRandomGUID() - Method in class org.owasp.esapi.reference.DefaultRandomizer: Generates a random GUID.
getRandomInteger(int, int) - Method in interface org.owasp.esapi.Randomizer: Gets the random integer in the range of [min, max).
getRandomInteger(int, int) - Method in class org.owasp.esapi.reference.DefaultRandomizer: Gets the random integer in the range of [min, max).
getRandomizerImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Randomizer implementation.
getRandomizerImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getRandomLong() - Method in interface org.owasp.esapi.Randomizer: Gets the random long.
getRandomLong() - Method in class org.owasp.esapi.reference.DefaultRandomizer: Gets the random long.
getRandomReal(float, float) - Method in interface org.owasp.esapi.Randomizer: Gets the random real in the range of [min, max].
getRandomReal(float, float) - Method in class org.owasp.esapi.reference.DefaultRandomizer: Gets the random real in the range of [min, max].
getRandomString(int, char[]) - Method in interface org.owasp.esapi.Randomizer: Gets a random string of a desired length and character set.
getRandomString(int, char[]) - Method in class org.owasp.esapi.reference.DefaultRandomizer: Gets a random string of a desired length and character set.
getRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText: Get the raw ciphertext byte array resulting from encrypting some plaintext.
getRawCipherTextByteLength() - Method in class org.owasp.esapi.crypto.CipherText: Get number of bytes in raw ciphertext.
getReader() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getReader() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
getRealPath(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Deprecated.
in servlet spec 2.1. Use ServletContext.getRealPath(String) instead.
getRedirectURL() - Method in class org.owasp.esapi.waf.actions.RedirectAction
getRelativeTimeStamp(long) - Method in interface org.owasp.esapi.Encryptor: Gets an absolute timestamp representing an offset from the current time to be used by other functions in the library.
getRelativeTimeStamp(long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor: Gets an absolute timestamp representing an offset from the current time to be used by other functions in the library.
getRememberTokenDuration() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the length of the time to live window for remember me tokens (in milliseconds).
getRememberTokenDuration() - Method in interface org.owasp.esapi.SecurityConfiguration: Gets the length of the time to live window for remember me tokens (in milliseconds).
getRemoteAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getRemoteHost() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getRemotePort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Same as HttpServletRequest, no security changes required.
getRemoteUser() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the name of the ESAPI user associated with this getHttpServletRequest().
getRequestAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities: Gets a typed attribute from the HttpServletRequest associated with the caller thread.
getRequestAttribute(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities: Gets a typed attribute from the HttpServletRequest associated with the passed in request.
getRequestAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Gets a typed attribute from the HttpServletRequest associated with the caller thread.
getRequestAttribute(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Gets a typed attribute from the HttpServletRequest associated with the passed in request.
getRequestDispatcher(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Checks to make sure the path to forward to is within the WEB-INF directory and then returns the dispatcher.
getRequestedSessionId() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the URI from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getRequestURI() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the URI from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getRequestURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the URL from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getResourceFile(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets a file from the resource directory
getResourceFile(String) - Method in interface org.owasp.esapi.SecurityConfiguration: Gets a file from the resource directory
getResourceStream(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getResourceStream(String) - Method in interface org.owasp.esapi.SecurityConfiguration: Gets an InputStream to a file in the resource directory
getResponseBytes() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
getResponseContentType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the content type for responses used when setSafeContentType() is called.
getResponseContentType() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getRfcCompliantURI(String) - Method in class org.owasp.esapi.reference.DefaultValidator: Will return a URI object that will represent a fully parsed and legal URI as specified in RFC-3986.
getRfcCompliantURI(String) - Method in interface org.owasp.esapi.Validator: Will return a URI object that will represent a fully parsed and legal URI as specified in RFC-3986.
getRoles() - Method in class org.owasp.esapi.reference.DefaultUser: Gets the roles assigned to a particular account.
getRoles() - Method in interface org.owasp.esapi.User: Gets the roles assigned to a particular account.
getRule(String) - Method in class org.owasp.esapi.reference.DefaultValidator: Get a validation rule from the registry with the "type name" of the rule as the key.
getRule(String) - Method in interface org.owasp.esapi.Validator: Get a validation rule from the registry with the "type name" of the rule as the key.
getSafe(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule: Try to call getvalid, then call a 'sanitize' method for sanitization (if one exists), finally return a default value.
getSafe(String, String) - Method in interface org.owasp.esapi.ValidationRule: Try to call getvalid, then call a 'sanitize' method for sanitization (if one exists), finally return a default value.
getScheme() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the scheme from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getScreenName() - Method in class org.owasp.esapi.reference.DefaultUser: Gets the screen name (alias) for the current user.
getScreenName() - Method in interface org.owasp.esapi.User: Gets the screen name (alias) for the current user.
getSeparateMAC() - Method in class org.owasp.esapi.crypto.CipherText: Return the separately calculated Message Authentication Code (MAC) that is computed via the computeAndStoreMAC(SecretKey authKey) method.
getServerName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the server name (host header) from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getServerPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the server port (after the : in the host header) from the HttpServletRequest after parsing and checking the range 0-65536.
getServletPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the server path from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getSession() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns a session, creating it if necessary, and sets the HttpOnly flag on the Session ID cookie.
getSession(boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the current session associated with this request or, if there is no current session and create is true, returns a new session and sets the HttpOnly flag on the session ID cookie.
getSessionAbsoluteTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the absolute timeout length for sessions (in milliseconds).
getSessionAbsoluteTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getSessionAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities: Gets a typed attribute from the session associated with the calling thread.
getSessionAttribute(HttpSession, String) - Method in interface org.owasp.esapi.HTTPUtilities: Gets a typed attribute from the passed in session.
getSessionAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Gets a typed attribute from the session associated with the calling thread.
getSessionAttribute(HttpSession, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities: Gets a typed attribute from the passed in session.
getSessionCookieName() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
getSessionIdleTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the idle timeout length for sessions (in milliseconds).
getSessionIdleTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getSessions() - Method in class org.owasp.esapi.reference.DefaultUser: Returns a Set containing the sessions associated with this User.
getSessions() - Method in interface org.owasp.esapi.User: Returns a Set containing the sessions associated with this User.
getString(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getString(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getStringArray(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getStringProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader: Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager: Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader: Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader: Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Get any property from security configuration.
getStringValidatorRule() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
getTime(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter: Convenience method to avoid common casts.
getTimeStamp() - Method in interface org.owasp.esapi.Encryptor: Gets a timestamp representing the current date and time to be used by other functions in the library.
getTimeStamp() - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor: Gets a timestamp representing the current date and time to be used by other functions in the library.
getToken(SecretKey) - Method in class org.owasp.esapi.crypto.CryptoToken: Return the new encrypted token as a base64-encoded string, encrypted with the specified SecretKey which may be a different key than what the token was originally encrypted with.
getToken() - Method in class org.owasp.esapi.crypto.CryptoToken: Return the new encrypted token as a base64-encoded string, encrypted with the specified SecretKey with which this object was constructed.
getTypeName() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfigurationType
getTypeName() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule: Programmatically supplied name for the validator
getTypeName() - Method in interface org.owasp.esapi.ValidationRule: Programmatically supplied name for the validator
getUniqueReference() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap: Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
getUniqueReference() - Method in class org.owasp.esapi.reference.IntegerAccessReferenceMap: Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
getUniqueReference() - Method in class org.owasp.esapi.reference.RandomAccessReferenceMap: Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
getUploadDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Retrieves the upload directory as specified in the ESAPI.properties file.
getUploadDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration: Retrieves the upload directory as specified in the ESAPI.properties file.
getUploadTempDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
getUploadTempDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration: Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
getUser(long) - Method in interface org.owasp.esapi.Authenticator: Returns the User matching the provided accountId.
getUser(String) - Method in interface org.owasp.esapi.Authenticator: Returns the User matching the provided accountName.
getUser(long) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator: Returns the User matching the provided accountId.
getUser(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator: Returns the User matching the provided accountName.
getUserAccountName() - Method in class org.owasp.esapi.crypto.CryptoToken: Retrieve the user account name associated with this CryptoToken object.
getUserFromRememberToken() - Method in class org.owasp.esapi.reference.AbstractAuthenticator: Returns the user if a matching remember token is found, or null if the token is missing, token is corrupt, token is expired, account name does not match and existing account, or hashed password does not match user's hashed password.
getUserFromSession() - Method in class org.owasp.esapi.reference.AbstractAuthenticator: Gets the user from session.
getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException: Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException: Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
getUserMessage() - Method in exception org.owasp.esapi.errors.IntrusionException: Returns a String containing a message that is safe to display to users
getUsernameParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Gets the name of the username parameter used during user authentication.
getUsernameParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getUserNames() - Method in interface org.owasp.esapi.Authenticator: Gets a collection containing all the existing user names.
getUserNames() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator: Gets a collection containing all the existing user names.
getUserPrincipal() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest: Returns the ESAPI User associated with this getHttpServletRequest().
getValid(String, String, ValidationErrorList) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule: Get a validated value, add the errors to an existing error list
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule: Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule: Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule: Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule: Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule: Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in interface org.owasp.esapi.ValidationRule: Parse the input, throw exceptions if validation fails
getValid(String, String, ValidationErrorList) - Method in interface org.owasp.esapi.ValidationRule: Get a validated value, add the errors to an existing error list
getValidationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: Returns the fully qualified classname of the ESAPI Validation implementation.
getValidationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration: Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getValidationPattern(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: getValidationPattern returns a single pattern based upon key
getValidationPattern(String) - Method in interface org.owasp.esapi.SecurityConfiguration: Returns the validation pattern for a particular type
getValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated credit card number as a String.
getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated credit card number as a String, any validation exceptions are added to the supplied errorList.
getValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated credit card number as a String.
getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated credit card number as a String, any validation exceptions are added to the supplied errorList.
getValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a valid date as a Date.
getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a valid date as a Date, any validation exceptions are added to the supplied errorList.
getValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator: Returns a valid date as a Date.
getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a valid date as a Date, any validation exceptions are added to the supplied errorList.
getValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent; any validation exceptions are added to the supplied errorList.
getValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent; any validation exceptions are added to the supplied errorList.
getValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a validated real number as a double.
getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a validated real number as a double, any validation exceptions are added to the supplied errorList.
getValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator: Returns a validated real number as a double.
getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a validated real number as a double, any validation exceptions are added to the supplied errorList.
getValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns validated file content as a byte array.
getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns validated file content as a byte array, any validation exceptions are added to the supplied errorList.
getValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator: Returns validated file content as a byte array.
getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns validated file content as a byte array, any validation exceptions are added to the supplied errorList.
getValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated file name as a String.
getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated file name as a String, any validation exceptions are added to the supplied errorList.
getValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated file name as a String.
getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated file name as a String, any validation exceptions are added to the supplied errorList.
getValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns validated canonicalized input as a String.
getValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns validated input as a String with optional canonicalization.
getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns canonicalized validated input as a String, and adds validation exceptions to the supplied errorList.
getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns validated input as a String with optional canonicalization, and adds validation exceptions to the supplied errorList.
getValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator: Returns validated canonicalized input as a String.
getValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator: Returns validated input as a String with optional canonicalization.
getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns canonicalized validated input as a String, and adds validation exceptions to the supplied errorList.
getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns validated input as a String with optional canonicalization, and adds validation exceptions to the supplied errorList.
getValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a validated integer, input is a valid integer if it is between minValue and maxValue inclusive.
getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a validated integer, any validation exceptions are added to the supplied errorList.
getValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator: Returns a validated integer, input is a valid integer if it is between minValue and maxValue inclusive.
getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a validated integer, any validation exceptions are added to the supplied errorList.
getValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns the list item that exactly matches the canonicalized input.
getValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns the list item that exactly matches the canonicalized input, any validation exceptions are added to the supplied errorList.
getValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator: Returns the list item that exactly matches the canonicalized input.
getValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns the list item that exactly matches the canonicalized input, any validation exceptions are added to the supplied errorList.
getValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a validated number as a double within the range of minValue to maxValue.
getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a validated number as a double within the range of minValue to maxValue, any validation exceptions are added to the supplied errorList.
getValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator: Returns a validated number as a double within the range of minValue to maxValue.
getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a validated number as a double within the range of minValue to maxValue, any validation exceptions are added to the supplied errorList.
getValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns canonicalized and validated printable characters as a byte array.
getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns canonicalized and validated printable characters as a byte array, any validation exceptions are added to the supplied errorList.
getValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns canonicalized and validated printable characters as a String.
getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns canonicalized and validated printable characters as a String, any validation exceptions are added to the supplied errorList.
getValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator: Returns canonicalized and validated printable characters as a byte array.
getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns canonicalized and validated printable characters as a byte array, any validation exceptions are added to the supplied errorList.
getValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator: Returns canonicalized and validated printable characters as a String.
getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns canonicalized and validated printable characters as a String, any validation exceptions are added to the supplied errorList.
getValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated redirect location as a String.
getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns a canonicalized and validated redirect location as a String, any validation exceptions are added to the supplied errorList.
getValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated redirect location as a String.
getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns a canonicalized and validated redirect location as a String, any validation exceptions are added to the supplied errorList.
getValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator: Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else, any validation exceptions are added to the supplied errorList.
getValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator: Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator: Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else, any validation exceptions are added to the supplied errorList.
getValue() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
getValue() - Method in class org.owasp.esapi.waf.internal.Parameter
getVersion() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction: Return the version used for backward compatibility.
getWorkingDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration: getWorkingDirectory returns the default directory where processes will be executed by the Executor.
getWorkingDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration: Returns the default working directory for executing native processes with Runtime.exec().
getWrap() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag: Get whether line wrapping at 64 characters is performed.
getWrapped() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
getWriter() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse: Same as HttpServletResponse, no security changes required.
getWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
GZIP - Static variable in class org.owasp.esapi.codecs.Base64: Specify that data should be gzip-compressed.

