public class DefaultValidator extends Object implements Validator
Validator
interface. This implementation
relies on the ESAPI Encoder
, Pattern
,
Date
,
and several other classes to provide basic validation functions. This library
has a heavy emphasis on allow-list validation and canonicalization.
A Note about Canonicalization:
The behaviors of objects of this class are largely driven by how the
associated Encoder
is created and passed to one of this
class' constructors. Specifically, what Codec
types are referenced by the Encoder
instance
associated with this particular DefaultValidator
instance. In places
where the default Encoder
instance is used, the behavior is driven
by three ESAPI properties as defined in the ESAPI.properties file.
These property names and their default values (as delivered in ESAPI's
"configuration" jar) are as follows:
Encoder.AllowMultipleEncoding=false Encoder.AllowMixedEncoding=false Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodecIn places where canonicalization is checked, multiple encoding (the first property, which refers to encoding in the same manner more than once) or mixed encoding (the second property, which refers to encoding using multiple different encoding mechanisms) are generally considered attacks unless these respective property values are set to "true".
Note that changing any of these three properties may affect the behavior as documented in this class' methods.
Validator
,
Encoder
,
Encoder.canonicalize(String,boolean,boolean)
Constructor and Description |
---|
DefaultValidator()
Default constructor uses the ESAPI standard encoder for canonicalization.
|
DefaultValidator(Encoder encoder)
Construct a new DefaultValidator that will use the specified
Encoder for canonicalization. |
Modifier and Type | Method and Description |
---|---|
void |
addRule(ValidationRule rule)
Add a validation rule to the registry using the "type name" of the rule as the key.
|
void |
assertValidFileUpload(String context,
String directorypath,
String filename,
File parent,
byte[] content,
int maxBytes,
List<String> allowedExtensions,
boolean allowNull)
Validates the
filepath , filename , and content of a file. |
void |
assertValidFileUpload(String context,
String filepath,
String filename,
File parent,
byte[] content,
int maxBytes,
List<String> allowedExtensions,
boolean allowNull,
ValidationErrorList errors)
Validates the
filepath , filename , and content of a file,
any validation exceptions are added to the supplied errorList . |
void |
assertValidHTTPRequestParameterSet(String context,
javax.servlet.http.HttpServletRequest request,
Set<String> required,
Set<String> optional)
Validates that the parameters in the current request contain all required parameters
and only optional ones in addition.
|
void |
assertValidHTTPRequestParameterSet(String context,
javax.servlet.http.HttpServletRequest request,
Set<String> required,
Set<String> optional,
ValidationErrorList errors)
Validates that the parameters in the current request contain all required parameters
and only optional ones in addition,
any validation exceptions are added to the supplied
errorList . |
static Validator |
getInstance() |
URI |
getRfcCompliantURI(String input)
Will return a
URI object that will represent a fully parsed and legal URI
as specified in RFC-3986. |
ValidationRule |
getRule(String name)
Get a validation rule from the registry with the "type name" of the rule as the key.
|
String |
getValidCreditCard(String context,
String input,
boolean allowNull)
Returns a canonicalized and validated credit card number as a String.
|
String |
getValidCreditCard(String context,
String input,
boolean allowNull,
ValidationErrorList errors)
Returns a canonicalized and validated credit card number as a String,
any validation exceptions are added to the supplied
errorList . |
Date |
getValidDate(String context,
String input,
DateFormat format,
boolean allowNull)
Returns a valid date as a
Date . |
Date |
getValidDate(String context,
String input,
DateFormat format,
boolean allowNull,
ValidationErrorList errors)
Returns a valid date as a
Date ,
any validation exceptions are added to the supplied errorList . |
String |
getValidDirectoryPath(String context,
String input,
File parent,
boolean allowNull)
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
|
String |
getValidDirectoryPath(String context,
String input,
File parent,
boolean allowNull,
ValidationErrorList errors)
Returns a canonicalized and validated directory path as a String, provided that the input
maps to an existing directory that is an existing subdirectory (at any level) of the specified parent;
any validation exceptions are added to the supplied
errorList . |
Double |
getValidDouble(String context,
String input,
double minValue,
double maxValue,
boolean allowNull)
Returns a validated real number as a double.
