堆栈内存溢出
  简体   繁体   English

使用ESAPI getValidInput方法

[英]Use of ESAPI getValidInput method

 原文  2014-03-26 14:26:10       java/ esapi

问题描述

I was not able to use the of method present under ESAPI class' 我无法使用ESAPI类下存在的方法 

    java.lang.String getValidInput(java.lang.String context,
                                  java.lang.String input,
                                  java.lang.String type,
                                  int maxLength,
                                  boolean allowNull)
                                      throws ValidationException,
                                       IntrusionException

      Parameters:
         type - The regular expression name that maps to the actual regular expression from "ESAPI.properties".

How to pass parameter type from ESAPI.properties file? 如何从ESAPI.properties文件传递参数类型? Any example to use properties file value from which I can refer? 我可以参考使用属性文件值的任何示例吗?

2 个解决方案

解决方案1
 5 已采纳  2014-03-26 18:06:31

Here's an example call where I'm validating the "to" address field: 这是一个示例电话,其中我正在验证“收件人”地址字段: 

validator.getValidInput("toAddress", it.next(), "Email", Email.MAX_ADDRESS_SIZE, true)

ESAPI assumes you're using an IDE or have access to the direct source. ESAPI假定您正在使用IDE或有权访问直接源。 If you're using Eclipse, just mouse-hover over the method name, and the parameter types will be displayed. 如果使用的是Eclipse,只需将鼠标悬停在方法名称上,然后将显示参数类型。

===UPDATED=== ===已更新===

Here's the rip directly from the javadoc: 这是直接来自javadoc的片段: 

/**
     * Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
     * and input that is clearly an attack will generate a descriptive IntrusionException.
     *
     * @param context
     *      A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
     * @param input
     *      The actual user input data to validate.
     * @param type
     *      The regular expression name that maps to the actual regular expression from "ESAPI.properties".
     * @param maxLength
     *      The maximum post-canonicalized String length allowed.
     * @param allowNull
     *      If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
     *
     * @return The canonicalized user input.
     *
     * @throws ValidationException
     * @throws IntrusionException
     */

解决方案2
 0  2017-02-01 10:02:38

ESAPI.validator().getValidInput("Validationofinput", StringInput, "Onlycharacters",200, true);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 似乎无法获得用于URL参数的ESAPI验证程序getValidInput() - Can't seem to get ESAPI Validator getValidInput() Working for URL Parameters 在Java中使用ESAPI编码器 - Use ESAPI Encoder in Java 尝试使用 ESAPI 但出现错误 - Trying to Use ESAPI But getting Error ESAPI中ESAPI.encoder()。encodeForSQL的validation.properties的用途是什么? - What is use of validation.properties for ESAPI.encoder().encodeForSQL in ESAPI 尝试使用OWASP ESAPI时找不到antisamy-esapi.xml - antisamy-esapi.xml not found when trying to use OWASP ESAPI 如何使用 ESAPI TPM 实现 TSS for java - How to use ESAPI TPM implementation TSS for java 如何在Web应用程序中使用Esapi 1.4.4软件包 - How to use Esapi 1.4.4 package in web application 尝试使用OWASP ESAPI库时,获取antisamy-esapi.xml找不到异常 - Getting antisamy-esapi.xml not found exception while trying to use OWASP ESAPI library ESAPI.clearCurrent() 中的异常; 不知道 ESAPI.Logger 使用什么 - Exception in ESAPI.clearCurrent(); Dont know what ESAPI.Logger use 无法使用 ESAPI encodeforXML 方法编码,(逗号)_(下划线)-(连字符) - Not able to encode , (comma) _(underscore) -(hyphen) using ESAPI encodeforXML method
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM