A B C D E F G H I J K L M N O P R S T U V W X
All Classes All Packages
All Classes All Packages
All Classes All Packages
A
- ABSOLUTE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- AbstractAccessReferenceMap<K> - Class in org.owasp.esapi.reference
-
Abstract Implementation of the AccessReferenceMap that is backed by ConcurrentHashMaps to provide a thread-safe implementation of the AccessReferenceMap.
- AbstractAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Instantiates a new access reference map.
- AbstractAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Instantiates a new access reference map with the specified size allotment to reduce Map resizing overhead.
- AbstractAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Deprecated.This constructor internally calls the abstract method
AbstractAccessReferenceMap.getUniqueReference()
. Since this is a constructor, any subclass that implements getUniqueReference() has not had it's own constructor run. This leads to strange bugs because subclass internal state is initializaed after calls to getUniqueReference() have already happened. If this constructor is desired in a subclass, consider runningAbstractAccessReferenceMap.update(Set)
in the subclass constructor instead. - AbstractAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Deprecated.This constructor internally calls the abstract method
AbstractAccessReferenceMap.getUniqueReference()
. Since this is a constructor, any subclass that implements getUniqueReference() has not had it's own constructor run. This leads to strange bugs because subclass internal state is initializaed after calls to getUniqueReference() have already happened. If this constructor is desired in a subclass, consider runningAbstractAccessReferenceMap.update(Set)
in the subclass constructor instead. - AbstractAuthenticator - Class in org.owasp.esapi.reference
-
A partial implementation of the Authenticator interface.
- AbstractAuthenticator() - Constructor for class org.owasp.esapi.reference.AbstractAuthenticator
- ACCEPT_LENIENT_DATES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- AccessControlException - Exception in org.owasp.esapi.errors
-
An AccessControlException should be thrown when a user attempts to access a resource that they are not authorized for.
- AccessControlException() - Constructor for exception org.owasp.esapi.errors.AccessControlException
-
Instantiates a new access control exception.
- AccessControlException(String, String) - Constructor for exception org.owasp.esapi.errors.AccessControlException
-
Creates a new instance of
AccessControlException
. - AccessControlException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AccessControlException
-
Instantiates a new access control exception.
- accessController() - Static method in class org.owasp.esapi.ESAPI
- AccessController - Interface in org.owasp.esapi
-
The AccessController interface defines a set of methods that can be used in a wide variety of applications to enforce access control.
- AccessControlRule<P,R> - Interface in org.owasp.esapi
- AccessReferenceMap<K> - Interface in org.owasp.esapi
-
The AccessReferenceMap interface is used to map from a set of internal direct object references to a set of indirect references that are safe to disclose publicly.
- ACRParameterLoader<T> - Interface in org.owasp.esapi.reference.accesscontrol.policyloader
- ACRParameterLoaderHelper - Class in org.owasp.esapi.reference.accesscontrol.policyloader
- ACRParameterLoaderHelper() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
- ACRPolicyFileLoader - Class in org.owasp.esapi.reference.accesscontrol.policyloader
- ACRPolicyFileLoader() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
- Action - Class in org.owasp.esapi.waf.actions
-
The base class indicating what is to be done after a rule executes.
- Action() - Constructor for class org.owasp.esapi.waf.actions.Action
- actionNecessary - Variable in class org.owasp.esapi.waf.actions.Action
- actions - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
-
The list of actions to take if the threshold is met.
- addAccessControlRule(String, String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
- addAfterBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- addAlias(String, Object) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- addAttributes(Map<String, String>) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Add the specified collection of attributes to the current attributes.
- addBeforeBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- addBeforeResponseRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- addBlacklistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
- addBlacklistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
- addCookie(Cookie) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
- addCookie(Cookie) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls addCookie with the *current* request.
- addCookie(Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls addCookie with the *current* request.
- addCookie(Cookie) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- addCookie(Cookie, boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- addCookie(HttpServletResponse, Cookie) - Method in interface org.owasp.esapi.HTTPUtilities
-
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
- addCookie(HttpServletResponse, Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
- addCookieRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- addCSRFToken(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
- addCSRFToken(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
- addDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name.
- addDirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Adds a direct reference to the AccessReferenceMap, then generates and returns an associated indirect reference.
- addDirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Adds a direct reference to the AccessReferenceMap, then generates and returns an associated indirect reference.
- addError(String, ValidationException) - Method in class org.owasp.esapi.ValidationErrorList
-
Adds a new error to list with a unique named context.
- addEvent(String, String) - Method in interface org.owasp.esapi.IntrusionDetector
-
Adds the event to the IntrusionDetector.
- addEvent(String, String) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector
-
Adds the event to the IntrusionDetector.
- addException(Exception) - Method in interface org.owasp.esapi.IntrusionDetector
-
Adds the exception to the IntrusionDetector.
- addException(Exception) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector
-
Adds the exception to the IntrusionDetector.
- addHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
- addHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls addHeader with the *current* request.
- addHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls addHeader with the *current* request.
- addHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
- addHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
- AddHeaderRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <add-header> rules.
- AddHeaderRule(String, String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AddHeaderRule
- AddHTTPOnlyFlagRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <add-http-only-flag> rules.
- AddHTTPOnlyFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
- addIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add an int header to the response after ensuring that there are no encoded or illegal characters in the name and name.
- ADDITIONAL_ALLOWED_CIPHER_MODES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- addProperty(Properties, String, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
-
Adds a new key-value property to the passed Properties object
- addRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Adds a role to this user's account.
- addRole(String) - Method in interface org.owasp.esapi.User
-
Adds a role to this user's account.
- addRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser
-
Adds a set of roles to this user's account.
- addRoles(Set<String>) - Method in interface org.owasp.esapi.User
-
Adds a set of roles to this user's account.
- addRule(ValidationRule) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Add a validation rule to the registry using the "type name" of the rule as the key.
- addRule(ValidationRule) - Method in interface org.owasp.esapi.Validator
- AddSecureFlagRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <add-secure-flag> rules.
- AddSecureFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddSecureFlagRule
- addSession(HttpSession) - Method in class org.owasp.esapi.reference.DefaultUser
-
Adds a session for this User.
- addSession(HttpSession) - Method in interface org.owasp.esapi.User
-
Adds a session for this User.
- addWhitelistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
- addWhitelistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
- ALL - Static variable in interface org.owasp.esapi.Logger
-
ALL indicates that all messages should be logged.
- ALLOW_MIXED_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- ALLOW_MULTIPLE_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- ALLOWED_LOGIN_ATTEMPTS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- allowNull - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
- ALPHANUMERICS - Static variable in class org.owasp.esapi.EncoderConstants
- always(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Always log the specified message as a
SECURITY_AUDIT
event type. - always(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Always log the specified message as a
SECURITY_AUDIT
event type, along with its associated exception stack trace (if any). - always(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log an event regardless of what logging level is enabled.
- always(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log an event regardless of what logging level is enabled.
- always(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log an event regardless of what logging level is enabled and also record the stack trace associated with the event.
- always(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log an event regardless of what logging level is enabled and also record the stack trace associated with the event.
- AlwaysFalseACR - Class in org.owasp.esapi.reference.accesscontrol
- AlwaysFalseACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR
- AlwaysTrueACR - Class in org.owasp.esapi.reference.accesscontrol
- AlwaysTrueACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR
- ANONYMOUS - Static variable in interface org.owasp.esapi.User
-
The ANONYMOUS user is used to represent an unidentified user.
- ANONYMOUS_USER - Static variable in class org.owasp.esapi.crypto.CryptoToken
-
Represents an anonymous user.
- ANSI - org.owasp.esapi.codecs.MySQLCodec.Mode
- ANSI_MODE - Static variable in class org.owasp.esapi.codecs.MySQLCodec
-
Target MySQL Server is running in {@link "http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html"} ANSI Mode
- append(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- append(CharSequence) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- append(CharSequence, int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- AppGuardianConfiguration - Class in org.owasp.esapi.waf.configuration
-
This class is the object model of the policy file.
- AppGuardianConfiguration() - Constructor for class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- APPLICATION_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- APPROVED_EXECUTABLES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- APPROVED_UPLOAD_EXTENSIONS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- arrayCompare(byte[], byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
A "safe" array comparison that is not vulnerable to side-channel "timing attacks".
- arrayToSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Converts an array of chars to a Set of Characters.
- arrayToUnmodifiableSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a char array to a unmodifiable Set.
- asBytes() - Method in class org.owasp.esapi.crypto.PlainText
-
Convert the
PlainText
object to a byte array. - asCipherText() - Method in class org.owasp.esapi.crypto.CipherTextSerializer
-
Return the actual
CipherText
object. - asPortableSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherText
-
Return this
CipherText
object as a portable (i.e., network byte ordered) serialized byte array. - asSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherTextSerializer
-
Return this
CipherText
object as a specialized, portable serialized byte array. - assertAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController
-
assertAuthorized
executes theAccessControlRule
that is identified bykey
and listed in theresources/ESAPI-AccessControlPolicy.xml
file. - assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
- assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
assertAuthorized
executes theAccessControlRule
that is identified bykey
and listed in theresources/ESAPI-AccessControlPolicy.xml
file. - assertAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced data.
- assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced data.
- assertAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced file.
- assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Deprecated.
- assertAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced function.
- assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced function.
- assertAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced service.
- assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced service.
- assertAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced URL.
- assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced URL.
- assertSecureChannel() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls assertSecureChannel with the *current* request.
- assertSecureChannel() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls assertSecureChannel with the *current* request.
- assertSecureChannel(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response.
- assertSecureChannel(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response.
- assertSecureRequest() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls assertSecureRequest with the *current* request.
- assertSecureRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls assertSecureRequest with the *current* request.
- assertSecureRequest(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
- assertSecureRequest(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
- assertValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Check if the input is valid, throw an Exception otherwise
- assertValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
-
Check if the input is valid, throw an Exception otherwise
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates the filepath, filename, and content of a file.
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
-
Validates the filepath, filename, and content of a file.
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions
- assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates that the parameters in the current request contain all required parameters and only optional ones in addition.
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator
-
Validates that the parameters in the current request contain all required parameters and only optional ones in addition.
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
ValidationErrorList variant of assertIsValidHTTPRequestParameterSet Uses current HTTPRequest saved in ESAPI Authenticator
- assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidHTTPRequestParameterSet with the supplied errorList to capture ValidationExceptions
- AuthenticatedRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <authentication-rules> rules.
- AuthenticatedRule(String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AuthenticatedRule
- AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- AuthenticationAccountsException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during login or logout.
- AuthenticationAccountsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
-
Instantiates a new authentication exception.
- AuthenticationAccountsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
-
Creates a new instance of
AuthenticationAccountsException
. - AuthenticationAccountsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
-
Instantiates a new authentication exception.
- AuthenticationCredentialsException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during login or logout.
- AuthenticationCredentialsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
-
Instantiates a new authentication exception.
- AuthenticationCredentialsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
-
Creates a new instance of
AuthenticationCredentialsException
. - AuthenticationCredentialsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
-
Instantiates a new authentication exception.
- AuthenticationException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during login or logout.
- AuthenticationException() - Constructor for exception org.owasp.esapi.errors.AuthenticationException
-
Instantiates a new authentication exception.
- AuthenticationException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationException
-
Creates a new instance of
AuthenticationException
. - AuthenticationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationException
-
Instantiates a new authentication exception.
- AuthenticationHostException - Exception in org.owasp.esapi.errors
-
An AuthenticationHostException should be thrown when there is a problem with the host involved with authentication, particularly if the host changes unexpectedly.
- AuthenticationHostException() - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
-
Instantiates a new authentication exception.
- AuthenticationHostException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
-
Creates a new instance of AuthenticationHostException.
- AuthenticationHostException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
-
Instantiates a new authentication exception.
- AuthenticationLoginException - Exception in org.owasp.esapi.errors
-
An AuthenticationException should be thrown when anything goes wrong during login or logout.
- AuthenticationLoginException() - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
-
Instantiates a new authentication exception.
- AuthenticationLoginException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
-
Creates a new instance of EnterpriseSecurityException.
- AuthenticationLoginException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
-
Instantiates a new authentication exception.
- authenticator() - Static method in class org.owasp.esapi.ESAPI
- Authenticator - Interface in org.owasp.esapi
-
The Authenticator interface defines a set of methods for generating and handling account credentials and session identifiers.
- AvailabilityException - Exception in org.owasp.esapi.errors
-
An AvailabilityException should be thrown when the availability of a limited resource is in jeopardy.
- AvailabilityException() - Constructor for exception org.owasp.esapi.errors.AvailabilityException
-
Instantiates a new availability exception.
- AvailabilityException(String, String) - Constructor for exception org.owasp.esapi.errors.AvailabilityException
-
Creates a new instance of AvailabilityException.
- AvailabilityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AvailabilityException
-
Instantiates a new AvailabilityException.
B
- Base64 - Class in org.owasp.esapi.codecs
-
Encodes and decodes to and from Base64 notation.
- Base64.InputStream - Class in org.owasp.esapi.codecs
-
A
Base64.InputStream
will read data from another java.io.InputStream, given in the constructor, and encode/decode to/from Base64 notation on the fly. - Base64.OutputStream - Class in org.owasp.esapi.codecs
-
A
Base64.OutputStream
will write data to another java.io.OutputStream, given in the constructor, and encode/decode to/from Base64 notation on the fly. - BaseACR<P,R> - Class in org.owasp.esapi.reference.accesscontrol
- BaseACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.BaseACR
- BaseEncodeTag - Class in org.owasp.esapi.tags
-
Abstract base class for tags that just encode their bodies with Encoder methods.
- BaseEncodeTag() - Constructor for class org.owasp.esapi.tags.BaseEncodeTag
- BaseValidationRule - Class in org.owasp.esapi.reference.validation
-
A ValidationRule performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
- BaseValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.BaseValidationRule
- BaseValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.BaseValidationRule
- BeanShellRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <bean-shell-script> rules.
- BeanShellRule(String, String, Pattern) - Constructor for class org.owasp.esapi.waf.rules.BeanShellRule
- blacklistPatterns - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
- BLOCK - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- BlockAction - Class in org.owasp.esapi.waf.actions
-
The class that indicates the request processing should be halted and that a blank response should be returned.
- BlockAction() - Constructor for class org.owasp.esapi.waf.actions.BlockAction
- ByteConversionUtil - Class in org.owasp.esapi.util
-
Conversion to/from byte arrays to/from short, int, long.
- ByteConversionUtil() - Constructor for class org.owasp.esapi.util.ByteConversionUtil
C
- canEqual(Object) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Needed for correct definition of equals for general classes.
- canEqual(Object) - Method in class org.owasp.esapi.crypto.CipherText
-
Needed for correct definition of equals for general classes.
- canEqual(Object) - Method in class org.owasp.esapi.crypto.PlainText
-
Needed for correct definition of equals for general classes.
- CANONICALIZATION_CODECS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- canonicalize(String) - Method in interface org.owasp.esapi.Encoder
-
This method is equivalent to calling
- canonicalize(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
This method is equivalent to calling
- canonicalize(String, boolean) - Method in interface org.owasp.esapi.Encoder
-
This method is the equivalent to calling
- canonicalize(String, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
This method is the equivalent to calling
- canonicalize(String, boolean, boolean) - Method in interface org.owasp.esapi.Encoder
-
Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form.
- canonicalize(String, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form.
- CertificateException - Exception in org.owasp.esapi.errors
-
A CertificateException should be thrown for any problems that arise during processing of digital certificates.
- CertificateException() - Constructor for exception org.owasp.esapi.errors.CertificateException
-
Instantiates a new certificate exception.
- CertificateException(String, String) - Constructor for exception org.owasp.esapi.errors.CertificateException
-
Creates a new instance of CertificateException.
- CertificateException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.CertificateException
-
Instantiates a new CertificateException.
- changePassword(String, String, String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets the user's password, performing a verification of the user's old password, the equality of the two new passwords, and the strength of the new password.
- changePassword(String, String, String) - Method in interface org.owasp.esapi.User
-
Sets the user's password, performing a verification of the user's old password, the equality of the two new passwords, and the strength of the new password.
- changePassword(User, String, String, String) - Method in interface org.owasp.esapi.Authenticator
-
Changes the password for the specified user.
- changePassword(User, String, String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Changes the password for the specified user.
- changeSessionIdentifier() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls changeSessionIdentifier with the *current* request.
- changeSessionIdentifier() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls changeSessionIdentifier with the *current* request.
- changeSessionIdentifier(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
- changeSessionIdentifier(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
- CHAR_ALPHANUMERICS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_ALPHANUMERICS
instead - CHAR_ALPHANUMERICS - Static variable in class org.owasp.esapi.EncoderConstants
-
CHAR_LETTERS union CHAR_DIGITS
- CHAR_DIGITS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_DIGITS
instead - CHAR_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
-
0-9
- CHAR_LETTERS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_LETTERS
instead - CHAR_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
-
CHAR_LOWERS union CHAR_UPPERS
- CHAR_LOWERS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_LOWERS
instead - CHAR_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
-
a-b
- CHAR_PASSWORD_DIGITS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_PASSWORD_DIGITS
instead - CHAR_PASSWORD_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
-
2-9
- CHAR_PASSWORD_LETTERS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_PASSWORD_LETTERS
instead - CHAR_PASSWORD_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
-
CHAR_PASSWORD_LOWERS union CHAR_PASSWORD_UPPERS
- CHAR_PASSWORD_LOWERS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_PASSWORD_LOWERS
instead - CHAR_PASSWORD_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
-
Password character set, is alphanumerics (without l, i, I, o, O, and 0) selected specials like + (bad for URL encoding, | is like i and 1, etc...)
- CHAR_PASSWORD_SPECIALS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_PASSWORD_SPECIALS
instead - CHAR_PASSWORD_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
-
!$*-.=?@_
- CHAR_PASSWORD_UPPERS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_PASSWORD_UPPERS
instead - CHAR_PASSWORD_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
- CHAR_SPECIALS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_SPECIALS
instead - CHAR_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
-
!$*+-.=?@^_|~
- CHAR_UPPERS - Static variable in interface org.owasp.esapi.Encoder
-
Deprecated.Use
EncoderConstants.CHAR_UPPERS
instead - CHAR_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
-
A-Z
- CHARACTER_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- charArrayToSet(char[]) - Static method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Convert an array of characters to a
Set<Character>
(so duplicates are removed). - check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddHeaderRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddSecureFlagRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AuthenticatedRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.BeanShellRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.DetectOutboundContentRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.EnforceHTTPSRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.HTTPMethodRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.IPRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.MustMatchRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.PathExtensionRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.ReplaceContentRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.RestrictContentTypeRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.RestrictUserAgentRule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.Rule
- check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule
- checkError() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- CIPHER_TRANSFORMATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- CipherSpec - Class in org.owasp.esapi.crypto
-
Specifies all the relevant configuration data needed in constructing and using a
Cipher
except for the encryption key. - CipherSpec() - Constructor for class org.owasp.esapi.crypto.CipherSpec
-
Default CTOR.
- CipherSpec(byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec
- CipherSpec(String, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec
-
CTOR that sets everything but block size and IV.
- CipherSpec(String, int, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec
-
CTOR that sets everything except block size.
- CipherSpec(String, int, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec
-
CTOR that sets everything but IV.
- CipherSpec(String, int, int, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec
-
CTOR that explicitly sets everything.
- CipherSpec(Cipher) - Constructor for class org.owasp.esapi.crypto.CipherSpec
-
CTOR that sets everything except for the cipher key size and possibly the IV.
- CipherSpec(Cipher, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec
-
CTOR that sets everything.
- CipherText - Class in org.owasp.esapi.crypto
-
A
Serializable
interface representing the result of encrypting plaintext and some additional information about the encryption algorithm, the IV (if pertinent), and an optional Message Authentication Code (MAC). - CipherText() - Constructor for class org.owasp.esapi.crypto.CipherText
-
Default CTOR.
- CipherText(CipherSpec) - Constructor for class org.owasp.esapi.crypto.CipherText
-
Construct from a
CipherSpec
object. - CipherText(CipherSpec, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherText
-
Construct from a
CipherSpec
object and the raw ciphertext. - CIPHERTEXT_USE_MAC - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- CipherTextSerializer - Class in org.owasp.esapi.crypto
-
Helper class to assist with programming language and platform independent serialization of
CipherText
objects. - CipherTextSerializer(byte[]) - Constructor for class org.owasp.esapi.crypto.CipherTextSerializer
-
Given byte array in network byte order (i.e., big-endian order), convert it so that a
CipherText
can be constructed from it. - CipherTextSerializer(CipherText) - Constructor for class org.owasp.esapi.crypto.CipherTextSerializer
- cipherTextSerializerVersion - Static variable in class org.owasp.esapi.crypto.CipherTextSerializer
- cipherTextVersion - Static variable in class org.owasp.esapi.crypto.CipherText
- clear() - Method in class org.owasp.esapi.codecs.HashTrie
-
Clear all entries.
- clear() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- clear() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
- clearAttributes() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Removes all the attributes (if any) associated with this token.
- clearCurrent() - Method in interface org.owasp.esapi.Authenticator
-
Clears the current User.
- clearCurrent() - Static method in class org.owasp.esapi.ESAPI
-
Clears the current User, HttpRequest, and HttpResponse associated with the current thread.
- clearCurrent() - Method in interface org.owasp.esapi.HTTPUtilities
-
Clears the current HttpRequest and HttpResponse associated with the current thread.
- clearCurrent() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Clears the current User.