|
Double |
getValidDouble(String context,
String input,
double minValue,
double maxValue,
boolean allowNull,
ValidationErrorList errors)
Returns a validated real number as a double,
any validation exceptions are added to the supplied
errorList . |
byte[] |
getValidFileContent(String context,
byte[] input,
int maxBytes,
boolean allowNull)
Returns validated file content as a byte array.
|
byte[] |
getValidFileContent(String context,
byte[] input,
int maxBytes,
boolean allowNull,
ValidationErrorList errors)
Returns validated file content as a byte array,
any validation exceptions are added to the supplied
errorList . |
String |
getValidFileName(String context,
String input,
List<String> allowedExtensions,
boolean allowNull)
Returns a canonicalized and validated file name as a String.
|
String |
getValidFileName(String context,
String input,
List<String> allowedParameters,
boolean allowNull,
ValidationErrorList errors)
Returns a canonicalized and validated file name as a String,
any validation exceptions are added to the supplied
errorList . |
String |
getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull)
Returns validated canonicalized
input as a String. |
String |
getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
boolean canonicalize)
Returns validated
input as a String with optional canonicalization. |
String |
getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
boolean canonicalize,
ValidationErrorList errors)
Returns validated
input as a String with optional canonicalization,
and adds validation exceptions to the supplied errorList . |
String |
getValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns canonicalized validated
input as a String,
and adds validation exceptions to the supplied errorList . |
Integer |
getValidInteger(String context,
String input,
int minValue,
int maxValue,
boolean allowNull)
Returns a validated integer,
input is a valid integer if it is between minValue and maxValue inclusive. |
Integer |
getValidInteger(String context,
String input,
int minValue,
int maxValue,
boolean allowNull,
ValidationErrorList errors)
Returns a validated integer,
any validation exceptions are added to the supplied
errorList . |
String |
getValidListItem(String context,
String input,
List<String> list)
Returns the list item that exactly matches the canonicalized input.
|
String |
getValidListItem(String context,
String input,
List<String> list,
ValidationErrorList errors)
Returns the list item that exactly matches the canonicalized input,
any validation exceptions are added to the supplied
errorList . |
Double |
getValidNumber(String context,
String input,
long minValue,
long maxValue,
boolean allowNull)
Returns a validated number as a double within the range of minValue to maxValue.
|
Double |
getValidNumber(String context,
String input,
long minValue,
long maxValue,
boolean allowNull,
ValidationErrorList errors)
Returns a validated number as a double within the range of minValue to maxValue,
any validation exceptions are added to the supplied
errorList . |
char[] |
getValidPrintable(String context,
char[] input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a byte array.
|
char[] |
getValidPrintable(String context,
char[] input,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns canonicalized and validated printable characters as a byte array,
any validation exceptions are added to the supplied
errorList . |
String |
getValidPrintable(String context,
String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated printable characters as a String.
|
String |
getValidPrintable(String context,
String input,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns canonicalized and validated printable characters as a String,
any validation exceptions are added to the supplied
errorList . |
String |
getValidRedirectLocation(String context,
String input,
boolean allowNull)
Returns a canonicalized and validated redirect location as a String.
