Class StringValidationRule
- java.lang.Object
-
- org.owasp.esapi.reference.validation.BaseValidationRule
-
- org.owasp.esapi.reference.validation.StringValidationRule
-
- All Implemented Interfaces:
ValidationRule
- Direct Known Subclasses:
HTMLValidationRule
public class StringValidationRule extends BaseValidationRule
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
http://en.wikipedia.org/wiki/Whitelist
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<java.util.regex.Pattern>
blacklistPatterns
protected int
maxLength
protected int
minLength
protected boolean
validateInputAndCanonical
protected java.util.List<java.util.regex.Pattern>
whitelistPatterns
-
Fields inherited from class org.owasp.esapi.reference.validation.BaseValidationRule
allowNull, encoder
-
-
Constructor Summary
Constructors Constructor Description StringValidationRule(java.lang.String typeName)
StringValidationRule(java.lang.String typeName, Encoder encoder)
StringValidationRule(java.lang.String typeName, Encoder encoder, java.lang.String whitelistPattern)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addBlacklistPattern(java.lang.String pattern)
void
addBlacklistPattern(java.util.regex.Pattern p)
void
addWhitelistPattern(java.lang.String pattern)
void
addWhitelistPattern(java.util.regex.Pattern p)
java.lang.String
getValid(java.lang.String context, java.lang.String input)
Parse the input, throw exceptions if validation failsjava.lang.String
sanitize(java.lang.String context, java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).void
setMaximumLength(int length)
void
setMinimumLength(int length)
void
setValidateInputAndCanonical(boolean flag)
Set the flag which determines whether the in input itself is checked as well as the canonical form of the input.-
Methods inherited from class org.owasp.esapi.reference.validation.BaseValidationRule
assertValid, charArrayToSet, getEncoder, getSafe, getTypeName, getValid, isAllowNull, isValid, setAllowNull, setEncoder, setTypeName, whitelist, whitelist
-
-
-
-
Field Detail
-
whitelistPatterns
protected java.util.List<java.util.regex.Pattern> whitelistPatterns
-
blacklistPatterns
protected java.util.List<java.util.regex.Pattern> blacklistPatterns
-
minLength
protected int minLength
-
maxLength
protected int maxLength
-
validateInputAndCanonical
protected boolean validateInputAndCanonical
-
-
Constructor Detail
-
StringValidationRule
public StringValidationRule(java.lang.String typeName)
-
StringValidationRule
public StringValidationRule(java.lang.String typeName, Encoder encoder)
-
StringValidationRule
public StringValidationRule(java.lang.String typeName, Encoder encoder, java.lang.String whitelistPattern)
-
-
Method Detail
-
addWhitelistPattern
public void addWhitelistPattern(java.lang.String pattern)
- Throws:
java.lang.IllegalArgumentException
- if pattern is null
-
addWhitelistPattern
public void addWhitelistPattern(java.util.regex.Pattern p)
- Throws:
java.lang.IllegalArgumentException
- if p is null
-
addBlacklistPattern
public void addBlacklistPattern(java.lang.String pattern)
- Throws:
java.lang.IllegalArgumentException
- if pattern is null
-
addBlacklistPattern
public void addBlacklistPattern(java.util.regex.Pattern p)
- Throws:
java.lang.IllegalArgumentException
- if p is null
-
setMinimumLength
public void setMinimumLength(int length)
-
setMaximumLength
public void setMaximumLength(int length)
-
setValidateInputAndCanonical
public void setValidateInputAndCanonical(boolean flag)
Set the flag which determines whether the in input itself is checked as well as the canonical form of the input.- Parameters:
flag
- The value to set
-
getValid
public java.lang.String getValid(java.lang.String context, java.lang.String input) throws ValidationException
Parse the input, throw exceptions if validation fails- Parameters:
context
- for logginginput
- the value to be parsed- Returns:
- a validated value
- Throws:
ValidationException
- if any validation rules fail
-
sanitize
public java.lang.String sanitize(java.lang.String context, java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value.- Specified by:
sanitize
in classBaseValidationRule
- Returns:
- a parsed version of the input or a default value.
-
-