- clearCurrent() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Clears the current HttpRequest and HttpResponse associated with the current thread.
- ClickjackFilter - Class in org.owasp.esapi.filters
-
The
ClickjackFilter
is discussed at {@link http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE}. - ClickjackFilter() - Constructor for class org.owasp.esapi.filters.ClickjackFilter
- clone() - Method in class org.owasp.esapi.reference.DefaultUser
-
Override clone and make final to prevent duplicate user objects.
- close() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
-
Flushes and closes (I think, in the superclass) the stream.
- close() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- close() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- Codec - Class in org.owasp.esapi.codecs
-
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding).
- Codec() - Constructor for class org.owasp.esapi.codecs.Codec
-
Default constructor
- CollectionsUtil - Class in org.owasp.esapi.util
- COMBINED_CIPHER_MODES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- commit() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- commit() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- computeAndStoreMAC(SecretKey) - Method in class org.owasp.esapi.crypto.CipherText
-
Compute and store the Message Authentication Code (MAC) if the ESAPI property
Encryptor.CipherText.useMAC
is set totrue
. - computeDerivedKey(SecretKey, int, String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Deprecated.Use
KeyDerivationFunction
instead. This method will be removed as of ESAPI release 2.1 so if you are using this, please change your code. - computeDerivedKey(SecretKey, int, String) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
The method is ESAPI's Key Derivation Function (KDF) that computes a derived key from the
keyDerivationKey
for either encryption / decryption or for authentication. - ConfigurationException - Exception in org.owasp.esapi.errors
-
A
ConfigurationException
should be thrown when a problem arises because of a problem in one of ESAPI's configuration files, such as a missing required property or invalid setting of a property, or missing or unreadable configuration file, etc. - ConfigurationException - Exception in org.owasp.esapi.waf
-
The Exception to be thrown when there is an error parsing a policy file.
- ConfigurationException(Exception) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
- ConfigurationException(String) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
- ConfigurationException(String, String) - Constructor for exception org.owasp.esapi.waf.ConfigurationException
- ConfigurationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.waf.ConfigurationException
- ConfigurationException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
- ConfigurationException(Throwable) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
- ConfigurationParser - Class in org.owasp.esapi.waf.configuration
-
The class used to turn a policy file's contents into an object model.
- ConfigurationParser() - Constructor for class org.owasp.esapi.waf.configuration.ConfigurationParser
- contains(StringBuilder, char) - Static method in class org.owasp.esapi.StringUtilities
-
Returns true if the character is contained in the provided StringBuilder.
- containsCharacter(char, char[]) - Static method in class org.owasp.esapi.codecs.Codec
-
Utility to search a char[] for a specific char.
- containsHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- containsKey(Object) - Method in class org.owasp.esapi.codecs.HashTrie
- containsKey(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- containsValue(Object) - Method in class org.owasp.esapi.codecs.HashTrie
- containsValue(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- convertIntToPRF(int) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
- convertNameToPRF(String) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
- COOKIE - Static variable in interface org.owasp.esapi.HTTPUtilities
- copyByteArray(byte[], byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Same as
copyByteArray(src, dest, src.length)
. - copyByteArray(byte[], byte[], int) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Same as
System.arraycopy(src, 0, dest, 0, length)
. - count - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
-
The count at which this threshold is triggered.
- createUser(String, String, String) - Method in interface org.owasp.esapi.Authenticator
-
Creates a new User with the information provided.
- createUser(String, String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Creates a new User with the information provided.
- CREDIT_CARD_VALIDATOR_KEY - Static variable in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
Key used to pull out encoder in configuration.
- CreditCardValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of Credit Card String from an untrusted source.
- CreditCardValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
Creates a CreditCardValidator using the rule found in security configuration
- CreditCardValidationRule(String, Encoder, StringValidationRule) - Constructor for class org.owasp.esapi.reference.validation.CreditCardValidationRule
- CryptoDiscoverer - Class in org.owasp.esapi.crypto
- CryptoDiscoverer() - Constructor for class org.owasp.esapi.crypto.CryptoDiscoverer
- CryptoHelper - Class in org.owasp.esapi.crypto
-
Class to provide some convenience methods for encryption, decryption, etc.
- CryptoToken - Class in org.owasp.esapi.crypto
-
Compute a cryptographically secure, encrypted token containing optional name/value pairs.
- CryptoToken() - Constructor for class org.owasp.esapi.crypto.CryptoToken
-
Create a cryptographic token using default secret key from the ESAPI.properties property Encryptor.MasterKey.
- CryptoToken(String) - Constructor for class org.owasp.esapi.crypto.CryptoToken
-
Create using previously encrypted token encrypted with default secret key from ESAPI.properties.
- CryptoToken(SecretKey) - Constructor for class org.owasp.esapi.crypto.CryptoToken
-
Create a cryptographic token using specified
SecretKey
. - CryptoToken(SecretKey, String) - Constructor for class org.owasp.esapi.crypto.CryptoToken
-
Create cryptographic token using previously encrypted token that was encrypted with specified secret key.
- CSRF_TOKEN_NAME - Static variable in interface org.owasp.esapi.HTTPUtilities
- CSSCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for backslash encoding used in CSS.
- CSSCodec() - Constructor for class org.owasp.esapi.codecs.CSSCodec
- currentRequest() - Static method in class org.owasp.esapi.ESAPI
-
Get the current HTTP Servlet Request being processed.
- currentResponse() - Static method in class org.owasp.esapi.ESAPI
-
Get the current HTTP Servlet Response being generated.
D
- DateValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
- DateValidationRule(String, Encoder, DateFormat) - Constructor for class org.owasp.esapi.reference.validation.DateValidationRule
- DB2Codec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for DB2 strings.
- DB2Codec() - Constructor for class org.owasp.esapi.codecs.DB2Codec
- debug(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
- debug(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
- debug(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log a debug level security event if 'debug' level logging is enabled.
- debug(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a debug level security event if 'debug' level logging is enabled.
- debug(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log a debug level security event if 'debug' level logging is enabled and also record the stack trace associated with the event.
- debug(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a debug level security event if 'debug' level logging is enabled and also record the stack trace associated with the event.
- DEBUG - Static variable in interface org.owasp.esapi.Logger
-
DEBUG indicates that DEBUG messages and above should be logged.
- decode(byte[], int, int, int) - Static method in class org.owasp.esapi.codecs.Base64
-
Very low-level access to decoding ASCII characters in the form of a byte array.
- decode(String) - Static method in class org.owasp.esapi.codecs.Base64
-
Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
- decode(String) - Method in class org.owasp.esapi.codecs.Codec
-
Decode a String that was encoded using the encode method in this Class
- decode(String) - Static method in class org.owasp.esapi.codecs.Hex
-
Decode hexadecimal-encoded string and return raw byte array.
- decode(String, int) - Static method in class org.owasp.esapi.codecs.Base64
-
Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
- DECODE - Static variable in class org.owasp.esapi.codecs.Base64
-
Specify decoding.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.Codec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.CSSCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.DB2Codec
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.JavaScriptCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.MySQLCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.OracleCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.PercentCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.UnixCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.VBScriptCodec
-
Returns the decoded version of the character starting at index, or null if no decoding is possible.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.WindowsCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.XMLEntityCodec
-
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
- decodeFileToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64
-
Reads infile and decodes it to outfile.
- decodeForHTML(String) - Method in interface org.owasp.esapi.Encoder
-
Decodes HTML entities.
- decodeForHTML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Decodes HTML entities.
- decodeFromBase64(String) - Method in interface org.owasp.esapi.Encoder
-
Decode data encoded with BASE-64 encoding.
- decodeFromBase64(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Decode data encoded with BASE-64 encoding.
- decodeFromFile(String) - Static method in class org.owasp.esapi.codecs.Base64
-
Convenience method for reading a base64-encoded file and decoding it.
- decodeFromURL(String) - Method in interface org.owasp.esapi.Encoder
-
Decode from URL.
- decodeFromURL(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Decode from URL.
- decodeToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64
-
Convenience method for decoding data to a file.
- decodeToObject(String) - Static method in class org.owasp.esapi.codecs.Base64
-
Attempts to decode Base64 data and deserialize a Java Object within.
- decrypt(SecretKey, CipherText) - Method in interface org.owasp.esapi.Encryptor
-
Decrypts the provided
CipherText
using the information from it and the specified secret key. - decrypt(SecretKey, CipherText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Decrypts the provided
CipherText
using the information from it and the specified secret key. - decrypt(CipherText) - Method in interface org.owasp.esapi.Encryptor
-
Decrypts the provided
CipherText
using the information from it and the master encryption key as specified by the propertyEncryptor.MasterKey
as defined in theESAPI.properties
file. - decrypt(CipherText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Decrypts the provided
CipherText
using the information from it and the master encryption key as specified by the propertyEncryptor.MasterKey
as defined in theESAPI.properties
file. - decryptHiddenField(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Decrypts an encrypted hidden field value and returns the cleartext.
- decryptHiddenField(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Decrypts an encrypted hidden field value and returns the cleartext.
- decryptQueryString(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Takes an encrypted querystring and returns a Map containing the original parameters.
- decryptQueryString(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Takes an encrypted querystring and returns a Map containing the original parameters.
- decryptStateFromCookie() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls decryptStateFromCookie with the *current* request.
- decryptStateFromCookie() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls decryptStateFromCookie with the *current* request.
- decryptStateFromCookie(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
- decryptStateFromCookie(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
- DEFAULT_ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_CHARACTER_ENCODING - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- DEFAULT_CONTENT_TYPE - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- DEFAULT_ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_FAIL_ACTION - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- DEFAULT_HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_MAX_LOG_FILE_SIZE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
The default max log file size is set to 10,000,000 bytes (10 Meg).
- DEFAULT_RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DEFAULT_VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DefaultAccessController - Class in org.owasp.esapi.reference
- DefaultAction - Class in org.owasp.esapi.waf.actions
-
The class that indicates the default action as indicated by the policy file should be executed.
- DefaultAction() - Constructor for class org.owasp.esapi.waf.actions.DefaultAction
- DefaultEncoder - Class in org.owasp.esapi.reference
-
Reference implementation of the Encoder interface.
- DefaultEncoder(List<String>) - Constructor for class org.owasp.esapi.reference.DefaultEncoder
- DefaultEncryptedProperties - Class in org.owasp.esapi.reference.crypto
-
Reference implementation of the
EncryptedProperties
interface. - DefaultEncryptedProperties() - Constructor for class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Instantiates a new encrypted properties.
- DefaultExecutor - Class in org.owasp.esapi.reference
-
Reference implementation of the Executor interface.
- DefaultHTTPUtilities - Class in org.owasp.esapi.reference
-
Reference implementation of the HTTPUtilities interface.
- DefaultHTTPUtilities() - Constructor for class org.owasp.esapi.reference.DefaultHTTPUtilities
-
No arg constructor.