H

hash(String, String) - Method in interface org.owasp.esapi.Encryptor

Returns a string representation of the hash of the provided plaintext and salt.

hash(String, String, int) - Method in interface org.owasp.esapi.Encryptor

Returns a string representation of the hash of the provided plaintext and salt.

hash(String, String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Returns a string representation of the hash of the provided plaintext and salt.

hash(String, String, int) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Returns a string representation of the hash of the provided plaintext and salt.

HASH_ALGORITHM - Static variable in class org.owasp.esapi.PropNames

HASH_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

HASH_ITERATIONS - Static variable in class org.owasp.esapi.PropNames

HASH_ITERATIONS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

hashCode() - Method in class org.owasp.esapi.codecs.HashTrie

hashCode() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

hashCode() - Method in class org.owasp.esapi.crypto.CipherSpec

hashCode() - Method in class org.owasp.esapi.crypto.CipherText

hashCode() - Method in class org.owasp.esapi.crypto.PlainText

Same as this.toString().hashCode().

hashCode(Object) - Static method in class org.owasp.esapi.util.NullSafe

Object.hashCode() of an object.

hashPassword(String, String) - Method in interface org.owasp.esapi.Authenticator

Returns a string representation of the hashed password, using the accountName as the salt.

hashPassword(String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Returns a string representation of the hashed password, using the accountName as the salt.

HashTrie<T> - Class in org.owasp.esapi.codecs

Trie implementation for CharSequence keys.

HashTrie() - Constructor for class org.owasp.esapi.codecs.HashTrie

hasNext() - Method in class org.owasp.esapi.codecs.AbstractPushbackSequence

Determine if this sequence has another element.

hasNext() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Determine if this sequence has another element.

hasNext() - Method in class org.owasp.esapi.codecs.PushbackString

HEADER - Static variable in interface org.owasp.esapi.HTTPUtilities

Hex - Class in org.owasp.esapi.codecs

Encode and decode to/from hexadecimal strings to byte arrays.

Hex() - Constructor for class org.owasp.esapi.codecs.Hex

HTMLEntityCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for HTML entity encoding.

HTMLEntityCodec() - Constructor for class org.owasp.esapi.codecs.HTMLEntityCodec

HTMLValidationRule - Class in org.owasp.esapi.reference.validation

A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

HTMLValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule

HTMLValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule

HTMLValidationRule(String, Encoder, String) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule

HTTP_SESSION_ID_NAME - Static variable in class org.owasp.esapi.PropNames

HTTP_SESSION_ID_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames

HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

HTTPMethodRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <restrict-method> rules.

HTTPMethodRule(String, Pattern, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.HTTPMethodRule

httpUtilities() - Static method in class org.owasp.esapi.ESAPI

HTTPUtilities - Interface in org.owasp.esapi

The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests, responses, sessions, cookies, headers, and logging.

I

id - Variable in class org.owasp.esapi.waf.rules.Rule

IDLE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.PropNames

IDLE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

incrementFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser

Increment failed login count.

incrementFailedLoginCount() - Method in interface org.owasp.esapi.User

Increment failed login count.

index - Variable in class org.owasp.esapi.codecs.AbstractPushbackSequence

index() - Method in class org.owasp.esapi.codecs.AbstractPushbackSequence

Get the current index of the PushbackString.

index() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Get the current index of the PushbackString.

index() - Method in class org.owasp.esapi.codecs.PushbackString

INFO - Static variable in interface org.owasp.esapi.Logger

INFO indicates that INFO messages and above should be logged.

info(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger

Log an info level security event if 'info' level logging is enabled.

info(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger

Log an info level security event if 'info' level logging is enabled and also record the stack trace associated with the event.

info(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger

info(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger

info(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

info(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

init(FilterConfig) - Method in class org.owasp.esapi.filters.ClickjackFilter

Initialize "mode" parameter from web.xml.

init(FilterConfig) - Method in class org.owasp.esapi.filters.ESAPIFilter

Called by the web container to indicate to a filter that it is being placed into service.

init(FilterConfig) - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter

Called by the web container to indicate to a filter that it is being placed into service.

init(FilterConfig) - Method in class org.owasp.esapi.filters.SecurityWrapper

init(FilterConfig) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter

This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected.

initialize(String) - Static method in class org.owasp.esapi.ESAPI

initialize() - Method in class org.owasp.esapi.util.DefaultMessageUtil

input - Variable in class org.owasp.esapi.codecs.AbstractPushbackSequence

InputStream(InputStream) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream

Constructs a Base64.InputStream in DECODE mode.

InputStream(InputStream, int) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream

Constructs a Base64.InputStream in either ENCODE or DECODE mode.

insertProviderAt(String, int) - Static method in class org.owasp.esapi.crypto.SecurityProviderLoader

This methods adds a provider to the SecurityManager either by some generic name or by the class name.

IntegerAccessReferenceMap - Class in org.owasp.esapi.reference

Reference implementation of the AccessReferenceMap interface.

IntegerAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap

TODO Javadoc

IntegerAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap

TODO Javadoc

IntegerAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap

TODO Javadoc

IntegerAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap

TODO Javadoc

IntegerValidationRule - Class in org.owasp.esapi.reference.validation

A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

IntegerValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule

IntegerValidationRule(String, Encoder, int, int) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule

IntegrityException - Exception in org.owasp.esapi.errors

An IntegrityException should be thrown when a problem with the integrity of data has been detected.

IntegrityException() - Constructor for exception org.owasp.esapi.errors.IntegrityException

Instantiates a new availability exception.

IntegrityException(String, String) - Constructor for exception org.owasp.esapi.errors.IntegrityException

Creates a new instance of IntegrityException.

IntegrityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntegrityException

Instantiates a new IntegrityException.

InterceptingHTTPServletRequest - Class in org.owasp.esapi.waf.internal

The wrapper for the HttpServletRequest object which will be passed to the application being protected by the WAF.

InterceptingHTTPServletRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest

InterceptingHTTPServletResponse - Class in org.owasp.esapi.waf.internal

The wrapper for the HttpServletResponse object which will be passed to the application being protected by the WAF.

InterceptingHTTPServletResponse(HttpServletResponse, boolean, List<Rule>) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse

InterceptingPrintWriter - Class in org.owasp.esapi.waf.internal

The PrintWriter needed to buffer outbound data generated by the application being protected by the WAF.

InterceptingPrintWriter(Writer) - Constructor for class org.owasp.esapi.waf.internal.InterceptingPrintWriter

InterceptingServletOutputStream - Class in org.owasp.esapi.waf.internal

This class was inspired by ModSecurity for Java by Ivan Ristic.

InterceptingServletOutputStream(ServletOutputStream, boolean) - Constructor for class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

interval - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold

The time frame within which 'count' number of actions has to be detected in order to trigger this threshold.

INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames

INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

intrusionDetector() - Static method in class org.owasp.esapi.ESAPI

IntrusionDetector - Interface in org.owasp.esapi

The IntrusionDetector interface is intended to track security relevant events and identify attack behavior.

IntrusionException - Exception in org.owasp.esapi.errors

An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack in progress.

IntrusionException(String, String) - Constructor for exception org.owasp.esapi.errors.IntrusionException

Creates a new instance of IntrusionException.

IntrusionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntrusionException

Instantiates a new intrusion exception.

IPRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <detect-source-ip> rules.

IPRule(String, Pattern, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule

IPRule(String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule

isActionNecessary() - Method in class org.owasp.esapi.waf.actions.Action

isActionNecessary() - Method in class org.owasp.esapi.waf.actions.BlockAction

isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DefaultAction

isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DoNothingAction

isAllowedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper

Return true if specified cipher mode is one that may be used for encryption / decryption operations via Encryptor.

isAllowNull() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

isAnonymous() - Method in class org.owasp.esapi.reference.DefaultUser

Checks if user is anonymous.

isAnonymous() - Method in interface org.owasp.esapi.User

Checks if user is anonymous.

isAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController

isAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.

isAuthorized(R) - Method in interface org.owasp.esapi.AccessControlRule

isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR

isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR

isAuthorized(Object[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR

Delegates to the method specified in setPolicyParameters

isAuthorized(Boolean) - Method in class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR

Returns true iff runtimeParameter is a Boolean true.

isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR

Returns true if runtimeParameter is a Boolean true.

isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController

isAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.

isAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController

Deprecated.

isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

Deprecated.

isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs

TODO Javadoc

isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController

Checks if the current user is authorized to access the referenced data, represented as an Object.

isAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController

Deprecated.

isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

Deprecated.

isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs

TODO Javadoc

isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController

Checks if the current user is authorized to access the referenced file.

isAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController

Deprecated.

isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

Deprecated.

isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs

TODO Javadoc

isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController

Checks if the current user is authorized to access the referenced function.

isAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController

Deprecated.

isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

Deprecated.

isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs

TODO Javadoc

isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController

Checks if the current user is authorized to access the referenced service.

isAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController

Deprecated.

isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

Deprecated.

isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs

Check if URL is authorized.

isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController

Checks if the current user is authorized to access the referenced URL.

