Package | Description |
---|---|
org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
org.owasp.esapi.codecs |
This package contains codecs for application layer encoding/escaping schemes that can be used for
both canonicalization and output encoding.
|
org.owasp.esapi.logging.cleaning | |
org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
Modifier and Type | Method and Description |
---|---|
String |
Encoder.encodeForOS(Codec codec,
String input)
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
|
String |
Encoder.encodeForSQL(Codec codec,
String input)
Encode input for use in a SQL query, according to the selected codec
(appropriate codecs include the MySQLCodec and OracleCodec).
|
ExecuteResult |
Executor.executeSystemCommand(File executable,
List params,
File workdir,
Codec codec,
boolean logParams,
boolean redirectErrorStream)
Executes a system command after checking that the executable exists and
escaping all the parameters to ensure that injection is impossible.
|
void |
PreparedString.set(int index,
String value,
Codec codec)
Set the parameter at index with supplied value using the supplied Codec to escape.
|
Constructor and Description |
---|
PreparedString(String template,
char parameterCharacter,
Codec codec)
Create a PreparedString with the supplied template, parameter placeholder character, and Codec.
|
PreparedString(String template,
Codec codec)
Create a PreparedString with the supplied template and Codec.
|
Modifier and Type | Class and Description |
---|---|
class |
AbstractCharacterCodec
This abstract Impl is broken off from the original
Codec class and
provides the Character parsing logic that has been with ESAPI from the beginning. |
class |
AbstractCodec<T>
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
such as HTML entity encoding and percent encoding (aka URL encoding).
|
class |
AbstractIntegerCodec
This class is intended to be an alternative Abstract Implementation for parsing encoding
data by focusing on
int as opposed to Character . |
class |
CSSCodec
Implementation of the Codec interface for backslash encoding used in CSS.
|
class |
DB2Codec
Implementation of the Codec interface for DB2 strings.
|
class |
HTMLEntityCodec
Implementation of the Codec interface for HTML entity encoding.
|
class |
JavaScriptCodec
Implementation of the Codec interface for backslash encoding in JavaScript.
|
class |
LegacyHTMLEntityCodec
Deprecated.
|
class |
MySQLCodec
Codec implementation which can be used to escape string literals in MySQL.
|
class |
OracleCodec
Implementation of the Codec interface for Oracle strings.
|
class |
PercentCodec
Implementation of the Codec interface for percent encoding (aka URL encoding).
|
class |
UnixCodec
Implementation of the Codec interface for '\' encoding from Unix command shell.
|
class |
VBScriptCodec
Implementation of the Codec interface for 'quote' encoding from VBScript.
|
class |
WindowsCodec
Implementation of the Codec interface for '^' encoding from Windows command shell.
|
class |
XMLEntityCodec
Implementation of the Codec interface for XML entity encoding.
|
Constructor and Description |
---|
CodecLogScrubber(Codec<?> messageCodec,
char[] immuneChars)
Ctr.
|
Modifier and Type | Method and Description |
---|---|
String |
DefaultEncoder.encodeForOS(Codec codec,
String input)
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
|
String |
DefaultEncoder.encodeForSQL(Codec codec,
String input)
Encode input for use in a SQL query, according to the selected codec
(appropriate codecs include the MySQLCodec and OracleCodec).
|
ExecuteResult |
DefaultExecutor.executeSystemCommand(File executable,
List params,
File workdir,
Codec codec,
boolean logParams,
boolean redirectErrorStream)
Executes a system command after checking that the executable exists and
escaping all the parameters to ensure that injection is impossible.
|
Copyright © 2020 The Open Web Application Security Project (OWASP). All rights reserved.