Class BaseValidationRule
- java.lang.Object
-
- org.owasp.esapi.reference.validation.BaseValidationRule
-
- All Implemented Interfaces:
ValidationRule
- Direct Known Subclasses:
CreditCardValidationRule
,DateValidationRule
,IntegerValidationRule
,NumberValidationRule
,StringValidationRule
public abstract class BaseValidationRule extends java.lang.Object implements ValidationRule
A ValidationRule performs syntax and possibly semantic validation of a single piece of data from an untrusted source.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
Validator
-
-
Constructor Summary
Constructors Constructor Description BaseValidationRule(java.lang.String typeName)
BaseValidationRule(java.lang.String typeName, Encoder encoder)
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description void
assertValid(java.lang.String context, java.lang.String input)
Check if the input is valid, throw an Exception otherwisestatic java.util.Set<java.lang.Character>
charArrayToSet(char[] array)
Convert an array of characters to aSet<Character>
(so duplicates are removed).Encoder
getEncoder()
java.lang.Object
getSafe(java.lang.String context, java.lang.String input)
Try to callgetvalid
, then call a 'sanitize' method for sanitization (if one exists), finally return a default value.java.lang.String
getTypeName()
Programmatically supplied name for the validatorjava.lang.Object
getValid(java.lang.String context, java.lang.String input, ValidationErrorList errorList)
Get a validated value, add the errors to an existing error listboolean
isAllowNull()
boolean
isValid(java.lang.String context, java.lang.String input)
protected abstract java.lang.Object
sanitize(java.lang.String context, java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).void
setAllowNull(boolean flag)
Whether or not a valid valid can be null.void
setEncoder(Encoder encoder)
void
setTypeName(java.lang.String typeName)
java.lang.String
whitelist(java.lang.String input, char[] whitelist)
String the input of all chars contained in the listjava.lang.String
whitelist(java.lang.String input, java.util.Set<java.lang.Character> whitelist)
Removes characters that aren't in the whitelist from the input String.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.owasp.esapi.ValidationRule
getValid
-
-
-
-
Field Detail
-
allowNull
protected boolean allowNull
-
encoder
protected Encoder encoder
-
-
Constructor Detail
-
BaseValidationRule
public BaseValidationRule(java.lang.String typeName)
-
BaseValidationRule
public BaseValidationRule(java.lang.String typeName, Encoder encoder)
-
-
Method Detail
-
setAllowNull
public void setAllowNull(boolean flag)
Whether or not a valid valid can be null.getValid
will throw an Exception and {#code getSafe} will return the default value if flag is set to true- Specified by:
setAllowNull
in interfaceValidationRule
- Parameters:
flag
- whether or not null values are valid/safe
-
getTypeName
public java.lang.String getTypeName()
Programmatically supplied name for the validator- Specified by:
getTypeName
in interfaceValidationRule
- Returns:
- a name, describing the validator
-
setTypeName
public final void setTypeName(java.lang.String typeName)
- Specified by:
setTypeName
in interfaceValidationRule
- Parameters:
typeName
- a name, describing the validator
-
setEncoder
public final void setEncoder(Encoder encoder)
- Specified by:
setEncoder
in interfaceValidationRule
- Parameters:
encoder
- the encoder to use
-
assertValid
public void assertValid(java.lang.String context, java.lang.String input) throws ValidationException
Check if the input is valid, throw an Exception otherwise- Specified by:
assertValid
in interfaceValidationRule
- Throws:
ValidationException
-
getValid
public java.lang.Object getValid(java.lang.String context, java.lang.String input, ValidationErrorList errorList) throws ValidationException
Get a validated value, add the errors to an existing error list- Specified by:
getValid
in interfaceValidationRule
- Throws:
ValidationException
-
getSafe
public java.lang.Object getSafe(java.lang.String context, java.lang.String input)
Try to callgetvalid
, then call a 'sanitize' method for sanitization (if one exists), finally return a default value.- Specified by:
getSafe
in interfaceValidationRule
-
sanitize
protected abstract java.lang.Object sanitize(java.lang.String context, java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value.- Parameters:
context
-input
-- Returns:
- a parsed version of the input or a default value.
-
isValid
public boolean isValid(java.lang.String context, java.lang.String input)
- Specified by:
isValid
in interfaceValidationRule
- Returns:
- true if the input passes validation
-
whitelist
public java.lang.String whitelist(java.lang.String input, char[] whitelist)
String the input of all chars contained in the list- Specified by:
whitelist
in interfaceValidationRule
-
whitelist
public java.lang.String whitelist(java.lang.String input, java.util.Set<java.lang.Character> whitelist)
Removes characters that aren't in the whitelist from the input String. O(input.length) whitelist performance- Specified by:
whitelist
in interfaceValidationRule
- Parameters:
input
- String to be sanitizedwhitelist
- allowed characters- Returns:
- input stripped of all chars that aren't in the whitelist
-
charArrayToSet
public static java.util.Set<java.lang.Character> charArrayToSet(char[] array)
Convert an array of characters to aSet<Character>
(so duplicates are removed).- Parameters:
array
- The character array.- Returns:
- A
Set<Character>
of the unique characters fromarray
is returned.
-
isAllowNull
public boolean isAllowNull()
-
getEncoder
public Encoder getEncoder()
-
-