isCipherTextMACvalid(SecretKey, CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper

If a Message Authentication Code (MAC) is required for the specified CipherText object, then attempt to validate the MAC that should be embedded within the CipherText object by using a derived key based on the specified SecretKey.

isCombinedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper

Return true if specified cipher mode is one of those specified in the ESAPI.properties file that supports both confidentiality and authenticity (i.e., a "combined cipher mode" as NIST refers to it).

isCommitted() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Same as HttpServletResponse, no security changes required.

isDebugEnabled() - Method in interface org.owasp.esapi.Logger

Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.

isDebugEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger

isDebugEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

isEmpty() - Method in class org.owasp.esapi.codecs.HashTrie

isEmpty() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

isEmpty(String) - Static method in class org.owasp.esapi.StringUtilities

Returns true if String is empty ("") or null.

isEmpty() - Method in class org.owasp.esapi.ValidationErrorList

Returns true if no error are present.

isEnabled(Logger) - Method in enum org.owasp.esapi.logging.java.JavaLogLevelHandlers

isEnabled(Logger) - Method in enum org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers

isEnabled() - Method in class org.owasp.esapi.reference.DefaultUser

Checks if this user's account is currently enabled.

isEnabled() - Method in interface org.owasp.esapi.User

Checks if this user's account is currently enabled.

isErrorEnabled() - Method in interface org.owasp.esapi.Logger

Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.

isErrorEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger

isErrorEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

isExpired() - Method in class org.owasp.esapi.crypto.CryptoToken

Check if token has expired yet.

isExpired() - Method in class org.owasp.esapi.reference.DefaultUser

Checks if this user's account is expired.

isExpired() - Method in interface org.owasp.esapi.User

Checks if this user's account is expired.

isFatalEnabled() - Method in interface org.owasp.esapi.Logger

Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.

isFatalEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger

isFatalEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

isHexDigit(Integer) - Static method in class org.owasp.esapi.codecs.PushBackSequenceImpl

Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.

isHexDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString

Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.

isInfoEnabled() - Method in interface org.owasp.esapi.Logger

Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.

isInfoEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger

isInfoEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

isInList(Map, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil

isInList(Collection, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil

isInList(Enumeration, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil

isInRole(String) - Method in class org.owasp.esapi.reference.DefaultUser

Checks if this user's account is assigned a particular role.

isInRole(String) - Method in interface org.owasp.esapi.User

Checks if this user's account is assigned a particular role.

isLocked() - Method in class org.owasp.esapi.reference.DefaultUser

Checks if this user's account is locked.

isLocked() - Method in interface org.owasp.esapi.User

Checks if this user's account is locked.

isLoggedIn() - Method in class org.owasp.esapi.reference.DefaultUser

Tests to see if the user is currently logged in.

isLoggedIn() - Method in interface org.owasp.esapi.User

Tests to see if the user is currently logged in.

isMACRequired(CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper

Check to see if a Message Authentication Code (MAC) is required for a given CipherText object and the current ESAPI.property settings.

isOctalDigit(Integer) - Static method in class org.owasp.esapi.codecs.PushBackSequenceImpl

Returns true if the parameter character is an octal digit 0 through 7.

isOctalDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString

Returns true if the parameter character is an octal digit 0 through 7.

isReady() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

isRequestedSessionIdFromCookie() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Same as HttpServletRequest, no security changes required.

isRequestedSessionIdFromUrl() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Deprecated.
in servlet spec 2.1. Use SecurityWrapperRequest.isRequestedSessionIdFromURL() instead.

isRequestedSessionIdFromURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Same as HttpServletRequest, no security changes required.

isRequestedSessionIdValid() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Same as HttpServletRequest, no security changes required.

isSecure() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Same as HttpServletRequest, no security changes required.

isSessionAbsoluteTimeout() - Method in class org.owasp.esapi.reference.DefaultUser

Tests to see if this user's session has exceeded the absolute time out based on ESAPI's configuration settings.

isSessionAbsoluteTimeout() - Method in interface org.owasp.esapi.User

Tests to see if this user's session has exceeded the absolute time out based on ESAPI's configuration settings.

isSessionTimeout() - Method in class org.owasp.esapi.reference.DefaultUser

Tests to see if the user's session has timed out from inactivity based on ESAPI's configuration settings.

isSessionTimeout() - Method in interface org.owasp.esapi.User

Tests to see if the user's session has timed out from inactivity based on ESAPI's configuration settings.

isSuccess() - Method in class org.owasp.esapi.Logger.EventType

isTraceEnabled() - Method in interface org.owasp.esapi.Logger

Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.

isTraceEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger

isTraceEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

isUserInRole(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Returns true if the ESAPI User associated with this request has the specified role.

isUsingHttpOnlyFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

isUsingSecureFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

isUsingWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse

isValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

isValid(String, String) - Method in interface org.owasp.esapi.ValidationRule

isValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input matches the pattern for a valid credit card number.

isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input matches the pattern for a valid credit card number, any validation exceptions are added to the supplied errorList.

isValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input matches the pattern for a valid credit card number.

isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input matches the pattern for a valid credit card number, any validation exceptions are added to the supplied errorList.

isValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidFileName(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidFileName(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidFileName(String, String, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidFileName(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if filepath, filename, and content of a file are valid.

isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if filepath, filename, and content of a file are valid, any validation exceptions are added to the supplied errorList.

isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if filepath, filename, and content of a file are valid.

isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if filepath, filename, and content of a file are valid, any validation exceptions are added to the supplied errorList.

isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if only required and optional parameters are in the request.

isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if only required and optional parameters are in the request, any validation exceptions are added to the supplied errorList.

isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator

Returns true if only required and optional parameters are in the request.

isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if only required and optional parameters are in the request, any validation exceptions are added to the supplied errorList.

isValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if canonicalized input is valid.

isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if canonicalized input is valid, any validation exceptions are added to the supplied errorList.

isValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if canonicalized input is valid.

isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if canonicalized input is valid, any validation exceptions are added to the supplied errorList.

isValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is a valid integer between minValue and maxValue inclusive.

isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is a valid integer between minValue and maxValue inclusive, any validation exceptions are added to the supplied errorList.

isValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is a valid integer between minValue and maxValue inclusive.

isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is a valid integer between minValue and maxValue inclusive, any validation exceptions are added to the supplied errorList.

isValidKDFVersion(int, boolean, boolean) - Static method in class org.owasp.esapi.crypto.CryptoHelper

Is this particular KDF version number one that is sane? For that, we just make sure it is inbounds of the valid range which is:

isValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidPRF(String) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction

Check if specified algorithm name is a valid PRF that can be used.

isValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid.

isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid.

isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator

Returns true if input is valid, any validation exceptions are added to the supplied errorList.

isValidURI(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator

Parses and ensures that the URI in question is a valid RFC-3986 URI.

isValidURI(String, String, boolean) - Method in interface org.owasp.esapi.Validator

Parses and ensures that the URI in question is a valid RFC-3986 URI.

isWarningEnabled() - Method in interface org.owasp.esapi.Logger

Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.

isWarningEnabled() - Method in class org.owasp.esapi.logging.java.JavaLogger

isWarningEnabled() - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

iterator() - Method in interface org.owasp.esapi.AccessReferenceMap

Get an iterator through the direct object references.

iterator() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap

Get an iterator through the direct object references.

itod - Variable in class org.owasp.esapi.reference.AbstractAccessReferenceMap

The Indirect to Direct Map

IV_TYPE - Static variable in class org.owasp.esapi.PropNames

IV_TYPE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.

J

JavaEncryptor - Class in org.owasp.esapi.reference.crypto

Reference implementation of the Encryptor interface.

JavaLogBridge - Interface in org.owasp.esapi.logging.java

Contract for translating an ESAPI log event into an Java log event.

JavaLogBridgeImpl - Class in org.owasp.esapi.logging.java

Implementation which is intended to bridge the ESAPI Logging API into Java supported Object structures.

JavaLogBridgeImpl(LogAppender, LogScrubber, Map<Integer, JavaLogLevelHandler>) - Constructor for class org.owasp.esapi.logging.java.JavaLogBridgeImpl

Constructor.

JavaLogFactory - Class in org.owasp.esapi.logging.java

LogFactory implementation which creates JAVA supporting Loggers.

JavaLogFactory() - Constructor for class org.owasp.esapi.logging.java.JavaLogFactory

JavaLogger - Class in org.owasp.esapi.logging.java

ESAPI Logger implementation which relays events to an Java delegate.

JavaLogger(Logger, JavaLogBridge, int) - Constructor for class org.owasp.esapi.logging.java.JavaLogger

Constructs a new instance.

JavaLogLevelHandlers - Enum in org.owasp.esapi.logging.java

JAVASCRIPT_REDIRECT - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

JAVASCRIPT_TARGET_TOKEN - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

JavaScriptCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for backslash encoding in JavaScript.

JavaScriptCodec() - Constructor for class org.owasp.esapi.codecs.JavaScriptCodec

K

KDF_PRF_ALG - Static variable in class org.owasp.esapi.PropNames

KDF_PRF_ALG - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

kdfVersion - Static variable in class org.owasp.esapi.crypto.KeyDerivationFunction

KEY_LENGTH - Static variable in class org.owasp.esapi.PropNames

KEY_LENGTH - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

KeyDerivationFunction - Class in org.owasp.esapi.crypto

This class implements a Key Derivation Function (KDF) and supporting methods.

KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS) - Constructor for class org.owasp.esapi.crypto.KeyDerivationFunction

Construct a KeyDerivationFunction.

KeyDerivationFunction() - Constructor for class org.owasp.esapi.crypto.KeyDerivationFunction

Construct a KeyDerivationFunction based on the ESAPI.property property, Encryptor.KDF.PRF.

KeyDerivationFunction.PRF_ALGORITHMS - Enum in org.owasp.esapi.crypto

keySet() - Method in class org.owasp.esapi.codecs.HashTrie

keySet() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

keySet() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable

keySet() - Method in interface org.owasp.esapi.EncryptedProperties

Returns a Set view of properties.

keySet() - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties

Returns a Set view of properties.

killAllCookies() - Method in interface org.owasp.esapi.HTTPUtilities

Calls killAllCookies with the *current* request and response.

killAllCookies(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities

Kill all cookies received in the last request from the browser.

killAllCookies() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls killAllCookies with the *current* request and response.

killAllCookies(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Kill all cookies received in the last request from the browser.

killCookie(String) - Method in interface org.owasp.esapi.HTTPUtilities

Calls killCookie with the *current* request and response.

killCookie(HttpServletRequest, HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities

Kills the specified cookie by setting a new cookie that expires immediately.

killCookie(HttpServletRequest, HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Kills the specified cookie by setting a new cookie that expires immediately.

killCookie(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls killCookie with the *current* request and response.

L

LegacyHTMLEntityCodec - Class in org.owasp.esapi.codecs

Deprecated.

LegacyHTMLEntityCodec() - Constructor for class org.owasp.esapi.codecs.LegacyHTMLEntityCodec

Deprecated.

length() - Method in class org.owasp.esapi.crypto.PlainText

Return the length of the UTF-8 encoded byte array representing this object.