- DefaultIntrusionDetector - Class in org.owasp.esapi.reference
-
Reference implementation of the IntrusionDetector interface.
- DefaultIntrusionDetector() - Constructor for class org.owasp.esapi.reference.DefaultIntrusionDetector
- DefaultMessageUtil - Class in org.owasp.esapi.util
- DefaultMessageUtil() - Constructor for class org.owasp.esapi.util.DefaultMessageUtil
- DefaultRandomizer - Class in org.owasp.esapi.reference
-
Reference implementation of the Randomizer interface.
- DefaultSecurityConfiguration - Class in org.owasp.esapi.reference
-
The reference
SecurityConfiguration
manages all the settings used by the ESAPI in a single place. - DefaultSecurityConfiguration() - Constructor for class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Instantiates a new configuration.
- DefaultSecurityConfiguration(Properties) - Constructor for class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Instantiates a new configuration with the supplied properties.
- DefaultUser - Class in org.owasp.esapi.reference
-
Reference implementation of the User interface.
- DefaultUser(String) - Constructor for class org.owasp.esapi.reference.DefaultUser
-
Instantiates a new user.
- DefaultValidator - Class in org.owasp.esapi.reference
-
Reference implementation of the Validator interface.
- DefaultValidator() - Constructor for class org.owasp.esapi.reference.DefaultValidator
-
Default constructor uses the ESAPI standard encoder for canonicalization.
- DefaultValidator(Encoder) - Constructor for class org.owasp.esapi.reference.DefaultValidator
-
Construct a new DefaultValidator that will use the specified Encoder for canonicalization.
- delegateInstance - Variable in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
- delegateMethod - Variable in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
- DelegatingACR - Class in org.owasp.esapi.reference.accesscontrol
- DelegatingACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.DelegatingACR
- destroy() - Method in class org.owasp.esapi.filters.ClickjackFilter
- destroy() - Method in class org.owasp.esapi.filters.ESAPIFilter
-
Called by the web container to indicate to a filter that it is being taken out of service.
- destroy() - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter
-
Called by the web container to indicate to a filter that it is being taken out of service.
- destroy() - Method in class org.owasp.esapi.filters.SecurityWrapper
- destroy() - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
- DetectOutboundContentRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <detect-content> rules.
- DetectOutboundContentRule(String, Pattern, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.DetectOutboundContentRule
- DIGITAL_SIGNATURE_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DIGITAL_SIGNATURE_KEY_LENGTH - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
- disable() - Method in class org.owasp.esapi.reference.DefaultUser
-
Disable this user's account.
- disable() - Method in interface org.owasp.esapi.User
-
Disable this user's account.
- DISABLE_INTRUSION_DETECTION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- doAfterBody() - Method in class org.owasp.esapi.tags.BaseEncodeTag
-
After tag body parsing handler.
- doesCookieMatch(String) - Method in class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
- doesCookieMatch(String) - Method in class org.owasp.esapi.waf.rules.AddSecureFlagRule
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.ClickjackFilter
-
Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.ESAPIFilter
-
The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter
-
Checks to see if the current session has exceeded the allowed number of requests in the specified time period.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.SecurityWrapper
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
-
This is the where the main interception and rule-checking logic of the WAF resides.
- DoNothingAction - Class in org.owasp.esapi.waf.actions
-
The class that indicates that no further action is necessary.
- DoNothingAction() - Constructor for class org.owasp.esapi.waf.actions.DoNothingAction
- DONT_BREAK_LINES - Static variable in class org.owasp.esapi.codecs.Base64
-
Don't break lines when encoding (violates strict Base64 specification)
- dtoi - Variable in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
The Direct to Indirect Map
- DynaBeanACRParameter - Class in org.owasp.esapi.reference.accesscontrol
-
A DynaBean comes from the apache bean utils.
- DynaBeanACRParameter() - Constructor for class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- DynaBeanACRParameterLoader - Class in org.owasp.esapi.reference.accesscontrol.policyloader
- DynaBeanACRParameterLoader() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader
E
- EchoDynaBeanPolicyParameterACR - Class in org.owasp.esapi.reference.accesscontrol.policyloader
- EchoDynaBeanPolicyParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR
- EchoRuntimeParameterACR - Class in org.owasp.esapi.reference.accesscontrol
- EchoRuntimeParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
- elements() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to throw an
UnsupportedOperationException
- ELEncodeFunctions - Class in org.owasp.esapi.tags
-
Static encoder methods for JSP EL expression functions.
- enable() - Method in class org.owasp.esapi.reference.DefaultUser
-
Enable this user's account.
- enable() - Method in interface org.owasp.esapi.User
-
Enable this user's account.
- encode(byte[], boolean) - Static method in class org.owasp.esapi.codecs.Hex
-
Output byte representation as hexadecimal representation.
- encode(char[], String) - Method in class org.owasp.esapi.codecs.Codec
-
Encode a String so that it can be safely used in a specific context.
- encode(char[], String) - Method in class org.owasp.esapi.codecs.VBScriptCodec
-
Encode a String so that it can be safely used in a specific context.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.BaseEncodeTag
-
Encode tag's content.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Encode tag's content using Base64.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForCSSTag
-
Encode tag's content for usage in CSS.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLAttributeTag
-
Encode tag's content for usage as a HTML attribute.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLTag
-
Encode tag's content for usage in HTML.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForJavaScriptTag
-
Encode tag's content for usage in JavaScript
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForURLTag
-
Encode tag's content for usage in a URL.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForVBScriptTag
-
Encode tag's content for usage in VBScript.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLAttributeTag
-
Encode tag's content for usage as a XML attribute.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLTag
-
Encode tag's content for usage in XML.
- encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXPathTag
-
Encode tag's content for usage in XPath.
- ENCODE - Static variable in class org.owasp.esapi.codecs.Base64
-
Specify encoding.
- encodeBytes(byte[]) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeBytes(byte[], int) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeBytes(byte[], int, int) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeBytes(byte[], int, int, int) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes a byte array into Base64 notation.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.Codec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.CSSCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.DB2Codec
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.JavaScriptCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.MySQLCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.OracleCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.PercentCodec
-
Encode a character for URLs
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.UnixCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.VBScriptCodec
-
Returns quote-encoded character
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.WindowsCodec
-
Default implementation that should be overridden in specific codecs.
- encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.XMLEntityCodec
-
Default implementation that should be overridden in specific codecs.
- encodeFileToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64
-
Reads infile and encodes it to outfile.
- encodeForBase64(byte[], boolean) - Method in interface org.owasp.esapi.Encoder
-
Encode for Base64.
- encodeForBase64(byte[], boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode for Base64.
- encodeForBase64(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string.
- encodeForBase64Charset(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string after converting to bytes using the specified character set.
- encodeForBase64CharsetWrap(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string after converting to bytes using the specified character set and wrapping lines.
- EncodeForBase64Tag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body using Base64.
- EncodeForBase64Tag() - Constructor for class org.owasp.esapi.tags.EncodeForBase64Tag
- encodeForBase64Wrap(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Base64 encode a string with line wrapping.
- encodeForCSS(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in Cascading Style Sheets (CSS) content.
- encodeForCSS(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in Cascading Style Sheets (CSS) content.
- encodeForCSS(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in CSS.
- EncodeForCSSTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in CSS.
- EncodeForCSSTag() - Constructor for class org.owasp.esapi.tags.EncodeForCSSTag
- encodeForDN(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an LDAP distinguished name.
- encodeForDN(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an LDAP distinguished name.
- encodeForHTML(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in HTML using HTML entity encoding
- encodeForHTML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in HTML using HTML entity encoding
- encodeForHTML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in HTML.
- encodeForHTMLAttribute(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in HTML attributes.
- encodeForHTMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in HTML attributes.
- encodeForHTMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in a HTML attribute.
- EncodeForHTMLAttributeTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in a HTML attribute.
- EncodeForHTMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLAttributeTag
- EncodeForHTMLTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in HTML.
- EncodeForHTMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLTag
- encodeForJavaScript(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for insertion inside a data value or function argument in JavaScript.
- encodeForJavaScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for insertion inside a data value or function argument in JavaScript.
- encodeForJavaScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in JavaScript.
- EncodeForJavaScriptTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in JavaScript.
- EncodeForJavaScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForJavaScriptTag
- encodeForLDAP(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in LDAP queries.
- encodeForLDAP(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in LDAP queries.
- encodeForOS(Codec, String) - Method in interface org.owasp.esapi.Encoder
-
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
- encodeForOS(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
- encodeForSQL(Codec, String) - Method in interface org.owasp.esapi.Encoder
-
Encode input for use in a SQL query, according to the selected codec (appropriate codecs include the MySQLCodec and OracleCodec).
- encodeForSQL(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode input for use in a SQL query, according to the selected codec (appropriate codecs include the MySQLCodec and OracleCodec).
- encodeForURL(String) - Method in interface org.owasp.esapi.Encoder
-
Encode for use in a URL.
- encodeForURL(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode for use in a URL.
- encodeForURL(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in a URL.
- EncodeForURLTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in a URL.
- EncodeForURLTag() - Constructor for class org.owasp.esapi.tags.EncodeForURLTag
- encodeForVBScript(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for insertion inside a data value in a Visual Basic script.
- encodeForVBScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for insertion inside a data value in a Visual Basic script.
- encodeForVBScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in VBScript.
- EncodeForVBScriptTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in VBScript.
- EncodeForVBScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForVBScriptTag
- encodeForXML(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an XML element.
- encodeForXML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an XML element.
- encodeForXML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in XML.
- encodeForXMLAttribute(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an XML attribute.
- encodeForXMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an XML attribute.
- encodeForXMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in a XML attribute.
- EncodeForXMLAttributeTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in a XML attribute.
- EncodeForXMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLAttributeTag
- EncodeForXMLTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in XML.
- EncodeForXMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLTag
- encodeForXPath(String) - Method in interface org.owasp.esapi.Encoder
-
Encode data for use in an XPath query.
- encodeForXPath(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
-
Encode data for use in an XPath query.
- encodeForXPath(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
-
Encode string for use in XPath.
- EncodeForXPathTag - Class in org.owasp.esapi.tags
-
JSP tag that encode's it's body for use in XPath.
- EncodeForXPathTag() - Constructor for class org.owasp.esapi.tags.EncodeForXPathTag
- encodeFromFile(String) - Static method in class org.owasp.esapi.codecs.Base64
-
Convenience method for reading a binary file and base64-encoding it.
- encodeObject(Serializable) - Static method in class org.owasp.esapi.codecs.Base64
-
Serializes an object and returns the Base64-encoded version of that serialized object.
- encodeObject(Serializable, int) - Static method in class org.owasp.esapi.codecs.Base64
-
Serializes an object and returns the Base64-encoded version of that serialized object.
