使用ESAPI getValidInput方法 [英] Use of ESAPI getValidInput method

问题描述

我无法使用ESAPI类'

    java.lang.String getValidInput(java.lang.String context,
                                  java.lang.String input,
                                  java.lang.String type,
                                  int maxLength,
                                  boolean allowNull)
                                      throws ValidationException,
                                       IntrusionException

      Parameters:
         type - The regular expression name that maps to the actual regular expression from "ESAPI.properties". 

如何从ESAPI.properties文件传递参数类型? 有没有使用我可以引用的属性文件值的示例?

How to pass parameter type from ESAPI.properties file? Any example to use properties file value from which I can refer?

推荐答案

在下面的示例调用中，我正在验证收件人"地址字段:

Here's an example call where I'm validating the "to" address field:

validator.getValidInput("toAddress", it.next(), "Email", Email.MAX_ADDRESS_SIZE, true)

ESAPI假定您正在使用IDE或有权访问直接源.如果使用的是Eclipse，只需将鼠标悬停在方法名称上，然后将显示参数类型.

ESAPI assumes you're using an IDE or have access to the direct source. If you're using Eclipse, just mouse-hover over the method name, and the parameter types will be displayed.

=== UPDATED ===

===UPDATED===

以下是直接来自javadoc的摘要:

Here's the rip directly from the javadoc:

/**
     * Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
     * and input that is clearly an attack will generate a descriptive IntrusionException.
     *
     * @param context
     *      A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
     * @param input
     *      The actual user input data to validate.
     * @param type
     *      The regular expression name that maps to the actual regular expression from "ESAPI.properties".
     * @param maxLength
     *      The maximum post-canonicalized String length allowed.
     * @param allowNull
     *      If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
     *
     * @return The canonicalized user input.
     *
     * @throws ValidationException
     * @throws IntrusionException
     */

这篇关于使用ESAPI getValidInput方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！