LETTERS - Static variable in class org.owasp.esapi.EncoderConstants

list(PrintStream) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

This method has been overridden to throw an UnsupportedOperationException

list(PrintWriter) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

This method has been overridden to throw an UnsupportedOperationException

load(InputStream) - Method in interface org.owasp.esapi.EncryptedProperties

Reads a property list (key and element pairs) from the input stream.

load() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader

load(InputStream) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties

Reads a property list (key and element pairs) from the input stream.

load(InputStream) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

Reads a property list (key and element pairs) from the input stream.

load(Reader) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

For JDK 1.5 compatibility, this method has been overridden convert the Reader into an InputStream and call the superclass constructor.

loadConfiguration() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Load configuration.

loaders - Variable in class org.owasp.esapi.configuration.EsapiPropertyManager

loadESAPIPreferredJCEProvider() - Static method in class org.owasp.esapi.crypto.SecurityProviderLoader

Load the preferred JCE provider for ESAPI based on the ESAPI.properties property Encryptor.PreferredJCEProvider.

loadProperties(String, Boolean) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils

Loads a Properties file from a filename.

loadPropertiesFromFile(File) - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader

Method that loads the data from configuration file to properties object.

loadPropertiesFromFile(File) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader

Methods loads configuration from .properties file.

loadPropertiesFromFile(File) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader

Methods loads configuration from .xml file.

loadUsersIfNecessary() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Load users if they haven't been loaded in a while.

loadUsersImmediately() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

lock() - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter

This makes the map itself read only, but the mutability of objects that this map contains is not affected.

lock() - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters

This makes the map itself read only, but the mutability of objects that this map contains is not affected.

lock() - Method in class org.owasp.esapi.reference.DefaultUser

Lock this user's account.

lock() - Method in interface org.owasp.esapi.User

Lock this user's account.

log() - Static method in class org.owasp.esapi.ESAPI

log(Logger, int, Logger.EventType, String) - Method in interface org.owasp.esapi.logging.java.JavaLogBridge

Translation for the provided ESAPI level, type, and message to the specified Java Logger.

log(Logger, int, Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.logging.java.JavaLogBridge

Translation for the provided ESAPI level, type, message, and Throwable to the specified Java Logger.

log(Logger, int, Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogBridgeImpl

log(Logger, int, Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogBridgeImpl

log(Logger, String) - Method in enum org.owasp.esapi.logging.java.JavaLogLevelHandlers

log(Logger, String, Throwable) - Method in enum org.owasp.esapi.logging.java.JavaLogLevelHandlers

log(Logger, int, Logger.EventType, String) - Method in interface org.owasp.esapi.logging.slf4j.Slf4JLogBridge

Translation for the provided ESAPI level, type, and message to the specified SLF4J Logger.

log(Logger, int, Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.logging.slf4j.Slf4JLogBridge

Translation for the provided ESAPI level, type, message, and Throwable to the specified SLF4J Logger.

log(Logger, int, Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogBridgeImpl

log(Logger, int, Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogBridgeImpl

log(Logger, Marker, String) - Method in enum org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers

log(Logger, Marker, String, Throwable) - Method in enum org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers

LOG - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

log(HttpServletRequest, String) - Method in class org.owasp.esapi.waf.rules.Rule

LOG_APPLICATION_NAME - Static variable in class org.owasp.esapi.PropNames

LOG_APPLICATION_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

LOG_CLIENT_INFO - Static variable in class org.owasp.esapi.PropNames

LOG_CLIENT_INFO - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

LOG_ENCODING_REQUIRED - Static variable in class org.owasp.esapi.PropNames

LOG_ENCODING_REQUIRED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames

LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

LOG_SERVER_IP - Static variable in class org.owasp.esapi.PropNames

LOG_SERVER_IP - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

LOG_USER_INFO - Static variable in class org.owasp.esapi.PropNames

LOG_USER_INFO - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

LogAppender - Interface in org.owasp.esapi.logging.appender

Contract interface for appending content to a log message.

LogFactory - Interface in org.owasp.esapi

The LogFactory interface is intended to allow substitution of various logging packages, while providing a common interface to access them.

logger - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityException

The logger.

logger - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException

The logger.

logger - Variable in exception org.owasp.esapi.errors.IntrusionException

The logger.

Logger - Interface in org.owasp.esapi

The Logger interface defines a set of methods that can be used to log security events.

logger - Variable in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController

logger - Variable in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader

logger - Variable in class org.owasp.esapi.reference.DefaultAccessController

logger - Static variable in class org.owasp.esapi.waf.rules.Rule

Logger.EventType - Class in org.owasp.esapi

Defines the type of log event that is being generated.

logHTTPRequest() - Method in interface org.owasp.esapi.HTTPUtilities

Calls logHTTPRequest with the *current* request and logger.

logHTTPRequest(HttpServletRequest, Logger) - Method in interface org.owasp.esapi.HTTPUtilities

Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.

logHTTPRequest(HttpServletRequest, Logger, List) - Method in interface org.owasp.esapi.HTTPUtilities

Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.

logHTTPRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls logHTTPRequest with the *current* request and logger.

logHTTPRequest(HttpServletRequest, Logger) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.

logHTTPRequest(HttpServletRequest, Logger, List) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Formats an HTTP request into a log suitable string.

login() - Method in interface org.owasp.esapi.Authenticator

Calls login with the *current* request and response.

login(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.Authenticator

This method should be called for every HTTP request, to login the current user either from the session of HTTP request.

login() - Method in class org.owasp.esapi.reference.AbstractAuthenticator

Calls login with the *current* request and response.

login(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.AbstractAuthenticator

This method should be called for every HTTP request, to login the current user either from the session of HTTP request.

loginWithPassword(String) - Method in class org.owasp.esapi.reference.DefaultUser

Login with password.

loginWithPassword(String) - Method in interface org.owasp.esapi.User

Login with password.

logMessage - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityException

logMessage - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException

logMessage - Variable in exception org.owasp.esapi.errors.IntrusionException

logout() - Method in interface org.owasp.esapi.Authenticator

Logs out the current user.

logout() - Method in class org.owasp.esapi.reference.AbstractAuthenticator

Logs out the current user.

logout() - Method in class org.owasp.esapi.reference.DefaultUser

Logout this user.

logout() - Method in interface org.owasp.esapi.User

Logout this user.

LogPrefixAppender - Class in org.owasp.esapi.logging.appender

LogAppender Implementation which can prefix the common logger information for EventType, Client data, and server data.

LogPrefixAppender(boolean, boolean, boolean, boolean, String) - Constructor for class org.owasp.esapi.logging.appender.LogPrefixAppender

Ctr.

LogScrubber - Interface in org.owasp.esapi.logging.cleaning

Contract interface for cleaning log message output.

logSpecial(String, Throwable) - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader

Used to log errors to the console during the loading of the properties file itself.

logSpecial(String) - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader

Used to log errors to the console during the loading of the properties file itself.

logToStdout(String, Throwable) - Static method in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Log to standard output (i.e., System.out.

LOWERS - Static variable in class org.owasp.esapi.EncoderConstants

M

main(String[]) - Static method in class org.owasp.esapi.codecs.Base64

Encodes or decodes two files from the command line; feel free to delete this method (in fact you probably should) if you're embedding this code into a larger program.

main(String...) - Static method in class org.owasp.esapi.crypto.CryptoDiscoverer

main(String[]) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction

Print list of ESAPI supported pseudo-random functions for KDF and KDF version information.

main(String[]) - Static method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties

Deprecated.
Use EncryptedPropertiesUtils instead, which allows creating, reading, and writing encrypted properties. main method will be removed in a future release.

main(String[]) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils

Loads encrypted or plaintext properties file based on the location passed in args then prompts the user to input key-value pairs.

main(String[]) - Static method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Generates a new strongly random secret key and salt that can be copy and pasted in the ESAPI.properties file.

main(String[]) - Static method in class org.owasp.esapi.reference.FileBasedAuthenticator

Fail safe main program to add or update an account in an emergency.

make(String, String) - Static method in class org.owasp.esapi.util.ObjFactory

Create an object based on the className parameter.

mark - Variable in class org.owasp.esapi.codecs.AbstractPushbackSequence

mark() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Mark the location of the current index.

mark() - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

Mark the location of the current index.

mark() - Method in class org.owasp.esapi.codecs.PushbackString

Mark the location of the current index.

MASTER_KEY - Static variable in class org.owasp.esapi.PropNames

MASTER_KEY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

MASTER_SALT - Static variable in class org.owasp.esapi.PropNames

MASTER_SALT - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

MAX_COOKIE_LEN - Static variable in interface org.owasp.esapi.HTTPUtilities

MAX_COOKIE_PAIRS - Static variable in interface org.owasp.esapi.HTTPUtilities

MAX_HTTP_HEADER_SIZE - Static variable in class org.owasp.esapi.PropNames

MAX_HTTP_HEADER_SIZE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

MAX_OLD_PASSWORD_HASHES - Static variable in class org.owasp.esapi.PropNames

MAX_OLD_PASSWORD_HASHES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

MAX_REDIRECT_LOCATION - Variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

MAX_UPLOAD_FILE_BYTES - Static variable in class org.owasp.esapi.PropNames

MAX_UPLOAD_FILE_BYTES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

maxLength - Variable in class org.owasp.esapi.reference.validation.StringValidationRule

minLength - Variable in class org.owasp.esapi.reference.validation.StringValidationRule

MustMatchRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <must-match> rules.

MustMatchRule(String, Pattern, String, int, String) - Constructor for class org.owasp.esapi.waf.rules.MustMatchRule

MYSQL_MODE - Static variable in class org.owasp.esapi.codecs.MySQLCodec

Target MySQL Server is running in Standard MySQL (Default) mode.

MySQLCodec - Class in org.owasp.esapi.codecs

Codec implementation which can be used to escape string literals in MySQL.

MySQLCodec(int) - Constructor for class org.owasp.esapi.codecs.MySQLCodec

Deprecated.

MySQLCodec(MySQLCodec.Mode) - Constructor for class org.owasp.esapi.codecs.MySQLCodec

Instantiate the MySQL Codec with the given SQL MySQLCodec.Mode.

MySQLCodec.Mode - Enum in org.owasp.esapi.codecs

Specifies the SQL Mode the target MySQL Server is running with.

N

name() - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader

name - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold

The name of this threshold.

NewlineLogScrubber - Class in org.owasp.esapi.logging.cleaning

LogScrubber implementation which replaces newline and carriage return values.

NewlineLogScrubber() - Constructor for class org.owasp.esapi.logging.cleaning.NewlineLogScrubber

next() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Return the next element in the Sequence and increment the current index.

next() - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

next() - Method in class org.owasp.esapi.codecs.PushbackString

nextHex() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Return the next element in the Sequence in Hex format and increment the current index.

nextHex() - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

nextHex() - Method in class org.owasp.esapi.codecs.PushbackString

nextOctal() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Return the next element in the Sequence in Octal format and increment the current index.

nextOctal() - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

nextOctal() - Method in class org.owasp.esapi.codecs.PushbackString

NO_OPTIONS - Static variable in class org.owasp.esapi.codecs.Base64

No options specified.

notNullOrEmpty(String, boolean) - Static method in class org.owasp.esapi.StringUtilities

Check to ensure that a String is not null or empty (after optional trimming of leading and trailing whitespace).

NullSafe - Class in org.owasp.esapi.util

NumberValidationRule - Class in org.owasp.esapi.reference.validation

A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

NumberValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.NumberValidationRule

NumberValidationRule(String, Encoder, double, double) - Constructor for class org.owasp.esapi.reference.validation.NumberValidationRule

O

ObjFactory - Class in org.owasp.esapi.util

A generic object factory to create an object of class T.

OFF - Static variable in interface org.owasp.esapi.Logger

OFF indicates that no messages should be logged.

OPERATOR_CONTAINS - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

OPERATOR_EQ - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

OPERATOR_EXISTS - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

OPERATOR_IN_LIST - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

OracleCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for Oracle strings.