- encoder - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
- encoder() - Static method in class org.owasp.esapi.ESAPI
- Encoder - Interface in org.owasp.esapi
-
The Encoder interface contains a number of methods for decoding input and encoding output so that it will be safe for a variety of interpreters.
- ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- EncoderConstants - Class in org.owasp.esapi
-
Common character classes used for input validation, output encoding, verifying password strength CSRF token generation, generating salts, etc
- encodeRedirectUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Deprecated.in servlet spec 2.1. Use
SecurityWrapperResponse.encodeRedirectUrl(String)
instead. - encodeRedirectURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected.
- encodeToFile(byte[], String) - Static method in class org.owasp.esapi.codecs.Base64
-
Convenience method for encoding data to a file.
- encodeUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Deprecated.in servlet spec 2.1. Use
SecurityWrapperResponse.encodeURL(String)
instead. - encodeURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected.
- EncodingException - Exception in org.owasp.esapi.errors
-
An EncodingException should be thrown for any problems that occur when encoding or decoding data.
- EncodingException() - Constructor for exception org.owasp.esapi.errors.EncodingException
-
Instantiates a new service exception.
- EncodingException(String, String) - Constructor for exception org.owasp.esapi.errors.EncodingException
-
Creates a new instance of EncodingException.
- EncodingException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncodingException
-
Instantiates a new EncodingException.
- encrypt(SecretKey, PlainText) - Method in interface org.owasp.esapi.Encryptor
-
Encrypts the provided plaintext bytes using the cipher transformation specified by the property
Encryptor.CipherTransformation
as defined in theESAPI.properties
file and the specified secret key. - encrypt(SecretKey, PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Encrypts the provided plaintext bytes using the cipher transformation specified by the property
Encryptor.CipherTransformation
as defined in theESAPI.properties
file and the specified secret key. - encrypt(PlainText) - Method in interface org.owasp.esapi.Encryptor
-
Encrypts the provided plaintext bytes using the cipher transformation specified by the property
Encryptor.CipherTransformation
and the master encryption key as specified by the propertyEncryptor.MasterKey
as defined in theESAPI.properties
file. - encrypt(PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Encrypts the provided plaintext bytes using the cipher transformation specified by the property
Encryptor.CipherTransformation
and the master encryption key as specified by the propertyEncryptor.MasterKey
as defined in theESAPI.properties
file. - EncryptedProperties - Interface in org.owasp.esapi
-
The
EncryptedProperties
interface represents a properties file where all the data is encrypted before it is added, and decrypted when it retrieved. - EncryptedPropertiesUtils - Class in org.owasp.esapi.reference.crypto
-
Command line utilities for reading, writing and creating encrypted properties files.
- EncryptedPropertiesUtils() - Constructor for class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
- encryptHiddenField(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Encrypts a hidden field value for use in HTML.
- encryptHiddenField(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Encrypts a hidden field value for use in HTML.
- ENCRYPTION_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- EncryptionException - Exception in org.owasp.esapi.errors
-
An EncryptionException should be thrown for any problems related to encryption, hashing, or digital signatures.
- EncryptionException() - Constructor for exception org.owasp.esapi.errors.EncryptionException
-
Instantiates a new EncryptionException.
- EncryptionException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionException
-
Creates a new instance of EncryptionException.
- EncryptionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionException
-
Instantiates a new EncryptionException.
- EncryptionRuntimeException - Exception in org.owasp.esapi.errors
-
An EncryptionRuntimeException should be thrown for any problems related to encryption, hashing, or digital signatures.
- EncryptionRuntimeException() - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
-
Instantiates a new EncryptionException.
- EncryptionRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
-
Creates a new instance of EncryptionException.
- EncryptionRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
-
Instantiates a new EncryptionException.
- encryptor() - Static method in class org.owasp.esapi.ESAPI
- Encryptor - Interface in org.owasp.esapi
-
The Encryptor interface provides a set of methods for performing common encryption, random number, and hashing operations.
- encryptQueryString(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
- encryptQueryString(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
- encryptStateInCookie(Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls encryptStateInCookie with the *current* response.
- encryptStateInCookie(Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls encryptStateInCookie with the *current* response.
- encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities
-
Stores a Map of data in an encrypted cookie.
- encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Stores a Map of data in an encrypted cookie.
- EnforceHTTPSRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <enforce-https> rules.
- EnforceHTTPSRule(String, Pattern, List<Object>, String) - Constructor for class org.owasp.esapi.waf.rules.EnforceHTTPSRule
- EnterpriseSecurityException - Exception in org.owasp.esapi.errors
-
EnterpriseSecurityException is the base class for all security related exceptions.
- EnterpriseSecurityException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Instantiates a new security exception.
- EnterpriseSecurityException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Creates a new instance of EnterpriseSecurityException.
- EnterpriseSecurityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
- EnterpriseSecurityRuntimeException - Exception in org.owasp.esapi.errors
-
EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions.
- EnterpriseSecurityRuntimeException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Instantiates a new security exception.
- EnterpriseSecurityRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Creates a new instance of EnterpriseSecurityException.
- EnterpriseSecurityRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
- entrySet() - Method in class org.owasp.esapi.codecs.HashTrie
- entrySet() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- entrySet() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
- entrySet() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to throw an
UnsupportedOperationException
- equals(Object) - Method in class org.owasp.esapi.codecs.HashTrie
- equals(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- equals(Object) - Method in class org.owasp.esapi.crypto.CipherSpec
- equals(Object) - Method in class org.owasp.esapi.crypto.CipherText
- equals(Object) - Method in class org.owasp.esapi.crypto.PlainText
- equals(Object, Object) - Static method in class org.owasp.esapi.util.NullSafe
-
Object.equals(Object)
that safely handles nulls. - error(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
- error(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
- error(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log an error level security event if 'error' level logging is enabled.
- error(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log an error level security event if 'error' level logging is enabled.
- error(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log an error level security event if 'error' level logging is enabled and also record the stack trace associated with the event.
- error(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log an error level security event if 'error' level logging is enabled and also record the stack trace associated with the event.
- ERROR - Static variable in interface org.owasp.esapi.Logger
-
ERROR indicates that ERROR messages and above should be logged.
- ERROR_LEVEL - Static variable in class org.owasp.esapi.reference.JavaLogFactory.JavaLoggerLevel
-
Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly by java.util.Logger already.
- errors() - Method in class org.owasp.esapi.ValidationErrorList
-
Returns list of ValidationException, or empty list of no errors exist.
- ESAPI - Class in org.owasp.esapi
-
ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
- ESAPI_STATE - Static variable in interface org.owasp.esapi.HTTPUtilities
- ESAPIFilter - Class in org.owasp.esapi.filters
- ESAPIFilter() - Constructor for class org.owasp.esapi.filters.ESAPIFilter
- ESAPIWebApplicationFirewallFilter - Class in org.owasp.esapi.waf
-
This is the main class for the ESAPI Web Application Firewall (WAF).
- ESAPIWebApplicationFirewallFilter() - Constructor for class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
- EVENT_FAILURE - Static variable in interface org.owasp.esapi.Logger
-
A non-security type of log event that has failed.
- EVENT_SUCCESS - Static variable in interface org.owasp.esapi.Logger
-
A non-security type of log event that has succeeded.
- EVENT_UNSPECIFIED - Static variable in interface org.owasp.esapi.Logger
-
A non-security type of log event that is unspecified.
- EventType(String, Boolean) - Constructor for class org.owasp.esapi.Logger.EventType
- ExecuteResult - Class in org.owasp.esapi
-
The ExecuteResult class encapsulates the pieces of data that can be returned from a process executed by the Executor interface.
- ExecuteResult(int, String, String) - Constructor for class org.owasp.esapi.ExecuteResult
-
Constructs an ExecuteResult from the given values.
- executeSystemCommand(File, List) - Method in interface org.owasp.esapi.Executor
-
Invokes the specified executable with default workdir and codec and not logging parameters.
- executeSystemCommand(File, List) - Method in class org.owasp.esapi.reference.DefaultExecutor
-
Invokes the specified executable with default workdir and codec and not logging parameters.
- executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in interface org.owasp.esapi.Executor
-
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
- executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultExecutor
-
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
- executor() - Static method in class org.owasp.esapi.ESAPI
- Executor - Interface in org.owasp.esapi
-
The Executor interface is used to run an OS command with reduced security risk.
- EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- ExecutorException - Exception in org.owasp.esapi.errors
-
An ExecutorException should be thrown for any problems that arise during the execution of a system executable.
- ExecutorException() - Constructor for exception org.owasp.esapi.errors.ExecutorException
-
Instantiates a new ExecutorException.
- ExecutorException(String, String) - Constructor for exception org.owasp.esapi.errors.ExecutorException
-
Creates a new instance of ExecutorException.
- ExecutorException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ExecutorException
-
Instantiates a new ExecutorException.
- exists(String) - Method in interface org.owasp.esapi.Authenticator
-
Determine if the account exists.
- exists(String) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Determine if the account exists.
- ExperimentalAccessController - Class in org.owasp.esapi.reference.accesscontrol
- ExperimentalAccessController() - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
- ExperimentalAccessController(Map) - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
F
- failed - Variable in class org.owasp.esapi.waf.actions.Action
- failedRule() - Method in class org.owasp.esapi.waf.actions.Action
- failedRule() - Method in class org.owasp.esapi.waf.actions.BlockAction
- failedRule() - Method in class org.owasp.esapi.waf.actions.DefaultAction
- failedRule() - Method in class org.owasp.esapi.waf.actions.DoNothingAction
- fatal(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
- fatal(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
- fatal(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log a fatal event if 'fatal' level logging is enabled.
- fatal(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a fatal event if 'fatal' level logging is enabled.
- fatal(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log a fatal level security event if 'fatal' level logging is enabled and also record the stack trace associated with the event.
- fatal(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a fatal level security event if 'fatal' level logging is enabled and also record the stack trace associated with the event.
- FATAL - Static variable in interface org.owasp.esapi.Logger
-
FATAL indicates that only FATAL messages should be logged.
- FileBasedACRs - Class in org.owasp.esapi.reference.accesscontrol
-
This class exists for backwards compatibility with the AccessController 1.0 reference implementation.
- FileBasedACRs() - Constructor for class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
- FileBasedAuthenticator - Class in org.owasp.esapi.reference
-
Reference implementation of the Authenticator interface.
- FIXED_IV - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- flush() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- flush() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- flush() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- flushBase64() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
-
Method added by PHIL.
- flushBuffer() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- FORCE_HTTPONLYCOOKIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- FORCE_HTTPONLYSESSION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- FORCE_SECURECOOKIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- FORCE_SECURESESSION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- format(String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- format(Locale, String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- fromHex(String) - Static method in class org.owasp.esapi.codecs.Hex
-
Decode hexadecimal-encoded string and return raw byte array.