|
String |
getValidRedirectLocation(String context,
String input,
boolean allowNull,
ValidationErrorList errors)
Returns a canonicalized and validated redirect location as a String,
any validation exceptions are added to the supplied
errorList . |
String |
getValidSafeHTML(String context,
String input,
int maxLength,
boolean allowNull)
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
|
String |
getValidSafeHTML(String context,
String input,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else,
any validation exceptions are added to the supplied
errorList . |
boolean |
isValidCreditCard(String context,
String input,
boolean allowNull)
Returns true if
input matches the pattern for a valid credit card number. |
boolean |
isValidCreditCard(String context,
String input,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input matches the pattern for a valid credit card number,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidDate(String context,
String input,
DateFormat format,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidDate(String context,
String input,
DateFormat format,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidDirectoryPath(String context,
String input,
File parent,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidDirectoryPath(String context,
String input,
File parent,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidDouble(String context,
String input,
double minValue,
double maxValue,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidDouble(String context,
String input,
double minValue,
double maxValue,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidFileContent(String context,
byte[] input,
int maxBytes,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidFileContent(String context,
byte[] input,
int maxBytes,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidFileName(String context,
String input,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidFileName(String context,
String input,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidFileName(String context,
String input,
List<String> allowedExtensions,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidFileName(String context,
String input,
List<String> allowedExtensions,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidFileUpload(String context,
String directorypath,
String filename,
File parent,
byte[] content,
int maxBytes,
boolean allowNull)
Returns true if
filepath , filename , and content of a file are valid. |
boolean |
isValidFileUpload(String context,
String directorypath,
String filename,
File parent,
byte[] content,
int maxBytes,
boolean allowNull,
ValidationErrorList errors)
Returns true if
filepath , filename , and content of a file are valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidHTTPRequestParameterSet(String context,
javax.servlet.http.HttpServletRequest request,
Set<String> requiredNames,
Set<String> optionalNames)
Returns true if only required and optional parameters are in the request.
|
boolean |
isValidHTTPRequestParameterSet(String context,
javax.servlet.http.HttpServletRequest request,
Set<String> requiredNames,
Set<String> optionalNames,
ValidationErrorList errors)
Returns true if only required and optional parameters are in the request,
any validation exceptions are added to the supplied
errorList . |
boolean |
isValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull)
Returns true if canonicalized input is valid.
|
boolean |
isValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
boolean canonicalize)
Returns true if
input is valid. |
boolean |
isValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
boolean canonicalize,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidInput(String context,
String input,
String type,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns true if canonicalized input is valid,
any validation exceptions are added to the supplied
errorList . |
boolean |
isValidInteger(String context,
String input,
int minValue,
int maxValue,
boolean allowNull)
Returns true if
input is a valid integer between minValue and maxValue inclusive. |
boolean |
isValidInteger(String context,
String input,
int minValue,
int maxValue,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is a valid integer between minValue and maxValue inclusive,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidListItem(String context,
String input,
List<String> list)
Returns true if
input is valid. |
boolean |
isValidListItem(String context,
String input,
List<String> list,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidNumber(String context,
String input,
long minValue,
long maxValue,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidNumber(String context,
String input,
long minValue,
long maxValue,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidPrintable(String context,
char[] input,
int maxLength,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidPrintable(String context,
char[] input,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidPrintable(String context,
String input,
int maxLength,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidPrintable(String context,
String input,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidRedirectLocation(String context,
String input,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidRedirectLocation(String context,
String input,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidSafeHTML(String context,
String input,
int maxLength,
boolean allowNull)
Returns true if
input is valid. |
boolean |
isValidSafeHTML(String context,
String input,
int maxLength,
boolean allowNull,
ValidationErrorList errors)
Returns true if
input is valid,
any validation exceptions are added to the supplied errorList . |
boolean |
isValidURI(String context,
String input,
boolean allowNull)
Parses and ensures that the URI in question is a valid RFC-3986 URI.
|
String |
safeReadLine(InputStream in,
int max)
Reads from an input stream until end-of-line or a maximum number of
characters.
|
public DefaultValidator()
Encoder
created based on the Codec
s
specified by the value of the Encoder.DefaultCodecList
ESAPI
property as defined in your ESAPI.properties file.public DefaultValidator(Encoder encoder)
Encoder
for canonicalization.encoder
- The specially constructed ESAPI Encoder
instance
that uses a custom list of Codec
s for
canonicalization purposes. See
Encoder.canonicalize(String,boolean,boolean)
for an example of how to create a custom Encoder
.public static Validator getInstance()
public void addRule(ValidationRule rule)
public ValidationRule getRule(String name)
public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException
Calls Validator.getValidInput(String, String, String, int, boolean, boolean)
with canonicalize=true
and returns true if no exceptions are thrown.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
isValidInput
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors)
errorList
.
Calls Validator.getValidInput(String, String, String, int, boolean, boolean)
with canonicalize=true
and returns true if no exceptions are thrown.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
isValidInput
in interface Validator
public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize)
input
is valid.
Calls Validator.getValidInput(String, String, String, int, boolean, boolean)
and returns true if no exceptions are thrown.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
This implementation does not throw IntrusionException
.
isValidInput
in interface Validator
public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidInput(String, String, String, int, boolean, boolean)
and returns true if no exceptions are thrown.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
isValidInput
in interface Validator
IntrusionException
- Input likely indicates an attack.public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException
input
as a String.
Calls Validator.getValidInput(String, String, String, int, boolean, boolean)
with canonicalize=true
.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
getValidInput
in interface Validator
ValidationException
- Input is invalid.public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException
input
as a String with optional canonicalization.
Invalid input will generate a descriptive ValidationException, and input that is clearly an attack will generate a descriptive IntrusionException.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
getValidInput
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.type
- The regular expression name which maps to the actual regular expression from "ESAPI.properties".maxLength
- The maximum post-canonicalized String length allowed.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.canonicalize
- If canonicalize is true then input will be canonicalized before validation.ValidationException
- Input is invalid.public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
as a String,
and adds validation exceptions to the supplied errorList
.
Calls Validator.getValidInput(String, String, String, int, boolean, boolean)
.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
getValidInput
in interface Validator
IntrusionException
- Input likely indicates an attack.public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException
input
as a String with optional canonicalization,
and adds validation exceptions to the supplied errorList
.
Returns the result of calling Validator.getValidInput(String, String, String, int, boolean, boolean)
with canonicalize=true
.
Double encoding is treated as an attack.
The canonicalization behavior is controlled by the instance's associated ESAPI
Encoder
and generally driven through the ESAPI property
Encoder.DefaultCodecList
specified in the ESAPI.properties
file. See the class level documentation section "A Note about Canonicalization"
for additional details.
getValidInput
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull)
input
is valid.
Calls Validator.getValidDate(String, String, DateFormat, boolean)
,
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidDate
in interface Validator
public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidDate(String, String, DateFormat, boolean)
and returns true if no exceptions are thrown.
isValidDate
in interface Validator
IntrusionException
- Input likely indicates an attack.public Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException
Date
.
Invalid input will generate a descriptive ValidationException, and input that is clearly an attack will generate a descriptive IntrusionException.
getValidDate
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.format
- Required formatting of date inputted.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.Date
ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException
Date
,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidDate(String, String, DateFormat, boolean)
.
getValidDate
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull)
input
is valid.
Calls Validator.getValidSafeHTML(String, String, int, boolean)
,
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidSafeHTML
in interface Validator
public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidSafeHTML(String, String, int, boolean)
and returns true if no exceptions are thrown.
isValidSafeHTML
in interface Validator
IntrusionException
- Input likely indicates an attack.public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException
The default behavior of this check depends on the antisamy-esapi.xml
configuration.
Implementors should reference the OWASP AntiSamy project for ideas
on how to do HTML validation in a whitelist way, as this is an extremely difficult problem.
This implementation relies on the OWASP AntiSamy project.
getValidSafeHTML
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.maxLength
- The maximum String length allowed.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
The default behavior of this check depends on the antisamy-esapi.xml
configuration.
Implementors should reference the OWASP AntiSamy project for ideas
on how to do HTML validation in a whitelist way, as this is an extremely difficult problem.
Calls Validator.getValidSafeHTML(String, String, int, boolean)
.
getValidSafeHTML
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidCreditCard(String context, String input, boolean allowNull)
input
matches the pattern for a valid credit card number.