OracleCodec() - Constructor for class org.owasp.esapi.codecs.OracleCodec

ORDERED - Static variable in class org.owasp.esapi.codecs.Base64

Encode using the special "ordered" dialect of Base64 described here: http://www.faqs.org/qa/rfcc-1940.html.

org.owasp.esapi - package org.owasp.esapi

The ESAPI interfaces and Exception classes model the most important security functions to enterprise web applications.

org.owasp.esapi.codecs - package org.owasp.esapi.codecs

This package contains codecs for application layer encoding/escaping schemes that can be used for both canonicalization and output encoding.

org.owasp.esapi.codecs.ref - package org.owasp.esapi.codecs.ref

org.owasp.esapi.configuration - package org.owasp.esapi.configuration

org.owasp.esapi.configuration.consts - package org.owasp.esapi.configuration.consts

org.owasp.esapi.crypto - package org.owasp.esapi.crypto

This package contains ESAPI cryptography-related classes used throughout ESAPI.

org.owasp.esapi.errors - package org.owasp.esapi.errors

A set of exception classes designed to model the error conditions that frequently arise in enterprise web applications and web services.

org.owasp.esapi.filters - package org.owasp.esapi.filters

This package contains several filters that demonstrate ways of using the ESAPI security controls in front of your application.

org.owasp.esapi.logging.appender - package org.owasp.esapi.logging.appender

org.owasp.esapi.logging.cleaning - package org.owasp.esapi.logging.cleaning

org.owasp.esapi.logging.java - package org.owasp.esapi.logging.java

org.owasp.esapi.logging.slf4j - package org.owasp.esapi.logging.slf4j

org.owasp.esapi.reference - package org.owasp.esapi.reference

This package contains reference implementations of the ESAPI interfaces.

org.owasp.esapi.reference.accesscontrol - package org.owasp.esapi.reference.accesscontrol

org.owasp.esapi.reference.accesscontrol.policyloader - package org.owasp.esapi.reference.accesscontrol.policyloader

org.owasp.esapi.reference.crypto - package org.owasp.esapi.reference.crypto

This package contains the reference implementation for some of the ESAPI cryptography-related classes used throughout ESAPI.

org.owasp.esapi.reference.validation - package org.owasp.esapi.reference.validation

This package contains data format-specific validation rule functions.

org.owasp.esapi.tags - package org.owasp.esapi.tags

This package contains sample JSP tags that demonstrate how to use the ESAPI functions to protect an application from within a JSP page.

org.owasp.esapi.util - package org.owasp.esapi.util

This package contains ESAPI utility classes used throughout the reference implementation of ESAPI but may also be directly useful.

org.owasp.esapi.waf - package org.owasp.esapi.waf

This package contains the ESAPI Web Application Firewall (WAF).

org.owasp.esapi.waf.actions - package org.owasp.esapi.waf.actions

This package contains the Action objects that are executed after a Rule subclass executes.

org.owasp.esapi.waf.configuration - package org.owasp.esapi.waf.configuration

This package contains the both the configuration object model and the utility class to create that object model from an existing policy file.

org.owasp.esapi.waf.internal - package org.owasp.esapi.waf.internal

This package contains all HTTP-related classes used internally by the WAF for the implementation of its rules.

org.owasp.esapi.waf.rules - package org.owasp.esapi.waf.rules

This package contains all of the Rule subclasses that correspond to policy file entries.

originalVersion - Static variable in class org.owasp.esapi.crypto.KeyDerivationFunction

Used to support backward compatibility.

OutputStream(OutputStream) - Constructor for class org.owasp.esapi.codecs.Base64.OutputStream

Constructs a Base64.OutputStream in ENCODE mode.

OutputStream(OutputStream, int) - Constructor for class org.owasp.esapi.codecs.Base64.OutputStream

Constructs a Base64.OutputStream in either ENCODE or DECODE mode.

override(SecurityConfiguration) - Static method in class org.owasp.esapi.ESAPI

Overrides the current security configuration with a new implementation.

overwrite(byte[], byte) - Static method in class org.owasp.esapi.crypto.CryptoHelper

Overwrite a byte array with a specified byte.

overwrite(byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper

Overwrite a byte array with the byte containing '*'.

overwrite() - Method in class org.owasp.esapi.crypto.PlainText

First overwrite the bytes of plaintext with the character '*'.

overwritePlainText() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Indicates whether the PlainText objects may be overwritten after they have been encrypted.

overwritePlainText() - Method in interface org.owasp.esapi.SecurityConfiguration

Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.

P

PARAMETER - Static variable in interface org.owasp.esapi.HTTPUtilities

Parameter - Class in org.owasp.esapi.waf.internal

A simple object to represent a name=value HTTP parameter.

Parameter(String, String, boolean) - Constructor for class org.owasp.esapi.waf.internal.Parameter

PASSWORD_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants

PASSWORD_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants

PASSWORD_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants

PASSWORD_PARAMETER_NAME - Static variable in class org.owasp.esapi.PropNames

PASSWORD_PARAMETER_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

PASSWORD_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants

PASSWORD_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants

PathExtensionRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <restrict-extension> rules.

PathExtensionRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.PathExtensionRule

peek() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Return the next element in the Sequence without affecting the current index.

peek(T) - Method in interface org.owasp.esapi.codecs.PushbackSequence

Test to see if the next element in the Sequence matches the supplied value without affecting the current index.

peek() - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

Return the next codePoint without affecting the current index.

peek(Integer) - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

Test to see if the next codePoint is a particular value without affecting the current index.

peek() - Method in class org.owasp.esapi.codecs.PushbackString

peek(Character) - Method in class org.owasp.esapi.codecs.PushbackString

PercentCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for percent encoding (aka URL encoding).

PercentCodec() - Constructor for class org.owasp.esapi.codecs.PercentCodec

PlainText - Class in org.owasp.esapi.crypto

A class representing plaintext (versus ciphertext) as related to cryptographic systems.

PlainText(String) - Constructor for class org.owasp.esapi.crypto.PlainText

Construct a PlainText object from a String.

PlainText(byte[]) - Constructor for class org.owasp.esapi.crypto.PlainText

Construct a PlainText object from a byte array.

PLAINTEXT_OVERWRITE - Static variable in class org.owasp.esapi.PropNames

PLAINTEXT_OVERWRITE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

PolicyDTO - Class in org.owasp.esapi.reference.accesscontrol.policyloader

The point of the loaders is to create this

PolicyDTO() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO

policyParameters - Variable in class org.owasp.esapi.reference.accesscontrol.BaseACR

PolicyParameters - Interface in org.owasp.esapi.reference.accesscontrol.policyloader

policyProperties - Variable in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter

PREFERRED_JCE_PROVIDER - Static variable in class org.owasp.esapi.PropNames

PREFERRED_JCE_PROVIDER - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

PreparedString - Class in org.owasp.esapi

A parameterized string that uses escaping to make untrusted data safe before combining it with a command or query intended for use in an interpreter.

PreparedString(String, Codec) - Constructor for class org.owasp.esapi.PreparedString

Create a PreparedString with the supplied template and Codec.

PreparedString(String, char, Codec) - Constructor for class org.owasp.esapi.PreparedString

Create a PreparedString with the supplied template, parameter placeholder character, and Codec.

print(boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(double) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(float) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(long) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(Object) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

print(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

PRINT_PROPERTIES_WHEN_LOADED - Static variable in class org.owasp.esapi.PropNames

PRINT_PROPERTIES_WHEN_LOADED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

printf(Locale, String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

printf(String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(double) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(float) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(long) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(Object) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

println(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

priority() - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader

Get priority of this property loader.

properties - Variable in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader

PropNames - Class in org.owasp.esapi

This non-constructable class of public constants defines all the property names used in ESAPI.properties as well as some of the default property values for some of those properties.

PropNames.DefaultSearchPath - Enum in org.owasp.esapi

Enum used with the search paths used to locate an ESAPI.properties and/or a validation.properties file.

pushback - Variable in class org.owasp.esapi.codecs.AbstractPushbackSequence

pushback(T) - Method in class org.owasp.esapi.codecs.AbstractPushbackSequence

pushback(T) - Method in interface org.owasp.esapi.codecs.PushbackSequence

PushbackSequence<T> - Interface in org.owasp.esapi.codecs

PushBackSequenceImpl - Class in org.owasp.esapi.codecs

The pushback string is used by Codecs to allow them to push decoded characters back onto a string for further decoding.

PushBackSequenceImpl(String) - Constructor for class org.owasp.esapi.codecs.PushBackSequenceImpl

PushbackString - Class in org.owasp.esapi.codecs

The pushback string is used by Codecs to allow them to push decoded characters back onto a string for further decoding.

PushbackString(String) - Constructor for class org.owasp.esapi.codecs.PushbackString

put(CharSequence, T) - Method in class org.owasp.esapi.codecs.HashTrie

Add mapping.

put(CharSequence, T) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

put(CharSequence, T) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable

put(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter

put(String, Object) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters

This is a convenience method for developers that prefer to think of this as a map instead of being bean-like.

put(Object, Object) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

This method has been overridden to only accept Strings for key and value, and to encrypt those Strings before storing them.

putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.HashTrie

putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable

R

RANDOM_ALGORITHM - Static variable in class org.owasp.esapi.PropNames

RANDOM_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

RandomAccessReferenceMap - Class in org.owasp.esapi.reference

Reference implementation of the AccessReferenceMap interface.

RandomAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap

RandomAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap

This AccessReferenceMap implementation uses short random strings to create a layer of indirection.

RandomAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap

RandomAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap

randomizer() - Static method in class org.owasp.esapi.ESAPI

Randomizer - Interface in org.owasp.esapi

The Randomizer interface defines a set of methods for creating cryptographically random numbers and strings.

RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames

RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

read() - Method in class org.owasp.esapi.codecs.Base64.InputStream

Reads enough of the input stream to convert to/from Base64 and returns the next byte.

read(byte[], int, int) - Method in class org.owasp.esapi.codecs.Base64.InputStream

Calls Base64.InputStream.read() repeatedly until the end of stream is reached or len bytes are read.

readConfigurationFile(InputStream, String) - Static method in class org.owasp.esapi.waf.configuration.ConfigurationParser

REDIRECT - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

RedirectAction - Class in org.owasp.esapi.waf.actions

The class that indicates the user should be redirected to another location.

RedirectAction() - Constructor for class org.owasp.esapi.waf.actions.RedirectAction

ReferenceEncryptedProperties - Class in org.owasp.esapi.reference.crypto

Reference implementation of the EncryptedProperties interface.

ReferenceEncryptedProperties() - Constructor for class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

Instantiates a new encrypted properties.

ReferenceEncryptedProperties(Properties) - Constructor for class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

remainder() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Not at all sure what this method is intended to do.

remainder() - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

Not at all sure what this method is intended to do.

remainder() - Method in class org.owasp.esapi.codecs.PushbackString

Not at all sure what this method is intended to do.

REMEMBER_TOKEN_COOKIE_NAME - Static variable in interface org.owasp.esapi.HTTPUtilities

REMEMBER_TOKEN_DURATION - Static variable in class org.owasp.esapi.PropNames

REMEMBER_TOKEN_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

remove(Object) - Method in class org.owasp.esapi.codecs.HashTrie

Remove a entry.

remove(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

remove(CharSequence) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable

removeAttribute(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Same as HttpServletRequest, no security changes required.

removeDirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap

Removes a direct reference and its associated indirect reference from the AccessReferenceMap.

removeDirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap

Removes a direct reference and its associated indirect reference from the AccessReferenceMap.

removeRole(String) - Method in class org.owasp.esapi.reference.DefaultUser

Removes a role from this user's account.

removeRole(String) - Method in interface org.owasp.esapi.User

Removes a role from this user's account.

removeSession(HttpSession) - Method in class org.owasp.esapi.reference.DefaultUser

Removes a session for this User.

removeSession(HttpSession) - Method in interface org.owasp.esapi.User

Removes a session for this User.

removeUser(String) - Method in interface org.owasp.esapi.Authenticator

Removes the account of the specified accountName.

removeUser(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Removes the account of the specified accountName.

ReplaceContentRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <dynamic-insertion> rules.

ReplaceContentRule(String, Pattern, String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.ReplaceContentRule

replaceLinearWhiteSpace(String) - Static method in class org.owasp.esapi.StringUtilities

replaceNull(String, String) - Static method in class org.owasp.esapi.StringUtilities

Returns the replace value if the value of test is null, "null", or ""

RequestRateThrottleFilter - Class in org.owasp.esapi.filters

A simple servlet filter that limits the request rate to a certain threshold of requests per second.

RequestRateThrottleFilter() - Constructor for class org.owasp.esapi.filters.RequestRateThrottleFilter

requiresIV() - Method in class org.owasp.esapi.crypto.CipherSpec

Return true if the cipher mode requires an IV.

requiresIV() - Method in class org.owasp.esapi.crypto.CipherText

Return true if the cipher mode used requires an IV.

reset() - Method in interface org.owasp.esapi.codecs.PushbackSequence

Set the index back to the last marked location.

reset() - Method in class org.owasp.esapi.codecs.PushBackSequenceImpl

Set the index back to the last marked location.

reset() - Method in class org.owasp.esapi.codecs.PushbackString

Set the index back to the last marked location.

reset() - Method in class org.owasp.esapi.codecs.ref.EncodingPatternPreservation

Clears any stored replacement values out of the instance.

reset() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Same as HttpServletResponse, no security changes required.

reset() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

resetBuffer() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Same as HttpServletResponse, no security changes required.

resetCSRFToken() - Method in class org.owasp.esapi.reference.DefaultUser

Returns a token to be used as a prevention against CSRF attacks.

resetCSRFToken() - Method in interface org.owasp.esapi.User

Returns a token to be used as a prevention against CSRF attacks.

RESPONSE_CONTENT_TYPE - Static variable in class org.owasp.esapi.PropNames

RESPONSE_CONTENT_TYPE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

restoreOriginalContent(String) - Method in class org.owasp.esapi.codecs.ref.EncodingPatternPreservation

Replaces each instance of the EncodingPatternPreservation.replacementMarker with the original content, as captured by EncodingPatternPreservation.captureAndReplaceMatches(String)

RestrictContentTypeRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <dynamic-insertion> rules.

RestrictContentTypeRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.RestrictContentTypeRule

RestrictUserAgentRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <restrict-user-agent> rules.

RestrictUserAgentRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.RestrictUserAgentRule

resumeEncoding() - Method in class org.owasp.esapi.codecs.Base64.OutputStream

Resumes encoding of the stream.

Rule - Class in org.owasp.esapi.waf.rules

This is the base class for the WAF rules.

Rule() - Constructor for class org.owasp.esapi.waf.rules.Rule

RuleUtil - Class in org.owasp.esapi.waf.rules

This is a small utility class for use by Rule subclasses.

RuleUtil() - Constructor for class org.owasp.esapi.waf.rules.RuleUtil

S

SafeFile - Class in org.owasp.esapi

Extension to java.io.File to prevent against null byte injections and other unforeseen problems resulting from unprintable characters causing problems in path lookups.

SafeFile(String) - Constructor for class org.owasp.esapi.SafeFile

SafeFile(String, String) - Constructor for class org.owasp.esapi.SafeFile

SafeFile(File, String) - Constructor for class org.owasp.esapi.SafeFile

SafeFile(URI) - Constructor for class org.owasp.esapi.SafeFile

safeReadLine(InputStream, int) - Method in class org.owasp.esapi.reference.DefaultValidator

Reads from an input stream until end-of-line or a maximum number of characters.

safeReadLine(InputStream, int) - Method in interface org.owasp.esapi.Validator

Reads from an input stream until end-of-line or a maximum number of characters.

sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).

sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).

sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).

sanitize(String, String, ValidationErrorList) - Method in class org.owasp.esapi.reference.validation.DateValidationRule

Same as sanitize(String, String) except it returns any ValidationException generated in the provided errorList.

sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).

sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule

sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).

sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).

saveUsers() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Saves the user database to the file system.

saveUsers(PrintWriter) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Save users.

seal(String, long) - Method in interface org.owasp.esapi.Encryptor

Creates a seal that binds a set of data and includes an expiration timestamp.

seal(String, long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Creates a seal that binds a set of data and includes an expiration timestamp.

SECURITY_AUDIT - Static variable in interface org.owasp.esapi.Logger

A security type of log event that is associated with an audit trail of some type, but the log event is not specifically something that has either succeeded or failed or that is irrelevant in the case of this logged message.

SECURITY_FAILURE - Static variable in interface org.owasp.esapi.Logger

A security type of log event that has failed.

SECURITY_SUCCESS - Static variable in interface org.owasp.esapi.Logger

A security type of log event that has succeeded.

securityConfiguration() - Static method in class org.owasp.esapi.ESAPI

SecurityConfiguration - Interface in org.owasp.esapi

The SecurityConfiguration interface stores all configuration information that directs the behavior of the ESAPI implementation.

SecurityConfiguration.Threshold - Class in org.owasp.esapi

Models a simple threshold as a count and an interval, along with a set of actions to take if the threshold is exceeded.

SecurityProviderLoader - Class in org.owasp.esapi.crypto

This class provides a generic static method that loads a java.security.Provider either by some generic name (i.e., Provider.getName()) or by a fully-qualified class name.

SecurityProviderLoader() - Constructor for class org.owasp.esapi.crypto.SecurityProviderLoader

SecurityWrapper - Class in org.owasp.esapi.filters

This filter wraps the incoming request and outgoing response and overrides many methods with safer versions.

SecurityWrapper() - Constructor for class org.owasp.esapi.filters.SecurityWrapper

SecurityWrapperRequest - Class in org.owasp.esapi.filters

This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible.

SecurityWrapperRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.filters.SecurityWrapperRequest

Construct a safe request that overrides the default request methods with safer versions.

SecurityWrapperResponse - Class in org.owasp.esapi.filters

This response wrapper simply overrides unsafe methods in the HttpServletResponse API with safe versions.

SecurityWrapperResponse(HttpServletResponse) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse

Construct a safe response that overrides the default response methods with safer versions.

SecurityWrapperResponse(HttpServletResponse, String) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse

Construct a safe response that overrides the default response methods with safer versions.

sendError(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Override the error code with a 200 in order to confound attackers using automated scanners.

sendError(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Override the error code with a 200 in order to confound attackers using automated scanners.

sendForward(String) - Method in interface org.owasp.esapi.HTTPUtilities

Calls sendForward with the *current* request and response.

sendForward(HttpServletRequest, HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities

This method performs a forward to any resource located inside the WEB-INF directory.

sendForward(HttpServletRequest, HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

This method performs a forward to any resource located inside the WEB-INF directory.

sendForward(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls sendForward with the *current* request and response.

sendRedirect(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

This method generates a redirect response that can only be used to redirect the browser to safe locations, as configured in the ESAPI security configuration.

sendRedirect(String) - Method in interface org.owasp.esapi.HTTPUtilities

Calls sendRedirect with the *current* response.

sendRedirect(HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities

This method performs a forward to any resource located inside the WEB-INF directory.

sendRedirect(HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

This method performs a forward to any resource located inside the WEB-INF directory.

sendRedirect(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls sendRedirect with the *current* response.

serialVersionUID - Static variable in exception org.owasp.esapi.errors.ConfigurationException

serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityException

serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException

serialVersionUID - Static variable in exception org.owasp.esapi.errors.ValidationException

serialVersionUID - Static variable in class org.owasp.esapi.logging.java.ESAPICustomJavaLevel

serialVersionUID - Static variable in class org.owasp.esapi.logging.java.ESAPIErrorJavaLevel

Deprecated.

serialVersionUID - Static variable in exception org.owasp.esapi.waf.ConfigurationException

ServerInfoSupplier - Class in org.owasp.esapi.logging.appender

Supplier which can provide a String representing the server-side connection information.

ServerInfoSupplier(String) - Constructor for class org.owasp.esapi.logging.appender.ServerInfoSupplier

Ctr.

set(int, String) - Method in class org.owasp.esapi.PreparedString

Set the parameter at index with supplied value using the default Codec to escape.

set(int, String, Codec) - Method in class org.owasp.esapi.PreparedString

Set the parameter at index with supplied value using the supplied Codec to escape.

set(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter

set(String, Object) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters

This works just like a Map, except it will throw an exception if lock() has been called.

setAccountName(String) - Method in class org.owasp.esapi.reference.DefaultUser

Sets this user's account name.

setAccountName(String) - Method in interface org.owasp.esapi.User

Sets this user's account name.

setActionNecessary(boolean) - Method in class org.owasp.esapi.waf.actions.Action

setAllowableContentRoot(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

setAllowNull(boolean) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

Whether or not a valid valid can be null.

setAllowNull(boolean) - Method in interface org.owasp.esapi.ValidationRule

Whether or not a valid valid can be null.

setApplyHTTPOnlyFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

setApplySecureFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

setAttribute(String, String) - Method in class org.owasp.esapi.crypto.CryptoToken

Set a name/value pair as an attribute.

setAttribute(String, Object) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Same as HttpServletRequest, no security changes required.

setBlockSize(int) - Method in class org.owasp.esapi.crypto.CipherSpec

Set the block size for this CipherSpec.

setBufferSize(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Same as HttpServletResponse, no security changes required.

setCache(boolean) - Static method in class org.owasp.esapi.util.ObjFactory

Control whether cache for classes and method names should be enabled or disabled.

setCanonicalize(boolean) - Method in class org.owasp.esapi.reference.validation.StringValidationRule

setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest

Sets the character encoding scheme to the ESAPI configured encoding scheme.

setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Sets the character encoding to the ESAPI configured encoding.

setCiphertext(byte[]) - Method in class org.owasp.esapi.crypto.CipherText

Set the raw ciphertext.

setCipherTransformation(String) - Method in class org.owasp.esapi.crypto.CipherSpec

Set the cipher transformation for this CipherSpec.

setCipherTransformation(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Set the cipher transformation.

setCipherTransformation(String) - Method in interface org.owasp.esapi.SecurityConfiguration

Deprecated.
To be replaced by new class in ESAPI 2.1, but here if you need it until then. Details of replacement forthcoming to ESAPI-Dev list. Most likely to be replaced by a new CTOR for JavaEncryptor that takes a list of properties to override.

setConfiguration(String, String) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter

This function is used in testing to dynamically alter the configuration.

setContentLength(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Same as HttpServletResponse, no security changes required.

setContentType(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Same as HttpServletResponse, no security changes required.

setContentType() - Method in interface org.owasp.esapi.HTTPUtilities

Calls setContentType with the *current* request and response.

setContentType(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities

Set the content type character encoding header on every HttpServletResponse in order to limit the ways in which the input data can be represented.

setContentType() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls setContentType with the *current* request and response.

setContentType(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Set the content type character encoding header on every HttpServletResponse in order to limit the ways in which the input data can be represented.

setContentType(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse

setContext(String) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction

Set the 'context' as specified by NIST Special Publication 800-108.

setContext(String) - Method in exception org.owasp.esapi.errors.ValidationException