- fromInt(int) - Static method in class org.owasp.esapi.util.ByteConversionUtil
-
Returns a byte array containing 4 network byte-ordered bytes representing the given
int
. - fromLong(long) - Static method in class org.owasp.esapi.util.ByteConversionUtil
-
Returns a byte array containing 8 network byte-ordered bytes representing the given
long
. - fromPortableSerializedBytes(byte[]) - Static method in class org.owasp.esapi.crypto.CipherText
-
Create a
CipherText
object from what is supposed to be a portable serialized byte array, given in network byte order, that represents a valid, previously serializedCipherText
object usingCipherText.asPortableSerializedByteArray()
. - fromShort(short) - Static method in class org.owasp.esapi.util.ByteConversionUtil
-
Returns a byte array containing 2 network byte ordered bytes representing the given
short
.
G
- GeneralAttackSignatureRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <general-attack-signature> rules, which are not currently implemented.
- GeneralAttackSignatureRule(String, Pattern) - Constructor for class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule
- generateSecretKey(String, int) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Generate a random secret key appropriate to the specified cipher algorithm and key size.
- generateStrongPassword() - Method in interface org.owasp.esapi.Authenticator
-
Generate a strong password.
- generateStrongPassword() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Generate a strong password.
- generateStrongPassword(User, String) - Method in interface org.owasp.esapi.Authenticator
-
Generate strong password that takes into account the user's information and old password.
- generateStrongPassword(User, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Generate strong password that takes into account the user's information and old password.
- get(Object) - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the value for a key.
- get(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- get(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- get(String) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
-
Follows the contract for java.util.Map;
- getAccessControlImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Access Control implementation.
- getAccessControlImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Access Control implementation.
- getAccessControlRules() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
- getAccountId() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets this user's account id number.
- getAccountId() - Method in interface org.owasp.esapi.User
-
Gets this user's account id number.
- getAccountName() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets this user's account name.
- getAccountName() - Method in interface org.owasp.esapi.User
-
Gets this user's account name.
- getAdditionalAllowedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Return
List
of strings of additional cipher modes that are permitted (i.e., in addition to those returned by#getPreferredCipherModes()
) to be used for encryption and decryption operations. - getAdditionalAllowedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Return
List
of strings of additional cipher modes that are permitted (i.e., in addition to those returned by#getPreferredCipherModes()
) to be used for encryption and decryption operations. - getAfterBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- getAlgName() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
- getAllowableContentRoot() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
- getAllowedExecutables() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the allowed executables to run with the Executor.
- getAllowedExecutables() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the allowed executables to run with the Executor.
- getAllowedFileExtensions() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the allowed file extensions for files that are uploaded to this application.
- getAllowedFileExtensions() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the allowed file extensions for files that are uploaded to this application.
- getAllowedFileUploadSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the maximum allowed file upload size.
- getAllowedFileUploadSize() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the maximum allowed file upload size.
- getAllowedLoginAttempts() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the number of login attempts allowed before the user's account is locked.
- getAllowedLoginAttempts() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the number of login attempts allowed before the user's account is locked.
- getAllowMixedEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Return true if mixed encoding is allowed
- getAllowMixedEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Return true if mixed encoding is allowed
- getAllowMultipleEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Return true if multiple encoding is allowed
- getAllowMultipleEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Return true if multiple encoding is allowed
- getApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the application name, used for logging
- getApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the application name, used for logging
- getAttribute(String) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Retrieve the attribute with the specified name.
- getAttribute(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getAttributeNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getAttributes() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Retrieve a
Map
that is a clone of all the attributes. - getAuthenticationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Authentication implementation.
- getAuthenticationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Authentication implementation.
- getAuthType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getBase64EncodedRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText
-
Return a base64-encoded representation of the raw ciphertext alone.
- getBeforeBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- getBeforeResponseRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- getBigDecimal(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getBigInteger(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getBits() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
- getBlockSize() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the block size, in bytes.
- getBlockSize() - Method in class org.owasp.esapi.crypto.CipherText
-
Retrieve the block size (in bytes!) of the cipher used for encryption.
- getBoolean(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getBufferSize() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getByte(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getChar(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getCharacterEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the character encoding scheme supported by this application.
- getCharacterEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the character encoding scheme supported by this application.
- getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the cipher algorithm.
- getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherText
-
Obtain the name of the cipher algorithm used for encrypting the plaintext.
- getCipherMode() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the cipher mode.
- getCipherMode() - Method in class org.owasp.esapi.crypto.CipherText
-
Get the name of the cipher mode used to encrypt some plaintext.
- getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Get the cipher transformation.
- getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherText
-
Obtain the String representing the cipher transformation used to encrypt the plaintext.
- getCipherTransformation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieve the cipher transformation.
- getCipherTransformation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Retrieve the cipher transformation.
- getClass(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
-
Convert a single fully qualified class name into a Class object
- getCombinedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Return a
List
of strings of combined cipher modes that support both confidentiality and authenticity. - getCombinedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Return a
List
of strings of combined cipher modes that support both confidentiality and authenticity. - getConfiguration() - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
- getContentLength() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getContentType() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- getContext() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Return the optional 'context' that typically contains information related to the keying material, such as the identities of the message sender and recipient.
- getContext() - Method in exception org.owasp.esapi.errors.ValidationException
-
Returns the UI reference that caused this ValidationException
- getContextPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the context path from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getCookie(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getCookie with the *current* response.
- getCookie(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getCookie with the *current* response.
- getCookie(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized value of the named cookie after "global" validation against the general type defined in ESAPI.properties.
- getCookie(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized value of the named cookie after "global" validation against the general type defined in ESAPI.properties.
- getCookieRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- getCookies() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the array of Cookies from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getCSRFToken() - Method in interface org.owasp.esapi.HTTPUtilities
-
Returns the current user's CSRF token.
- getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Returns the current user's CSRF token.
- getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the CSRF token for this user's current sessions.
- getCSRFToken() - Method in interface org.owasp.esapi.User
-
Gets the CSRF token for this user's current sessions.
- getCurrentRequest() - Method in interface org.owasp.esapi.HTTPUtilities
-
Retrieves the current HttpServletRequest
- getCurrentRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Retrieves the current HttpServletRequest
- getCurrentResponse() - Method in interface org.owasp.esapi.HTTPUtilities
-
Retrieves the current HttpServletResponse
- getCurrentResponse() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Retrieves the current HttpServletResponse
- getCurrentUser() - Method in interface org.owasp.esapi.Authenticator
-
Returns the currently logged in User.
- getCurrentUser() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Returns the currently logged in User.
- getDate(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getDateHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getDefaultCanonicalizationCodecs() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the List of Codecs to use when canonicalizing data
- getDefaultCanonicalizationCodecs() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the List of Codecs to use when canonicalizing data
- getDefaultErrorPage() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- getDefaultResponseCode() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- getDictionaryParameter(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
- getDictionaryParameterNames() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
- getDigitalSignatureAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
- getDigitalSignatureAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
- getDigitalSignatureKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the digital signature key length used by ESAPI to generate and verify signatures.
- getDigitalSignatureKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the digital signature key length used by ESAPI to generate and verify signatures.
- getDirectReference(K) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Get the original direct object reference from an indirect reference.
- getDirectReference(K) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Get the original direct object reference from an indirect reference.
- getDisableIntrusionDetection() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Allows for complete disabling of all intrusion detection mechanisms
- getDisableIntrusionDetection() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Allows for complete disabling of all intrusion detection mechanisms
- getDouble(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getEncodedIVCipherText() - Method in class org.owasp.esapi.crypto.CipherText
-
Return the ciphertext as a base64-encoded
String
. - getEncoder() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- getEncoderImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Encoder implementation.
- getEncoderImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Encoder implementation.
- getEncoding() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Get the encoding used to convert the content to bytes for encoding.
- getEncryptionAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the encryption algorithm used by ESAPI to protect data.
- getEncryptionAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the encryption algorithm used by ESAPI to protect data.
- getEncryptionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Encryption implementation.
- getEncryptionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Encryption implementation.
- getEncryptionKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getEncryptionKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
- getEncryptionTimestamp() - Method in class org.owasp.esapi.crypto.CipherText
-
Get stored time stamp representing when data was encrypted.
- getError(String) - Method in class org.owasp.esapi.ValidationErrorList
-
Retrieves ValidationException for given context if one exists.
- getErrors() - Method in class org.owasp.esapi.ExecuteResult
- getESAPILevel() - Method in interface org.owasp.esapi.Logger
-
Retrieve the current ESAPI logging level for this logger.
- getESAPILevel() - Method in class org.owasp.esapi.reference.Log4JLogger
-
Retrieve the current ESAPI logging level for this logger.
- getESAPIProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getESAPIProperty(String, boolean) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getESAPIProperty(String, int) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getESAPIProperty(String, String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getESAPIProperty(String, List<String>) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns a
List
representing the parsed, comma-separated property. - getESAPIPropertyEncoded(String, byte[]) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getEventMap() - Method in class org.owasp.esapi.reference.DefaultUser
- getEventMap() - Method in interface org.owasp.esapi.User
-
Returns the hashmap used to store security events for this user.
- getExecutorImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI OS Execution implementation.
- getExecutorImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI OS Execution implementation.
- getExitValue() - Method in class org.owasp.esapi.ExecuteResult
- getExpiration() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the expiration time in milliseconds since epoch time (midnight, January 1, 1970 UTC).
- getExpirationDate() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the expiration time as a
Date
. - getExpirationTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the date that this user's account will expire.
- getExpirationTime() - Method in interface org.owasp.esapi.User
-
Returns the date that this user's account will expire.
- getFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the number of failed login attempts since the last successful login for an account.
- getFailedLoginCount() - Method in interface org.owasp.esapi.User
-
Returns the number of failed login attempts since the last successful login for an account.
- getFileUploads() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
- getFileUploads() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest, File) - Method in interface org.owasp.esapi.HTTPUtilities
-
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest, File) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
- getFileUploads(HttpServletRequest, File, List) - Method in interface org.owasp.esapi.HTTPUtilities
-
Extract uploaded files from a multipart HTTP requests.
- getFileUploads(HttpServletRequest, File, List) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Extract uploaded files from a multipart HTTP requests.
- getFixedIV() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
If a "fixed" (i.e., static) Initialization Vector (IV) is to be used, this will return the IV value as a hex-encoded string.
- getFixedIV() - Method in interface org.owasp.esapi.SecurityConfiguration
-
If a "fixed" (i.e., static) Initialization Vector (IV) is to be used, this will return the IV value as a hex-encoded string.
- getFloat(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getForceHttpOnlyCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Forces new cookies to have HttpOnly flag set.
- getForceHttpOnlyCookies() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Forces new cookies to have HttpOnly flag set.
- getForceHttpOnlySession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Forces new cookies to have HttpOnly flag set.
- getForceHttpOnlySession() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Forces new cookies to have HttpOnly flag set.
- getForceSecureCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Forces new cookies to have Secure flag set.
- getForceSecureCookies() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Forces new cookies to have Secure flag set.
- getForceSecureSession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Forces session cookies to have Secure flag set.
- getForceSecureSession() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Forces session cookies to have Secure flag set.
- getHashAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the hashing algorithm used by ESAPI to hash data.
- getHashAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the hashing algorithm used by ESAPI to hash data.
- getHashIterations() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the hash iterations used by ESAPI to hash data.
- getHashIterations() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the hash iterations used by ESAPI to hash data.
- getHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named header from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getHeader(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getHeader with the *current* request.
- getHeader(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getHeader with the *current* request.
- getHeader(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized value of the named header after "global" validation against the general type defined in ESAPI.properties.
- getHeader(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized value of the named header after "global" validation against the general type defined in ESAPI.properties.
- getHeaderNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the enumeration of header names from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getHeaders(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the enumeration of headers from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getHexForNonAlphanumeric(char) - Static method in class org.owasp.esapi.codecs.Codec
-
Lookup the hex value of any character that is not alphanumeric.
- getHttpSessionIdName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.
- getHttpSessionIdName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.
- getHTTPUtilitiesImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
- getHTTPUtilitiesImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
- getIndirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Get a safe indirect reference to use in place of a potentially sensitive direct object reference.
- getIndirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Get a safe indirect reference to use in place of a potentially sensitive direct object reference.
- getInputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getInputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
- getInstance() - Static method in class org.owasp.esapi.reference.crypto.JavaEncryptor
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultAccessController
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultEncoder
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultExecutor
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultHTTPUtilities
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultRandomizer
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getInstance() - Static method in class org.owasp.esapi.reference.DefaultValidator
- getInstance() - Static method in class org.owasp.esapi.reference.FileBasedAuthenticator
- getInstance() - Static method in class org.owasp.esapi.reference.JavaLogFactory
- getInstance() - Static method in class org.owasp.esapi.reference.Log4JLogFactory
- getInstance(Class) - Static method in class org.owasp.esapi.reference.Log4JLogger
-
This method overrides
Category.getInstance(java.lang.String)
by supplying its own factory type as a parameter. - getInstance(String) - Static method in class org.owasp.esapi.reference.Log4JLogger
-
This method overrides
Category.getInstance(java.lang.String)
by supplying its own factory type as a parameter. - getInt(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getInterceptingServletOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- getIntHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getIntrusionDetectionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
- getIntrusionDetectionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
- getIV() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the initialization vector (IV).
- getIV() - Method in class org.owasp.esapi.crypto.CipherText
-
Return the initialization vector (IV) used to encrypt the plaintext if applicable.
- getIVType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Get a string indicating how to compute an Initialization Vector (IV).
- getIVType() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Get a string indicating how to compute an Initialization Vector (IV).
- getKDF_PRF() - Method in class org.owasp.esapi.crypto.CipherText
- getKDFInfo() - Method in class org.owasp.esapi.crypto.CipherText
-
Based on the KDF version and the selected MAC algorithm for the KDF PRF, calculate the 32-bit quantity representing these.
- getKDFPseudoRandomFunction() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).
- getKDFPseudoRandomFunction() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).
- getKDFVersion() - Method in class org.owasp.esapi.crypto.CipherText
- getKeySize() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the key size, in bits.
- getKeySize() - Method in class org.owasp.esapi.crypto.CipherText
-
Retrieve the key size used with the cipher algorithm that was used to encrypt data to produce this ciphertext.
- getLastFailedLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the date of the last failed login time for a user.
- getLastFailedLoginTime() - Method in interface org.owasp.esapi.User
-
Returns the date of the last failed login time for a user.
- getLastHostAddress() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the last host address used by the user.
- getLastHostAddress() - Method in interface org.owasp.esapi.User
-
Returns the last host address used by the user.
- getLastLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the date of the last successful login time for a user.
- getLastLoginTime() - Method in interface org.owasp.esapi.User
-
Returns the date of the last successful login time for a user.
- getLastPasswordChangeTime() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the date of user's last password change.
- getLastPasswordChangeTime() - Method in interface org.owasp.esapi.User
-
Gets the date of user's last password change.
- getLenientDatesAccepted() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Determines whether ESAPI will accept "lenient" dates when attempt to parse dates.
- getLenientDatesAccepted() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Determines whether ESAPI will accept "lenient" dates when attempt to parse dates.
- getLevenshteinDistance(String, String) - Static method in class org.owasp.esapi.StringUtilities
-
Calculate the Edit Distance between 2 Strings as a measure of similarity.
- getLocalAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getLocale() - Method in class org.owasp.esapi.reference.DefaultUser
- getLocale() - Method in interface org.owasp.esapi.User
- getLocales() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocalName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLocalPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getLogApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns whether ESAPI should log the application name.
- getLogApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns whether ESAPI should log the application name.
- getLogDirectory() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
Deprecated.
- getLogEncodingRequired() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns whether HTML entity encoding should be applied to log entries.
- getLogEncodingRequired() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns whether HTML entity encoding should be applied to log entries.
- getLogFileName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Get the name of the log file specified in the ESAPI configuration properties file.
- getLogFileName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Get the name of the log file specified in the ESAPI configuration properties file.
- getLogger(Class) - Static method in class org.owasp.esapi.ESAPI
- getLogger(Class) - Method in interface org.owasp.esapi.LogFactory
-
Gets the logger associated with the specified class.
- getLogger(Class) - Method in class org.owasp.esapi.reference.JavaLogFactory
-
Gets the logger associated with the specified class.
- getLogger(Class) - Method in class org.owasp.esapi.reference.Log4JLogFactory
-
Gets the logger associated with the specified class.
- getLogger(Class) - Static method in class org.owasp.esapi.reference.Log4JLogger
-
This method overrides
Logger.getLogger(java.lang.String)
by supplying its own factory type as a parameter. - getLogger(String) - Static method in class org.owasp.esapi.ESAPI
- getLogger(String) - Method in interface org.owasp.esapi.LogFactory
-
Gets the logger associated with the specified module name.
- getLogger(String) - Method in class org.owasp.esapi.reference.JavaLogFactory
-
Gets the logger associated with the specified module name.
- getLogger(String) - Method in class org.owasp.esapi.reference.Log4JLogFactory
-
Gets the logger associated with the specified module name.
- getLogger(String) - Static method in class org.owasp.esapi.reference.Log4JLogger
-
This method overrides
Logger.getLogger(java.lang.String)
by supplying its own factory type as a parameter. - getLogImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Logging implementation.
- getLogImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Logging implementation.
- getLogLevel() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the current log level.
- getLogLevel() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the current log level.
- getLogLevel() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
Deprecated.
- getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
- getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
- getLogMessage() - Method in exception org.owasp.esapi.errors.IntrusionException
-
Returns a String that is safe to display in logs, but probably not to users
- getLogServerIP() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns whether ESAPI should log the server IP.
- getLogServerIP() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns whether ESAPI should log the server IP.
- getLong(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the key value entry who's key is the longest prefix match.
- getLongestMatch(PushbackReader) - Method in interface org.owasp.esapi.codecs.Trie
- getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the key value entry who's key is the longest prefix match.
- getLongestMatch(CharSequence) - Method in interface org.owasp.esapi.codecs.Trie
- getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- getMasterKey() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the master key.
- getMasterKey() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the master key.
- getMasterSalt() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.
- getMasterSalt() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.
- getMaxCardLength() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
- getMaxHttpHeaderSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the maximum allowable HTTP header size.
- getMaxHttpHeaderSize() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the maximum allowable HTTP header size.
- getMaxKeyLength() - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the maximum key length.
- getMaxKeyLength() - Method in interface org.owasp.esapi.codecs.Trie
- getMaxKeyLength() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- getMaxLogFileSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Get the maximum size of a single log file from the ESAPI configuration properties file.
- getMaxLogFileSize() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Get the maximum size of a single log file from the ESAPI configuration properties file.
- getMaxOldPasswordHashes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the maximum number of old password hashes that should be retained.
- getMaxOldPasswordHashes() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the maximum number of old password hashes that should be retained.
- getMessage(String, Object[]) - Method in class org.owasp.esapi.util.DefaultMessageUtil
- getMethod() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getName() - Method in class org.owasp.esapi.reference.DefaultUser
- getName() - Method in class org.owasp.esapi.waf.internal.Parameter
- getObject(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getOutput() - Method in class org.owasp.esapi.ExecuteResult
- getOutputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Retrieve the cipher padding scheme.
- getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherText
-
Get the name of the padding scheme used to encrypt some plaintext.
- getParameter(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getParameter(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls getParameter with the *current* request.
- getParameter(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls getParameter with the *current* request.
- getParameter(String, boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getParameter(String, boolean, int) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getParameter(String, boolean, int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getParameter(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized value of the named parameter after "global" validation against the general type defined in ESAPI.properties.
- getParameter(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized value of the named parameter after "global" validation against the general type defined in ESAPI.properties.
- getParameterMap() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the parameter map from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getParameterNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the enumeration of parameter names from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getParameters(String[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
-
Convert an array of fully qualified class names into an array of Class objects
- getParameters(XMLConfiguration, int) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoader
- getParameters(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader
- getParameterValue(XMLConfiguration, int, int, String) - Static method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
- getParameterValues(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the array of matching parameter values from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getPasswordParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the name of the password parameter used during user authentication.
- getPasswordParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the name of the password parameter used during user authentication.
- getPathInfo() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the path info from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getPathTranslated() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getPolicyParameter(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
- getPolicyParameters() - Method in interface org.owasp.esapi.AccessControlRule
- getPolicyParameters() - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR
- getPreferredJCEProvider() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieve the preferred JCE provider for ESAPI and your application.
- getPreferredJCEProvider() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Retrieve the preferred JCE provider for ESAPI and your application.
- getPRFAlgName() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Return the name of the algorithm for the Pseudo Random Function (PRF) that is being used.
- getProperty(String) - Method in interface org.owasp.esapi.EncryptedProperties
-
Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
- getProperty(String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
- getProperty(String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
- getProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
- getProtocol() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getQueryString() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the query string from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getQuota(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the intrusion detection quota for the specified event.
- getQuota(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the intrusion detection quota for the specified event.
- getRandomAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the random number generation algorithm used to generate random numbers where needed.
- getRandomAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the random number generation algorithm used to generate random numbers where needed.
- getRandomBoolean() - Method in interface org.owasp.esapi.Randomizer
-
Returns a random boolean.
- getRandomBoolean() - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Returns a random boolean.
- getRandomBytes(int) - Method in interface org.owasp.esapi.Randomizer
-
Generates a specified number of random bytes.
- getRandomBytes(int) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Generates a specified number of random bytes.
- getRandomFilename(String) - Method in interface org.owasp.esapi.Randomizer
-
Returns an unguessable random filename with the specified extension.
- getRandomFilename(String) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Returns an unguessable random filename with the specified extension.
- getRandomGUID() - Method in interface org.owasp.esapi.Randomizer
-
Generates a random GUID.