Calls Validator.getValidCreditCard(String, String, boolean)
,
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidCreditCard
in interface Validator
public boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
matches the pattern for a valid credit card number,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidCreditCard(String, String, boolean)
and returns true if no exceptions are thrown.
isValidCreditCard
in interface Validator
IntrusionException
- Input likely indicates an attack.public String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException
Invalid input will generate a descriptive ValidationException, and input that is clearly an attack will generate a descriptive IntrusionException.
getValidCreditCard
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual user input data to validate.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidCreditCard(String, String, boolean)
.
getValidCreditCard
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull)
input
is valid.
Calls Validator.getValidDirectoryPath(String, String, File, boolean)
,
and returns true if no exceptions are thrown.
Note: On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real path (/private/etc), not the symlink (/etc).
This implementation does not throw IntrusionException
.
isValidDirectoryPath
in interface Validator
public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidDirectoryPath(String, String, File, boolean)
and returns true if no exceptions are thrown.
Note: On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real path (/private/etc), not the symlink (/etc).
isValidDirectoryPath
in interface Validator
IntrusionException
- Input likely indicates an attack.public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException
Invalid input will generate a descriptive ValidationException, and input that is clearly an attack will generate a descriptive IntrusionException.
Note: On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real path (/private/etc), not the symlink (/etc).
getValidDirectoryPath
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidDirectoryPath(String, String, File, boolean)
.
Note: On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real path (/private/etc), not the symlink (/etc).
getValidDirectoryPath
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException
input
is valid.
Calls Validator.getValidFileName(String, String, List, boolean)
with allowedExtensions set to the configured ESAPI.securityConfiguration().getAllowedFileExtensions()
and returns true if no exceptions are thrown.
isValidFileName
in interface Validator
IntrusionException
- Input likely indicates an attack.ESAPI.securityConfiguration()
,
SecurityConfiguration.getAllowedFileExtensions()
public boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidFileName(String, String, List, boolean)
with allowedExtensions set to the configured ESAPI.securityConfiguration().getAllowedFileExtensions()
and returns true if no exceptions are thrown.
isValidFileName
in interface Validator
IntrusionException
- Input likely indicates an attack.ESAPI.securityConfiguration()
,
SecurityConfiguration.getAllowedFileExtensions()
public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull)
input
is valid.
Calls Validator.getValidFileName(String, String, List, boolean)
,
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidFileName
in interface Validator
ESAPI.securityConfiguration()
,
SecurityConfiguration.getAllowedFileExtensions()
public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidFileName(String, String, List, boolean)
and returns true if no exceptions are thrown.
isValidFileName
in interface Validator
IntrusionException
- Input likely indicates an attack.ESAPI.securityConfiguration()
,
SecurityConfiguration.getAllowedFileExtensions()
public String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException
getValidFileName
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.allowedExtensions
- List of file extensions which will be accepted.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public String getValidFileName(String context, String input, List<String> allowedParameters, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidFileName(String, String, List, boolean)
,
the supplied errorList
is used to capture ValidationExceptions.
getValidFileName
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull)
input
is valid.
Calls Validator.getValidNumber(String, String, long, long, boolean)
,
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidNumber
in interface Validator
public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidNumber(String, String, long, long, boolean)
and returns true if no exceptions are thrown.
isValidNumber
in interface Validator
IntrusionException
- Input likely indicates an attack.public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException
getValidNumber
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.minValue
- Lowest legal value for input.maxValue
- Highest legal value for input.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidNumber(String, String, long, long, boolean)
.
getValidNumber
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull)
input
is valid.
Calls Validator.getValidDouble(String, String, double, double, boolean)
,
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidDouble
in interface Validator
public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidDouble(String, String, double, double, boolean)
and returns true if no exceptions are thrown.
isValidDouble
in interface Validator
IntrusionException
- Input likely indicates an attack.public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException
getValidDouble
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.minValue
- Lowest legal value for input.maxValue
- Highest legal value for input.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidDouble(String, String, double, double, boolean)
,
the supplied errorList
is used to capture ValidationExceptions.
getValidDouble
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException
input
is a valid integer between minValue
and maxValue
inclusive.
Calls Validator.getValidInteger(String, String, int, int, boolean)
,
and returns true if no exceptions are thrown.
isValidInteger
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is a valid integer between minValue
and maxValue
inclusive,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidInteger(String, String, int, int, boolean)
and returns true if no exceptions are thrown.
isValidInteger
in interface Validator
IntrusionException
- Input likely indicates an attack.public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException
input
is a valid integer if it is between minValue
and maxValue
inclusive.
Invalid input will generate a descriptive ValidationException,
and input that is clearly an attack will generate a descriptive IntrusionException.getValidInteger
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.minValue
- Lowest legal value for input.maxValue
- Highest legal value for input.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidInteger(String, String, int, int, boolean)
.
getValidInteger
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull)
input
is valid.
Calls Validator.getValidFileContent(String, byte[], int, boolean)
,
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidFileContent
in interface Validator
public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidFileContent(String, byte[], int, boolean)
and returns true if no exceptions are thrown.
isValidFileContent
in interface Validator
IntrusionException
- Input likely indicates an attack.public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException
getValidFileContent
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- The actual input data to validate.maxBytes
- The maximum number of bytes allowed in a legal file.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidFileContent(String, byte[], int, boolean)
,
the supplied errorList
is used to capture ValidationExceptions.
getValidFileContent
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException
filepath
, filename
, and content
of a file are valid.
Calls Validator.isValidFileName(String, String, boolean)
,
Validator.isValidDirectoryPath(String, String, File, boolean)
,
and Validator.isValidFileContent(String, byte[], int, boolean)
,
and returns true if all three checks pass.
Note: On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real path (/private/etc), not the symlink (/etc).
isValidFileUpload
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException
filepath
, filename
, and content
of a file are valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.isValidFileName(String, String, boolean, ValidationErrorList)
Validator.isValidDirectoryPath(String, String, File, boolean, ValidationErrorList)
and Validator.isValidFileContent(String, byte[], int, boolean, ValidationErrorList)
,
and returns true if all three checks pass.
Note: On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real path (/private/etc), not the symlink (/etc).
isValidFileUpload
in interface Validator
IntrusionException
- Input likely indicates an attack.public void assertValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException
filepath
, filename
, and content
of a file.
Invalid input will generate a descriptive ValidationException,
and input that is clearly an attack will generate a descriptive IntrusionException.assertValidFileUpload
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.directorypath
- The file path of the uploaded file.filename
- The filename of the uploaded filecontent
- A byte array containing the content of the uploaded file.maxBytes
- The max number of bytes allowed for a legal file upload.allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors) throws IntrusionException
filepath
, filename
, and content
of a file,
any validation exceptions are added to the supplied errorList
.
Calls Validator.assertValidFileUpload(String, String, String, File, byte[], int, List, boolean)
,
the supplied errorList
is used to capture ValidationExceptions.
assertValidFileUpload
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidListItem(String context, String input, List<String> list)
input
is valid.
Calls Validator.getValidListItem(String, String, List)
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidListItem
in interface Validator
public boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errors)
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidListItem(String, String, List)
and returns true if no exceptions are thrown.
isValidListItem
in interface Validator
public String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException
getValidListItem
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.input
- The value to search 'list' for.list
- The list to search for 'input'.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public String getValidListItem(String context, String input, List<String> list, ValidationErrorList errors) throws IntrusionException
errorList
.
getValidListItem
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidHTTPRequestParameterSet(String context, javax.servlet.http.HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames)
Calls Validator.assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set, Set)
and returns true if no exceptions are thrown.
This implementation does not throw IntrusionException
.
isValidHTTPRequestParameterSet
in interface Validator
public boolean isValidHTTPRequestParameterSet(String context, javax.servlet.http.HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames, ValidationErrorList errors)
errorList
.
Calls Validator.assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set, Set)
and returns true if no exceptions are thrown.
isValidHTTPRequestParameterSet
in interface Validator
public void assertValidHTTPRequestParameterSet(String context, javax.servlet.http.HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException
assertValidHTTPRequestParameterSet
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.required
- parameters that are required to be in HTTP requestoptional
- additional parameters that may be in HTTP requestValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public void assertValidHTTPRequestParameterSet(String context, javax.servlet.http.HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set, Set)
.
assertValidHTTPRequestParameterSet
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull)
input
is valid.
Calls Validator.getValidPrintable(String, char[], int, boolean)
and returns true if no exceptions are thrown.
Checks that all bytes are valid ASCII characters (between 33 and 126 inclusive). This implementation does no decoding.
This implementation does not throw IntrusionException
.
isValidPrintable
in interface Validator
public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidPrintable(String, char[], int, boolean)
and returns true if no exceptions are thrown.
Checks that all bytes are valid ASCII characters (between 33 and 126 inclusive). This implementation does no decoding.
isValidPrintable
in interface Validator
IntrusionException
- Input likely indicates an attack.public char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException
Input is valid if it only contains printable ASCII characters (33-126 inclusive).
getValidPrintable
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- data to be returned as valid and printablemaxLength
- Maximum number of bytes stored in 'input'allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
public char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidPrintable(String, char[], int, boolean)
.
Input is valid if it only contains printable ASCII characters (33-126 inclusive).
getValidPrintable
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull)
input
is valid.
Calls Validator.getValidPrintable(String, String, int, boolean)
and returns true if no exceptions are thrown.
Returns true if input is valid printable ASCII characters (33-126 inclusive).
This implementation does not throw IntrusionException
.
isValidPrintable
in interface Validator
public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidPrintable(String, String, int, boolean)
and returns true if no exceptions are thrown.
Returns true if input is valid printable ASCII characters (33-126 inclusive).
isValidPrintable
in interface Validator
IntrusionException
- Input likely indicates an attack.public String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException
Input is valid if it only contains printable ASCII characters (33-126 inclusive).
getValidPrintable
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- data to be returned as valid and printablemaxLength
- Maximum number of bytes stored in 'input' after canonicalizationallowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.public String getValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidPrintable(String, String, int, boolean)
.
Input is valid if it only contains printable ASCII characters (33-126 inclusive).
getValidPrintable
in interface Validator
IntrusionException
- Input likely indicates an attack.public boolean isValidRedirectLocation(String context, String input, boolean allowNull) throws IntrusionException
input
is valid.
Calls Validator.getValidRedirectLocation(String, String, boolean)
and returns true if no exceptions are thrown.
isValidRedirectLocation
in interface Validator
IntrusionException
public boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException
input
is valid,
any validation exceptions are added to the supplied errorList
.
Calls Validator.getValidRedirectLocation(String, String, boolean)
and returns true if no exceptions are thrown.
isValidRedirectLocation
in interface Validator
IntrusionException
public String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException
getValidRedirectLocation
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.ValidationException
- Input is invalid.IntrusionException
- Input likely indicates an attack.public String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException
errorList
.
Calls Validator.getValidRedirectLocation(String, String, boolean)
.
getValidRedirectLocation
in interface Validator
IntrusionException
- Input likely indicates an attack.public String safeReadLine(InputStream in, int max) throws ValidationException
This implementation reads until a newline or the specified number of characters.
safeReadLine
in interface Validator
in
- The InputStream from which to read datamax
- Maximum characters allowed to be read in per lineValidationException
- Input is invalid.public boolean isValidURI(String context, String input, boolean allowNull)
isValidURI
in interface Validator
context
- A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
This value is used by any logging or error handling that is done with respect to the value passed in.input
- redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"allowNull
- If allowNull
is true then an input that is NULL or an empty string will be legal.
If allowNull
is false then NULL or an empty String will throw a ValidationException.public URI getRfcCompliantURI(String input)
URI
object that will represent a fully parsed and legal URI
as specified in RFC-3986.getRfcCompliantURI
in interface Validator
input
- Stringnull
if the URI was non-compliant in some way.Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.