org.owasp.esapi.reference.validation
Class BaseValidationRule

java.lang.Object
  org.owasp.esapi.reference.validation.BaseValidationRule

All Implemented Interfaces:

ValidationRule

Direct Known Subclasses:

CreditCardValidationRule, DateValidationRule, IntegerValidationRule, NumberValidationRule, StringValidationRule

public abstract class BaseValidationRule
extends Object
implements ValidationRule

A ValidationRule performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

Since:

June 1, 2007

Author:

Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

See Also:

Validator

Field Summary

protected boolean	allowNull
protected Encoder	encoder

Constructor Summary

BaseValidationRule(String typeName)

BaseValidationRule(String typeName, Encoder encoder)

Method Summary

void	assertValid(String context, String input) Check if the input is valid, throw an Exception otherwise
static Set<Character>	charArrayToSet(char[] array) Convert an array of characters to a Set<Character> (so duplicates are removed).
Encoder	getEncoder()
Object	getSafe(String context, String input) Try to call get valid, then call sanitize, finally return a default value
String	getTypeName() Programmatically supplied name for the validator
Object	getValid(String context, String input, ValidationErrorList errorList) Get a validated value, add the errors to an existing error list
boolean	isAllowNull()
boolean	isValid(String context, String input)
protected abstract Object	sanitize(String context, String input) The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
void	setAllowNull(boolean flag) Whether or not a valid valid can be null.
void	setEncoder(Encoder encoder)
void	setTypeName(String typeName)
String	whitelist(String input, char[] whitelist) String the input of all chars contained in the list
String	whitelist(String input, Set<Character> whitelist) Removes characters that aren't in the whitelist from the input String.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.owasp.esapi.ValidationRule

getValid

Field Detail

allowNull

protected boolean allowNull

encoder

protected Encoder encoder

Constructor Detail

BaseValidationRule

public BaseValidationRule(String typeName)

BaseValidationRule

public BaseValidationRule(String typeName,
                          Encoder encoder)

Method Detail

setAllowNull

public void setAllowNull(boolean flag)

Whether or not a valid valid can be null. getValid will throw an Exception and getSafe will return the default value if flag is set to true

Specified by:

setAllowNull in interface ValidationRule

Parameters:

flag - whether or not null values are valid/safe

getTypeName

public String getTypeName()

Programmatically supplied name for the validator

Specified by:

getTypeName in interface ValidationRule

Returns:

a name, describing the validator

setTypeName

public final void setTypeName(String typeName)

Specified by:

setTypeName in interface ValidationRule

Parameters:

typeName - a name, describing the validator

setEncoder

public final void setEncoder(Encoder encoder)

Specified by:

setEncoder in interface ValidationRule

Parameters:

encoder - the encoder to use

assertValid

public void assertValid(String context,
                        String input)
                 throws ValidationException

Check if the input is valid, throw an Exception otherwise

Specified by:

assertValid in interface ValidationRule

Throws:

ValidationException

getValid

public Object getValid(String context,
                       String input,
                       ValidationErrorList errorList)
                throws ValidationException

Get a validated value, add the errors to an existing error list

Specified by:

getValid in interface ValidationRule

Throws:

ValidationException

getSafe

public Object getSafe(String context,
                      String input)

Try to call get valid, then call sanitize, finally return a default value

Specified by:

getSafe in interface ValidationRule

sanitize

protected abstract Object sanitize(String context,
                                   String input)

The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value.

Parameters:

context -

input -

Returns:

a parsed version of the input or a default value.

isValid

public boolean isValid(String context,
                       String input)

Specified by:

isValid in interface ValidationRule

Returns:

true if the input passes validation

whitelist

public String whitelist(String input,
                        char[] whitelist)

String the input of all chars contained in the list

Specified by:

whitelist in interface ValidationRule

whitelist

public String whitelist(String input,
                        Set<Character> whitelist)

Removes characters that aren't in the whitelist from the input String. O(input.length) whitelist performance

Specified by:

whitelist in interface ValidationRule

Parameters:

input - String to be sanitized

whitelist - allowed characters

Returns:

input stripped of all chars that aren't in the whitelist

charArrayToSet

public static Set<Character> charArrayToSet(char[] array)

Convert an array of characters to a Set<Character> (so duplicates are removed).

Parameters:

array - The character array.

Returns:

A Set<Character> of the unique characters from array is returned.

isAllowNull

public boolean isAllowNull()

getEncoder

public Encoder getEncoder()