Use of ESAPI getValidInput method

abc picture abc · Mar 26, 2014 · Viewed 25.8k times · Source

I was not able to use the of method present under ESAPI class'

    java.lang.String getValidInput(java.lang.String context,
                                  java.lang.String input,
                                  java.lang.String type,
                                  int maxLength,
                                  boolean allowNull)
                                      throws ValidationException,
                                       IntrusionException

      Parameters:
         type - The regular expression name that maps to the actual regular expression from "ESAPI.properties". 

How to pass parameter type from ESAPI.properties file? Any example to use properties file value from which I can refer?

Answer

avgvstvs picture avgvstvs · Mar 26, 2014

Here's an example call where I'm validating the "to" address field:

validator.getValidInput("toAddress", it.next(), "Email", Email.MAX_ADDRESS_SIZE, true)

ESAPI assumes you're using an IDE or have access to the direct source. If you're using Eclipse, just mouse-hover over the method name, and the parameter types will be displayed.

===UPDATED===

Here's the rip directly from the javadoc:

/**
     * Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
     * and input that is clearly an attack will generate a descriptive IntrusionException.
     *
     * @param context
     *      A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
     * @param input
     *      The actual user input data to validate.
     * @param type
     *      The regular expression name that maps to the actual regular expression from "ESAPI.properties".
     * @param maxLength
     *      The maximum post-canonicalized String length allowed.
     * @param allowNull
     *      If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
     *
     * @return The canonicalized user input.
     *
     * @throws ValidationException
     * @throws IntrusionException
     */