Class StringValidationRule
- java.lang.Object
-
- org.owasp.esapi.reference.validation.BaseValidationRule
-
- org.owasp.esapi.reference.validation.StringValidationRule
-
- All Implemented Interfaces:
ValidationRule
- Direct Known Subclasses:
HTMLValidationRule
public class StringValidationRule extends BaseValidationRule
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
http://en.wikipedia.org/wiki/Whitelist
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<java.util.regex.Pattern>
blacklistPatterns
protected int
maxLength
protected int
minLength
protected java.util.List<java.util.regex.Pattern>
whitelistPatterns
-
Fields inherited from class org.owasp.esapi.reference.validation.BaseValidationRule
allowNull, encoder
-
-
Constructor Summary
Constructors Constructor Description StringValidationRule(java.lang.String typeName)
StringValidationRule(java.lang.String typeName, Encoder encoder)
StringValidationRule(java.lang.String typeName, Encoder encoder, java.lang.String whitelistPattern)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addBlacklistPattern(java.lang.String pattern)
void
addBlacklistPattern(java.util.regex.Pattern p)
void
addWhitelistPattern(java.lang.String pattern)
void
addWhitelistPattern(java.util.regex.Pattern p)
java.lang.String
getValid(java.lang.String context, java.lang.String input)
Parse the input, throw exceptions if validation failsjava.lang.String
sanitize(java.lang.String context, java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).void
setCanonicalize(boolean canonicalize)
void
setMaximumLength(int length)
void
setMinimumLength(int length)
-
Methods inherited from class org.owasp.esapi.reference.validation.BaseValidationRule
assertValid, charArrayToSet, getEncoder, getSafe, getTypeName, getValid, isAllowNull, isValid, setAllowNull, setEncoder, setTypeName, whitelist, whitelist
-
-
-
-
Constructor Detail
-
StringValidationRule
public StringValidationRule(java.lang.String typeName)
-
StringValidationRule
public StringValidationRule(java.lang.String typeName, Encoder encoder)
-
StringValidationRule
public StringValidationRule(java.lang.String typeName, Encoder encoder, java.lang.String whitelistPattern)
-
-
Method Detail
-
addWhitelistPattern
public void addWhitelistPattern(java.lang.String pattern)
- Throws:
java.lang.IllegalArgumentException
- if pattern is null
-
addWhitelistPattern
public void addWhitelistPattern(java.util.regex.Pattern p)
- Throws:
java.lang.IllegalArgumentException
- if p is null
-
addBlacklistPattern
public void addBlacklistPattern(java.lang.String pattern)
- Throws:
java.lang.IllegalArgumentException
- if pattern is null
-
addBlacklistPattern
public void addBlacklistPattern(java.util.regex.Pattern p)
- Throws:
java.lang.IllegalArgumentException
- if p is null
-
setMinimumLength
public void setMinimumLength(int length)
-
setMaximumLength
public void setMaximumLength(int length)
-
setCanonicalize
public void setCanonicalize(boolean canonicalize)
-
getValid
public java.lang.String getValid(java.lang.String context, java.lang.String input) throws ValidationException
Parse the input, throw exceptions if validation fails- Parameters:
context
- for logginginput
- the value to be parsed- Returns:
- a validated value
- Throws:
ValidationException
- if any validation rules fail, except if theESAPI.properties
> property "Validator.ValidationRule.getValid.ignore509Fix" is set totrue
, which is the default behavior for ESAPI 2.x releases. See ESAPI GitHub Issues 521 for futher details.- See Also:
ValidationRule.getValid(String context, String input, ValidationErrorList errorList)
-
sanitize
public java.lang.String sanitize(java.lang.String context, java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value.- Specified by:
sanitize
in classBaseValidationRule
- Returns:
- a parsed version of the input or a default value.
-
-