Set's the UI reference that caused this ValidationException

setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities

Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout ESAPI (and elsewhere)

setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout ESAPI (and elsewhere)

setCurrentUser(User) - Method in interface org.owasp.esapi.Authenticator

Sets the currently logged in User.

setCurrentUser(User) - Method in class org.owasp.esapi.reference.AbstractAuthenticator

Sets the currently logged in User.

setDateFormat(DateFormat) - Method in class org.owasp.esapi.reference.validation.DateValidationRule

setDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Add a date header to the response after ensuring that there are no encoded or illegal characters in the name.

setDefaultErrorPage(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

setDefaultResponseCode(int) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

setEncoder(Encoder) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

setEncoder(Encoder) - Method in interface org.owasp.esapi.ValidationRule

setEncoding(String) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag

Set the encoding used to convert the content to bytes for encoding.

setError() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

setExpiration(int) - Method in class org.owasp.esapi.crypto.CryptoToken

Set expiration time to expire in 'interval' seconds (NOT milliseconds).

setExpiration(Date) - Method in class org.owasp.esapi.crypto.CryptoToken

Set expiration time for a specific date/time.

setExpirationTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser

Sets the date and time when this user's account will expire.

setExpirationTime(Date) - Method in interface org.owasp.esapi.User

Sets the date and time when this user's account will expire.

setFailed(boolean) - Method in class org.owasp.esapi.waf.actions.Action

setHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.

setHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities

Calls setHeader with the *current* response.

setHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities

Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.

setHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.

setHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls setHeader with the *current* response.

setId(String) - Method in class org.owasp.esapi.waf.rules.Rule

setIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Add an int header to the response after ensuring that there are no encoded or illegal characters in the name.

setIV(byte[]) - Method in class org.owasp.esapi.crypto.CipherSpec

Set the initialization vector (IV).

setIVandCiphertext(byte[], byte[]) - Method in class org.owasp.esapi.crypto.CipherText

Set the IV and raw ciphertext.

setKDF_PRF(int) - Method in class org.owasp.esapi.crypto.CipherText

setKDFVersion(int) - Method in class org.owasp.esapi.crypto.CipherText

setKeySize(int) - Method in class org.owasp.esapi.crypto.CipherSpec

Set the key size for this CipherSpec.

setLastFailedLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser

Set the time of the last failed login for this user.

setLastFailedLoginTime(Date) - Method in interface org.owasp.esapi.User

Set the time of the last failed login for this user.

setLastHostAddress(String) - Method in class org.owasp.esapi.reference.DefaultUser

Set the last remote host address used by this user.

setLastHostAddress(String) - Method in interface org.owasp.esapi.User

Set the last remote host address used by this user.

setLastLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser

Set the time of the last successful login for this user.

setLastLoginTime(Date) - Method in interface org.owasp.esapi.User

Set the time of the last successful login for this user.

setLastPasswordChangeTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser

Set the time of the last password change for this user.

setLastPasswordChangeTime(Date) - Method in interface org.owasp.esapi.User

Set the time of the last password change for this user.

setLevel(int) - Method in interface org.owasp.esapi.Logger

Dynamically set the ESAPI logging severity level.

setLevel(int) - Method in class org.owasp.esapi.logging.java.JavaLogger

setLevel(int) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

setLocale(Locale) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Same as HttpServletResponse, no security changes required.

setLocale(Locale) - Method in class org.owasp.esapi.reference.DefaultUser

setLocale(Locale) - Method in interface org.owasp.esapi.User

setLogApplicationName(boolean, String) - Method in class org.owasp.esapi.logging.appender.ServerInfoSupplier

Specify whether the instance should record the application name

setLogClientInfo(boolean) - Method in class org.owasp.esapi.logging.appender.ClientInfoSupplier

Specify whether the instance should record the client info.

setLogServerIp(boolean) - Method in class org.owasp.esapi.logging.appender.ServerInfoSupplier

Specify whether the instance should record the server connection info.

setLogUserInfo(boolean) - Method in class org.owasp.esapi.logging.appender.UserInfoSupplier

Specify whether the instance should record the client info.

setMaxCardLength(int) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule

setMaximumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule

setMinimumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule

setName(String) - Method in class org.owasp.esapi.waf.internal.Parameter

setNoCacheHeaders() - Method in interface org.owasp.esapi.HTTPUtilities

Calls setNoCacheHeaders with the *current* response.

setNoCacheHeaders(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities

Set headers to protect sensitive information against being cached in the browser.

setNoCacheHeaders() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls setNoCacheHeaders with the *current* response.

setNoCacheHeaders(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Set headers to protect sensitive information against being cached in the browser.

setPolicyParameters(P) - Method in interface org.owasp.esapi.AccessControlRule

setPolicyParameters(P) - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR

setPolicyParameters(DynaBeanACRParameter) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR

setProperty(String, String) - Method in interface org.owasp.esapi.EncryptedProperties

Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.

setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties

Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.

setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.

setRedirectURL(String) - Method in class org.owasp.esapi.waf.actions.RedirectAction

setRememberToken(String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities

Deprecated.

setRememberToken(HttpServletRequest, HttpServletResponse, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities

setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities

Deprecated.

setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Set a cookie containing the current User's remember me token for automatic authentication.

setRememberToken(HttpServletRequest, HttpServletResponse, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

setRememberToken(String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls setNoCacheHeaders with the *current* response.

setReplacementMarker(String) - Method in class org.owasp.esapi.codecs.ref.EncodingPatternPreservation

Allows the marker used as a replacement to be altered.

setResourceDirectory(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Sets the ESAPI resource directory.

setResourceDirectory(String) - Method in interface org.owasp.esapi.SecurityConfiguration

Sets the ESAPI resource directory.

setResponseBytes(byte[]) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

setRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser

Sets the roles for this account.

setRoles(Set<String>) - Method in interface org.owasp.esapi.User

Sets the roles for this account.

setScreenName(String) - Method in class org.owasp.esapi.reference.DefaultUser

Sets the screen name (username alias) for this user.

setScreenName(String) - Method in interface org.owasp.esapi.User

Sets the screen name (username alias) for this user.

setSessionCookieName(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

setStatus(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Override the status code with a 200 in order to confound attackers using automated scanners.

setStatus(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse

Deprecated.
In Servlet spec 2.1.

setStringValidatorRule(StringValidationRule) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule

setTypeName(String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

setTypeName(String) - Method in interface org.owasp.esapi.ValidationRule

setUserAccountName(String) - Method in class org.owasp.esapi.crypto.CryptoToken

Set the user account name associated with this cryptographic token object.

setValue(String) - Method in class org.owasp.esapi.waf.internal.Parameter

setVersion(int) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction

Set version so backward compatibility can be supported.

setWrap(boolean) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag

Set whether line wrapping at 64 characters is performed.

setWriteListener(WriteListener) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

shouldPrintProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration

sign(String) - Method in interface org.owasp.esapi.Encryptor

Create a digital signature for the provided data and return it in a string.

sign(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Create a digital signature for the provided data and return it in a string.

SimpleVirtualPatchRule - Class in org.owasp.esapi.waf.rules

This is the Rule subclass executed for <virtual-patch> rules.

SimpleVirtualPatchRule(String, Pattern, String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule

size() - Method in class org.owasp.esapi.codecs.HashTrie

Get the number of entries.

size() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

size() - Method in class org.owasp.esapi.ValidationErrorList

Returns the numbers of errors present.

Slf4JLogBridge - Interface in org.owasp.esapi.logging.slf4j

Contract for translating an ESAPI log event into an SLF4J log event.

Slf4JLogBridgeImpl - Class in org.owasp.esapi.logging.slf4j

Implementation which is intended to bridge the ESAPI Logging API into SLF4J supported Object structures.

Slf4JLogBridgeImpl(LogAppender, LogScrubber, Map<Integer, Slf4JLogLevelHandler>) - Constructor for class org.owasp.esapi.logging.slf4j.Slf4JLogBridgeImpl

Constructor.

Slf4JLogFactory - Class in org.owasp.esapi.logging.slf4j

LogFactory implementation which creates SLF4J supporting Loggers.

Slf4JLogFactory() - Constructor for class org.owasp.esapi.logging.slf4j.Slf4JLogFactory

Slf4JLogger - Class in org.owasp.esapi.logging.slf4j

ESAPI Logger implementation which relays events to an SLF4J delegate.

Slf4JLogger(Logger, Slf4JLogBridge, int) - Constructor for class org.owasp.esapi.logging.slf4j.Slf4JLogger

Constructs a new instance.

Slf4JLogLevelHandlers - Enum in org.owasp.esapi.logging.slf4j

Enumeration capturing the propagation of SLF4J level events.

SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants

splitQuery(URI) - Method in class org.owasp.esapi.reference.DefaultEncoder

The meat of this method was taken from StackOverflow: http://stackoverflow.com/a/13592567/557153 It has been modified to return a canonicalized key and value pairing.

StandardEsapiPropertyLoader - Class in org.owasp.esapi.configuration

Loader capable of loading single security configuration property from standard java properties configuration file.

StandardEsapiPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.StandardEsapiPropertyLoader

store(OutputStream, String) - Method in interface org.owasp.esapi.EncryptedProperties

Writes this property list (key and element pairs) in this Properties table to the output stream in a format suitable for loading into a Properties table using the load method.

store(OutputStream, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties

Writes this property list (key and element pairs) in this Properties table to the output stream in a format suitable for loading into a Properties table using the load method.

storeProperties(String, Properties, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils

Stores a Properties object to a file.

StringUtilities - Class in org.owasp.esapi

String utilities used in various filters.

StringUtilities() - Constructor for class org.owasp.esapi.StringUtilities

StringValidationRule - Class in org.owasp.esapi.reference.validation

A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

StringValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule

StringValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule

StringValidationRule(String, Encoder, String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule

stripControls(String) - Static method in class org.owasp.esapi.StringUtilities

Removes all unprintable characters from a string and replaces with a space.

strToChars(String) - Static method in class org.owasp.esapi.util.CollectionsUtil

Convert a String to a char array

strToSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil

Convert a String to a set of characters.

strToUnmodifiableSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil

Convert a String to a unmodifiable set of characters.

suspendEncoding() - Method in class org.owasp.esapi.codecs.Base64.OutputStream

Suspends encoding of the stream.

