Package org.owasp.esapi.reference.validation

Class BaseValidationRule

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected boolean allowNull  
      protected Encoder encoder  

    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      void assertValid​(java.lang.String context, java.lang.String input)
      Check if the input is valid, throw an Exception otherwise
      static java.util.Set<java.lang.Character> charArrayToSet​(char[] array)
      Convert an array of characters to a Set<Character> (so duplicates are removed).
      Encoder getEncoder()  
      java.lang.Object getSafe​(java.lang.String context, java.lang.String input)
      Try to call getvalid, then call a 'sanitize' method for sanitization (if one exists), finally return a default value.
      java.lang.String getTypeName()
      Programmatically supplied name for the validator
      java.lang.Object getValid​(java.lang.String context, java.lang.String input, ValidationErrorList errorList)
      Get a validated value, add the errors to an existing error list
      boolean isAllowNull()  
      boolean isValid​(java.lang.String context, java.lang.String input)
      protected abstract java.lang.Object sanitize​(java.lang.String context, java.lang.String input)
      The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
      void setAllowNull​(boolean flag)
      Whether or not a valid valid can be null.
      void setEncoder​(Encoder encoder)
      void setTypeName​(java.lang.String typeName)
      java.lang.String whitelist​(java.lang.String input, char[] whitelist)
      String the input of all chars contained in the list
      java.lang.String whitelist​(java.lang.String input, java.util.Set<java.lang.Character> whitelist)
      Removes characters that aren't in the whitelist from the input String.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • allowNull

        protected boolean allowNull

      • encoder

        protected Encoder encoder

    • Constructor Detail

      • BaseValidationRule

        public BaseValidationRule​(java.lang.String typeName)

      • BaseValidationRule

        public BaseValidationRule​(java.lang.String typeName,
                          Encoder encoder)

    • Method Detail

      • setAllowNull

        public void setAllowNull​(boolean flag)
        Whether or not a valid valid can be null. getValid will throw an Exception and {#code getSafe} will return the default value if flag is set to true
        Specified by:
        setAllowNull in interface ValidationRule
        Parameters:
        flag - whether or not null values are valid/safe

      • getTypeName

        public java.lang.String getTypeName()
        Programmatically supplied name for the validator
        Specified by:
        getTypeName in interface ValidationRule
        Returns:
        a name, describing the validator

      • setTypeName

        public final void setTypeName​(java.lang.String typeName)
        Specified by:
        setTypeName in interface ValidationRule
        Parameters:
        typeName - a name, describing the validator

      • setEncoder

        public final void setEncoder​(Encoder encoder)
        Specified by:
        setEncoder in interface ValidationRule
        Parameters:
        encoder - the encoder to use

      • getSafe

        public java.lang.Object getSafe​(java.lang.String context,
                                java.lang.String input)
        Try to call getvalid, then call a 'sanitize' method for sanitization (if one exists), finally return a default value.
        Specified by:
        getSafe in interface ValidationRule

      • sanitize

        protected abstract java.lang.Object sanitize​(java.lang.String context,
                                             java.lang.String input)
        The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value.
        Parameters:
        context -
        input -
        Returns:
        a parsed version of the input or a default value.

      • isValid

        public boolean isValid​(java.lang.String context,
                       java.lang.String input)
        Specified by:
        isValid in interface ValidationRule
        Returns:
        true if the input passes validation

      • whitelist

        public java.lang.String whitelist​(java.lang.String input,
                                  char[] whitelist)
        String the input of all chars contained in the list
        Specified by:
        whitelist in interface ValidationRule

      • whitelist

        public java.lang.String whitelist​(java.lang.String input,
                                  java.util.Set<java.lang.Character> whitelist)
        Removes characters that aren't in the whitelist from the input String. O(input.length) whitelist performance
        Specified by:
        whitelist in interface ValidationRule
        Parameters:
        input - String to be sanitized
        whitelist - allowed characters
        Returns:
        input stripped of all chars that aren't in the whitelist

      • charArrayToSet

        public static java.util.Set<java.lang.Character> charArrayToSet​(char[] array)
        Convert an array of characters to a Set<Character> (so duplicates are removed).
        Parameters:
        array - The character array.
        Returns:
        A Set<Character> of the unique characters from array is returned.

      • isAllowNull

        public boolean isAllowNull()

      • getEncoder

        public Encoder getEncoder()