org.owasp.esapi.reference.validation

Class StringValidationRule

java.lang.Object

org.owasp.esapi.reference.validation.BaseValidationRule

org.owasp.esapi.reference.validation.StringValidationRule

All Implemented Interfaces:

ValidationRule

Direct Known Subclasses:

HTMLValidationRule

public class StringValidationRule
extends BaseValidationRule

A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

Since:

June 1, 2007

Author:

Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

See Also:

http://en.wikipedia.org/wiki/Whitelist

Field Summary

Fields

Modifier and Type	Field and Description
protected java.util.List<java.util.regex.Pattern>	blacklistPatterns
protected int	maxLength
protected int	minLength
protected boolean	validateInputAndCanonical
protected java.util.List<java.util.regex.Pattern>	whitelistPatterns

Fields inherited from class org.owasp.esapi.reference.validation.BaseValidationRule

allowNull, encoder

Constructor Summary

Constructors

Constructor and Description
StringValidationRule(java.lang.String typeName)
StringValidationRule(java.lang.String typeName, Encoder encoder)
StringValidationRule(java.lang.String typeName, Encoder encoder, java.lang.String whitelistPattern)

Method Summary

Methods

Modifier and Type	Method and Description
void	addBlacklistPattern(java.util.regex.Pattern p)
void	addBlacklistPattern(java.lang.String pattern)
void	addWhitelistPattern(java.util.regex.Pattern p)
void	addWhitelistPattern(java.lang.String pattern)
java.lang.String	getValid(java.lang.String context, java.lang.String input) Parse the input, throw exceptions if validation fails
java.lang.String	sanitize(java.lang.String context, java.lang.String input) The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
void	setMaximumLength(int length)
void	setMinimumLength(int length)
void	setValidateInputAndCanonical(boolean flag) Set the flag which determines whether the in input itself is checked as well as the canonical form of the input.

Methods inherited from class org.owasp.esapi.reference.validation.BaseValidationRule

assertValid, charArrayToSet, getEncoder, getSafe, getTypeName, getValid, isAllowNull, isValid, setAllowNull, setEncoder, setTypeName, whitelist, whitelist

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

whitelistPatterns

protected java.util.List<java.util.regex.Pattern> whitelistPatterns

blacklistPatterns

protected java.util.List<java.util.regex.Pattern> blacklistPatterns

minLength

protected int minLength

maxLength

protected int maxLength

validateInputAndCanonical

protected boolean validateInputAndCanonical

Constructor Detail

StringValidationRule

public StringValidationRule(java.lang.String typeName)

StringValidationRule

public StringValidationRule(java.lang.String typeName,
                    Encoder encoder)

StringValidationRule

public StringValidationRule(java.lang.String typeName,
                    Encoder encoder,
                    java.lang.String whitelistPattern)

Method Detail

addWhitelistPattern

public void addWhitelistPattern(java.lang.String pattern)

Throws:

java.lang.IllegalArgumentException - if pattern is null

addWhitelistPattern

public void addWhitelistPattern(java.util.regex.Pattern p)

Throws:

java.lang.IllegalArgumentException - if p is null

addBlacklistPattern

public void addBlacklistPattern(java.lang.String pattern)

Throws:

java.lang.IllegalArgumentException - if pattern is null

addBlacklistPattern

public void addBlacklistPattern(java.util.regex.Pattern p)

Throws:

java.lang.IllegalArgumentException - if p is null

setMinimumLength

public void setMinimumLength(int length)

setMaximumLength

public void setMaximumLength(int length)

setValidateInputAndCanonical

public void setValidateInputAndCanonical(boolean flag)

Set the flag which determines whether the in input itself is checked as well as the canonical form of the input.

Parameters:

flag - The value to set

getValid

public java.lang.String getValid(java.lang.String context,
                        java.lang.String input)
                          throws ValidationException

Parse the input, throw exceptions if validation fails

Parameters:

context - for logging

input - the value to be parsed

Returns:

a validated value

Throws:

ValidationException - if any validation rules fail

sanitize

public java.lang.String sanitize(java.lang.String context,
                        java.lang.String input)

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value.

Specified by:

sanitize in class BaseValidationRule

Returns:

a parsed version of the input or a default value.