T

temp - Variable in class org.owasp.esapi.codecs.AbstractPushbackSequence

testValue(String, String, int) - Static method in class org.owasp.esapi.waf.rules.RuleUtil

Threshold(String, int, long, List<String>) - Constructor for class org.owasp.esapi.SecurityConfiguration.Threshold

Constructs a threshold that is composed of its name, its threshold count, the time window for the threshold, and the actions to take if the threshold is triggered.

toHex(char) - Method in class org.owasp.esapi.codecs.AbstractCodec

toHex(int) - Method in class org.owasp.esapi.codecs.AbstractCodec

toHex(char) - Method in interface org.owasp.esapi.codecs.Codec

Convert the char parameter to its hexadecimal representation.

toHex(int) - Method in interface org.owasp.esapi.codecs.Codec

Convert the int parameter to its hexadecimal representation.

toHex(byte[], boolean) - Static method in class org.owasp.esapi.codecs.Hex

Output byte representation as hexadecimal representation.

toInt(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil

Converts a given byte array to an int.

toLong(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil

Converts a given byte array to a long.

toOctal(char) - Method in class org.owasp.esapi.codecs.AbstractCodec

toOctal(char) - Method in interface org.owasp.esapi.codecs.Codec

Convert the char parameter to its octal representation.

toShort(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil

Converts a given byte array to an short.

toString() - Method in class org.owasp.esapi.codecs.HashTrie

toString() - Method in class org.owasp.esapi.crypto.CipherSpec

Override Object.toString() to provide something more useful.

toString() - Method in class org.owasp.esapi.crypto.CipherText

More useful toString() method.

toString() - Method in class org.owasp.esapi.crypto.PlainText

Convert the PlainText object to a UTF-8 encoded String.

toString() - Method in class org.owasp.esapi.ExecuteResult

toString() - Method in class org.owasp.esapi.Logger.EventType

Convert the EventType to a string.

toString() - Method in class org.owasp.esapi.PreparedString

Render the PreparedString by combining the template with properly escaped parameters.

toString() - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter

toString() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO

toString() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

This method has been overridden to not print out the keys and values stored in this properties file.

toString() - Method in class org.owasp.esapi.reference.DefaultUser

toString(Object) - Static method in class org.owasp.esapi.util.NullSafe

Object.toString() of an object.

toString() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration

toString() - Method in class org.owasp.esapi.waf.rules.Rule

TRACE - Static variable in interface org.owasp.esapi.Logger

TRACE indicates that TRACE messages and above should be logged.

trace(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger

Log a trace level security event if 'trace' level logging is enabled.

trace(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger

Log a trace level security event if 'trace' level logging is enabled and also record the stack trace associated with the event.

trace(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger

trace(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger

trace(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

trace(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

Trie<T> - Interface in org.owasp.esapi.codecs

Trie.TrieProxy<T> - Class in org.owasp.esapi.codecs

Trie.Unmodifiable<T> - Class in org.owasp.esapi.codecs

Trie.Util - Class in org.owasp.esapi.codecs

U

union(char[]...) - Static method in class org.owasp.esapi.StringUtilities

Union multiple character arrays.

UnixCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for '\' encoding from Unix command shell (bash lineage, not csh lineage).

UnixCodec() - Constructor for class org.owasp.esapi.codecs.UnixCodec

unlock() - Method in class org.owasp.esapi.reference.DefaultUser

Unlock this user's account.

unlock() - Method in interface org.owasp.esapi.User

Unlock this user's account.

unseal(String) - Method in interface org.owasp.esapi.Encryptor

Unseals data (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or decryption error.

unseal(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Unseals data (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or decryption error.

update(Set) - Method in interface org.owasp.esapi.AccessReferenceMap

Updates the access reference map with a new set of direct references, maintaining any existing indirect references associated with items that are in the new list.

update(Set) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap

Updates the access reference map with a new set of direct references, maintaining any existing indirect references associated with items that are in the new list.

updateToken(int) - Method in class org.owasp.esapi.crypto.CryptoToken

Update the (current) expiration time by adding the specified number of seconds to it and then re-encrypting with the current SecretKey that was used to construct this object.

UPLOAD_DIRECTORY - Static variable in class org.owasp.esapi.PropNames

UPLOAD_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

UPLOAD_TEMP_DIRECTORY - Static variable in class org.owasp.esapi.PropNames

UPLOAD_TEMP_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

UPPERS - Static variable in class org.owasp.esapi.EncoderConstants

URL_SAFE - Static variable in class org.owasp.esapi.codecs.Base64

Encode using Base64-like encoding that is URL- and Filename-safe as described in Section 4 of RFC3548: http://www.faqs.org/rfcs/rfc3548.html.

useMACforCipherText() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Determines whether the CipherText should be used with a Message Authentication Code (MAC).

useMACforCipherText() - Method in interface org.owasp.esapi.SecurityConfiguration

Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.

USER - Static variable in class org.owasp.esapi.reference.AbstractAuthenticator

Key for user in session

User - Interface in org.owasp.esapi

The User interface represents an application user or user account.

UserInfoSupplier - Class in org.owasp.esapi.logging.appender

Supplier which can provide a String representing the client-side connection information.

UserInfoSupplier() - Constructor for class org.owasp.esapi.logging.appender.UserInfoSupplier

USERNAME_PARAMETER_NAME - Static variable in class org.owasp.esapi.PropNames

USERNAME_PARAMETER_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

V

validateMAC(SecretKey) - Method in class org.owasp.esapi.crypto.CipherText

Validate the message authentication code (MAC) associated with the ciphertext.

VALIDATION_PROPERTIES - Static variable in class org.owasp.esapi.PropNames

VALIDATION_PROPERTIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

VALIDATION_PROPERTIES_MULTIVALUED - Static variable in class org.owasp.esapi.PropNames

VALIDATION_PROPERTIES_MULTIVALUED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

ValidationAvailabilityException - Exception in org.owasp.esapi.errors

ValidationAvailabilityException() - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException

Instantiates a new validation exception.

ValidationAvailabilityException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException

Create a new ValidationException

ValidationAvailabilityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException

Create a new ValidationException

ValidationErrorList - Class in org.owasp.esapi

The ValidationErrorList class defines a well-formed collection of ValidationExceptions so that groups of validation functions can be called in a non-blocking fashion.

ValidationErrorList() - Constructor for class org.owasp.esapi.ValidationErrorList

ValidationException - Exception in org.owasp.esapi.errors

A ValidationException should be thrown to indicate that the data provided by the user or from some other external source does not match the validation rules that have been specified for that data.

ValidationException() - Constructor for exception org.owasp.esapi.errors.ValidationException

Instantiates a new validation exception.

ValidationException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationException

Creates a new instance of ValidationException.

ValidationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationException

Instantiates a new ValidationException.

ValidationException(String, String, String) - Constructor for exception org.owasp.esapi.errors.ValidationException

Creates a new instance of ValidationException.

ValidationException(String, String, Throwable, String) - Constructor for exception org.owasp.esapi.errors.ValidationException

Instantiates a new ValidationException.

ValidationRule - Interface in org.owasp.esapi

ValidationUploadException - Exception in org.owasp.esapi.errors

ValidationUploadException() - Constructor for exception org.owasp.esapi.errors.ValidationUploadException

Instantiates a new validation exception.

ValidationUploadException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationUploadException

Create a new ValidationException

ValidationUploadException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationUploadException

Create a new ValidationException

validator() - Static method in class org.owasp.esapi.ESAPI

Validator - Interface in org.owasp.esapi

The Validator interface defines a set of methods for canonicalizing and validating untrusted input.

VALIDATOR_HTML_VALIDATION_ACTION - Static variable in class org.owasp.esapi.PropNames

VALIDATOR_HTML_VALIDATION_ACTION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE - Static variable in class org.owasp.esapi.PropNames

VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.PropNames

VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

validCreditCardFormat(String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule

Performs additional validation on the card nummber.

value() - Method in enum org.owasp.esapi.PropNames.DefaultSearchPath

valueOf(String) - Static method in enum org.owasp.esapi.codecs.MySQLCodec.Mode

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfigurationType

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.owasp.esapi.logging.java.JavaLogLevelHandlers

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.owasp.esapi.PropNames.DefaultSearchPath

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.owasp.esapi.reference.DefaultEncoder.UriSegment

Returns the enum constant of this type with the specified name.

values() - Method in class org.owasp.esapi.codecs.HashTrie

values() - Static method in enum org.owasp.esapi.codecs.MySQLCodec.Mode

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy

values() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable

values() - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfigurationType

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.owasp.esapi.logging.java.JavaLogLevelHandlers

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.owasp.esapi.PropNames.DefaultSearchPath

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties

This method has been overridden to throw an UnsupportedOperationException

values() - Static method in enum org.owasp.esapi.reference.DefaultEncoder.UriSegment

Returns an array containing the constants of this enum type, in the order they are declared.

VBScriptCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for 'quote' encoding from VBScript.

VBScriptCodec() - Constructor for class org.owasp.esapi.codecs.VBScriptCodec

verifyAccountNameStrength(String) - Method in interface org.owasp.esapi.Authenticator

Ensures that the account name passes site-specific complexity requirements, like minimum length.

verifyAccountNameStrength(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Ensures that the account name passes site-specific complexity requirements, like minimum length.

verifyCSRFToken() - Method in interface org.owasp.esapi.HTTPUtilities

Calls verifyCSRFToken with the *current* request.

verifyCSRFToken(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities

Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and throws an IntrusionException if it is missing.

verifyCSRFToken() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Calls verifyCSRFToken with the *current* request.

verifyCSRFToken(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities

Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and throws an IntrusionException if it is missing.

verifyPassword(User, String) - Method in interface org.owasp.esapi.Authenticator

Verify that the supplied password matches the password for this user.

verifyPassword(String) - Method in class org.owasp.esapi.reference.DefaultUser

Verify that the supplied password matches the password for this user.

verifyPassword(User, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Verify that the supplied password matches the password for this user.

verifyPassword(String) - Method in interface org.owasp.esapi.User

Verify that the supplied password matches the password for this user.

verifyPasswordStrength(String, String, User) - Method in interface org.owasp.esapi.Authenticator

Ensures that the password meets site-specific complexity requirements, like length or number of character sets.

verifyPasswordStrength(String, String, User) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator

Ensures that the password meets site-specific complexity requirements, like length or number of character sets.

verifySeal(String) - Method in interface org.owasp.esapi.Encryptor

Verifies a seal (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or data mismatch.

verifySeal(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Verifies a seal (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or data mismatch.

verifySignature(String, String) - Method in interface org.owasp.esapi.Encryptor

Verifies a digital signature (created with the sign method) and returns the boolean result.

verifySignature(String, String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor

Verifies a digital signature (created with the sign method) and returns the boolean result.

W

WARNING - Static variable in interface org.owasp.esapi.Logger

WARNING indicates that WARNING messages and above should be logged.

warning(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger

Log a warning level security event if 'warning' level logging is enabled.

warning(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger

Log a warning level security event if 'warning' level logging is enabled and also record the stack trace associated with the event.

warning(Logger.EventType, String) - Method in class org.owasp.esapi.logging.java.JavaLogger

warning(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.java.JavaLogger

warning(Logger.EventType, String) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

warning(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.logging.slf4j.Slf4JLogger

whitelist(String, char[]) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

String the input of all chars contained in the list

whitelist(String, Set<Character>) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule

Removes characters that aren't in the whitelist from the input String.

whitelist(String, char[]) - Method in interface org.owasp.esapi.ValidationRule

String the input of all chars contained in the list

whitelist(String, Set<Character>) - Method in interface org.owasp.esapi.ValidationRule

String the input of all chars contained in the list

whitelistPatterns - Variable in class org.owasp.esapi.reference.validation.StringValidationRule

WindowsCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for '^' encoding from Windows command shell.

WindowsCodec() - Constructor for class org.owasp.esapi.codecs.WindowsCodec

WORKING_DIRECTORY - Static variable in class org.owasp.esapi.PropNames

WORKING_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration

Deprecated.
Use same field name, but from org.owasp.esapi.PropNames instead.

write(int) - Method in class org.owasp.esapi.codecs.Base64.OutputStream

Writes the byte to the output stream after converting to/from Base64 notation.

write(byte[], int, int) - Method in class org.owasp.esapi.codecs.Base64.OutputStream

Calls Base64.OutputStream.write(int) repeatedly until len bytes are written.

write(char[], int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

write(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

write(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

write(String, int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

write(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter

write(int) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

write(byte[]) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

write(byte[], int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream

X

XMLEntityCodec - Class in org.owasp.esapi.codecs

Implementation of the Codec interface for XML entity encoding.

XMLEntityCodec() - Constructor for class org.owasp.esapi.codecs.XMLEntityCodec

XmlEsapiPropertyLoader - Class in org.owasp.esapi.configuration

Loader capable of loading single security configuration property from xml configuration file.

XmlEsapiPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.XmlEsapiPropertyLoader

A B C D E F G H I J K L M N O P R S T U V W X