- getRandomGUID() - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Generates a random GUID.
- getRandomInteger(int, int) - Method in interface org.owasp.esapi.Randomizer
-
Gets the random integer.
- getRandomInteger(int, int) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets the random integer.
- getRandomizerImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Randomizer implementation.
- getRandomizerImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Randomizer implementation.
- getRandomLong() - Method in interface org.owasp.esapi.Randomizer
-
Gets the random long.
- getRandomLong() - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets the random long.
- getRandomReal(float, float) - Method in interface org.owasp.esapi.Randomizer
-
Gets the random real.
- getRandomReal(float, float) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets the random real.
- getRandomString(int, char[]) - Method in interface org.owasp.esapi.Randomizer
-
Gets a random string of a desired length and character set.
- getRandomString(int, char[]) - Method in class org.owasp.esapi.reference.DefaultRandomizer
-
Gets a random string of a desired length and character set.
- getRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText
-
Get the raw ciphertext byte array resulting from encrypting some plaintext.
- getRawCipherTextByteLength() - Method in class org.owasp.esapi.crypto.CipherText
-
Get number of bytes in raw ciphertext.
- getReader() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getReader() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
- getRealPath(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Deprecated.in servlet spec 2.1. Use
ServletContext.getRealPath(String)
instead. - getRedirectURL() - Method in class org.owasp.esapi.waf.actions.RedirectAction
- getRelativeTimeStamp(long) - Method in interface org.owasp.esapi.Encryptor
-
Gets an absolute timestamp representing an offset from the current time to be used by other functions in the library.
- getRelativeTimeStamp(long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Gets an absolute timestamp representing an offset from the current time to be used by other functions in the library.
- getRememberTokenDuration() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the length of the time to live window for remember me tokens (in milliseconds).
- getRememberTokenDuration() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the length of the time to live window for remember me tokens (in milliseconds).
- getRemoteAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getRemoteHost() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getRemotePort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- getRemoteUser() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the name of the ESAPI user associated with this getHttpServletRequest().
- getRequestAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the
HttpServletRequest
associated with the caller thread. - getRequestAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the
HttpServletRequest
associated with the caller thread. - getRequestAttribute(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the
HttpServletRequest
associated with the passed in request. - getRequestAttribute(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the
HttpServletRequest
associated with the passed in request. - getRequestDispatcher(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Checks to make sure the path to forward to is within the WEB-INF directory and then returns the dispatcher.
- getRequestedSessionId() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the URI from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getRequestURI() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the URI from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getRequestURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the URL from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getResourceFile(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets a file from the resource directory
- getResourceFile(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets a file from the resource directory
- getResourceStream(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- getResourceStream(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets an InputStream to a file in the resource directory
- getResponseBytes() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- getResponseContentType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the content type for responses used when setSafeContentType() is called.
- getResponseContentType() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the content type for responses used when setSafeContentType() is called.
- getRoles() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the roles assigned to a particular account.
- getRoles() - Method in interface org.owasp.esapi.User
-
Gets the roles assigned to a particular account.
- getRule(String) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Get a validation rule from the registry with the "type name" of the rule as the key.
- getRule(String) - Method in interface org.owasp.esapi.Validator
- getSafe(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Try to call get valid, then call sanitize, finally return a default value
- getSafe(String, String) - Method in interface org.owasp.esapi.ValidationRule
-
Try to call get valid, then call sanitize, finally return a default value
- getScheme() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the scheme from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getScreenName() - Method in class org.owasp.esapi.reference.DefaultUser
-
Gets the screen name (alias) for the current user.
- getScreenName() - Method in interface org.owasp.esapi.User
-
Gets the screen name (alias) for the current user.
- getSeparateMAC() - Method in class org.owasp.esapi.crypto.CipherText
-
Return the separately calculated Message Authentication Code (MAC) that is computed via the
computeAndStoreMAC(SecretKey authKey)
method. - getSerialVersionUID() - Static method in class org.owasp.esapi.crypto.CipherText
-
Used in supporting
CipherText
serialization. - getServerName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the server name (host header) from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getServerPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the server port (after the : in the host header) from the HttpServletRequest after parsing and checking the range 0-65536.
- getServletPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the server path from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
- getSession() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns a session, creating it if necessary, and sets the HttpOnly flag on the Session ID cookie.
- getSession(boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns a session, creating it if necessary, and sets the HttpOnly flag on the Session ID cookie.
- getSessionAbsoluteTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the absolute timeout length for sessions (in milliseconds).
- getSessionAbsoluteTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the absolute timeout length for sessions (in milliseconds).
- getSessionAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the session associated with the calling thread.
- getSessionAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the session associated with the calling thread.
- getSessionAttribute(HttpSession, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Gets a typed attribute from the passed in session.
- getSessionAttribute(HttpSession, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Gets a typed attribute from the passed in session.
- getSessionCookieName() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- getSessionIdleTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the idle timeout length for sessions (in milliseconds).
- getSessionIdleTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the idle timeout length for sessions (in milliseconds).
- getSessions() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns the list of sessions associated with this User.
- getSessions() - Method in interface org.owasp.esapi.User
-
Returns the list of sessions associated with this User.
- getString(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getString(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- getStringArray(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- getStringValidatorRule() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
- getTime(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
Convenience method to avoid common casts.
- getTimeStamp() - Method in interface org.owasp.esapi.Encryptor
-
Gets a timestamp representing the current date and time to be used by other functions in the library.
- getTimeStamp() - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Gets a timestamp representing the current date and time to be used by other functions in the library.
- getToken() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the new encrypted token as a base64-encoded string, encrypted with the specified
SecretKey
with which this object was constructed. - getToken(SecretKey) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Return the new encrypted token as a base64-encoded string, encrypted with the specified
SecretKey
which may be a different key than what the token was originally encrypted with. - getTypeName() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Programmatically supplied name for the validator
- getTypeName() - Method in interface org.owasp.esapi.ValidationRule
-
Programmatically supplied name for the validator
- getUniqueReference() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
- getUniqueReference() - Method in class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc Note: this is final as redefinition by subclasses can lead to use before initialization issues as
#RandomAccessReferenceMap(Set)
and#RandomAccessReferenceMap(Set,int)
both call it internally. - getUniqueReference() - Method in class org.owasp.esapi.reference.RandomAccessReferenceMap
-
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
- getUploadDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieves the upload directory as specified in the ESAPI.properties file.
- getUploadDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Retrieves the upload directory as specified in the ESAPI.properties file.
- getUploadTempDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
- getUploadTempDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
- getUser(long) - Method in interface org.owasp.esapi.Authenticator
-
Returns the User matching the provided accountId.
- getUser(long) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Returns the User matching the provided accountId.
- getUser(String) - Method in interface org.owasp.esapi.Authenticator
-
Returns the User matching the provided accountName.
- getUser(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Returns the User matching the provided accountName.
- getUserAccountName() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Retrieve the user account name associated with this
CryptoToken
object. - getUserFromRememberToken() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Returns the user if a matching remember token is found, or null if the token is missing, token is corrupt, token is expired, account name does not match and existing account, or hashed password does not match user's hashed password.
- getUserFromSession() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Gets the user from session.
- getUserInfo() - Method in class org.owasp.esapi.reference.Log4JLogger
- getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException
-
Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
- getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
- getUserMessage() - Method in exception org.owasp.esapi.errors.IntrusionException
-
Returns a String containing a message that is safe to display to users
- getUsernameParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Gets the name of the username parameter used during user authentication.
- getUsernameParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Gets the name of the username parameter used during user authentication.
- getUserNames() - Method in interface org.owasp.esapi.Authenticator
-
Gets a collection containing all the existing user names.
- getUserNames() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Gets a collection containing all the existing user names.
- getUserPrincipal() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns the ESAPI User associated with this getHttpServletRequest().
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
-
Parse the input, throw exceptions if validation fails
- getValid(String, String, ValidationErrorList) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Get a validated value, add the errors to an existing error list
- getValid(String, String, ValidationErrorList) - Method in interface org.owasp.esapi.ValidationRule
-
Get a validated value, add the errors to an existing error list
- getValidationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Validation implementation.
- getValidationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the fully qualified classname of the ESAPI Validation implementation.
- getValidationPattern(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
getValidationPattern returns a single pattern based upon key
- getValidationPattern(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the validation pattern for a particular type
- getValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated credit card number as a String.
- getValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated credit card number as a String.
- getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions
- getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions
- getValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a valid date as a Date.
- getValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a valid date as a Date.
- getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidDate with the supplied errorList to capture ValidationExceptions
- getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidDate with the supplied errorList to capture ValidationExceptions
- getValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
- getValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
- getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions
- getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions
- getValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated real number as a double.
- getValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a validated real number as a double.
- getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidDouble with the supplied errorList to capture ValidationExceptions
- getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidDouble with the supplied errorList to capture ValidationExceptions
- getValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns validated file content as a byte array.
- getValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns validated file content as a byte array.
- getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileContent with the supplied errorList to capture ValidationExceptions
- getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileContent with the supplied errorList to capture ValidationExceptions
- getValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated file name as a String.
- getValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated file name as a String.
- getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileName with the supplied errorList to capture ValidationExceptions
- getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileName with the supplied errorList to capture ValidationExceptions
- getValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates data received from the browser and returns a safe version.
- getValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated input as a String.
- getValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates data received from the browser and returns a safe version.
- getValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns validated input as a String with optional canonicalization.
- getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates data received from the browser and returns a safe version.
- getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidInput with the supplied errorList to capture ValidationExceptions
- getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Validates data received from the browser and returns a safe version.
- getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidInput with the supplied errorList to capture ValidationExceptions
- getValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated integer.
- getValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a validated integer.
- getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidInteger with the supplied errorList to capture ValidationExceptions
- getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidInteger with the supplied errorList to capture ValidationExceptions
- getValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns the list item that exactly matches the canonicalized input.
- getValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator
-
Returns the list item that exactly matches the canonicalized input.
- getValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
ValidationErrorList variant of getValidListItem
- getValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidListItem with the supplied errorList to capture ValidationExceptions
- getValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a validated number as a double within the range of minValue to maxValue.
- getValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a validated number as a double within the range of minValue to maxValue.
- getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
- getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
- getValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated printable characters as a byte array.
- getValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated printable characters as a byte array.
- getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
ValidationErrorList variant of getValidPrintable
- getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
- getValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated printable characters as a String.
- getValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated printable characters as a String.
- getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
ValidationErrorList variant of getValidPrintable
- getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
- getValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns a canonicalized and validated redirect location as a String.
- getValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns a canonicalized and validated redirect location as a String.
- getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
ValidationErrorList variant of getValidRedirectLocation
- getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidRedirectLocation with the supplied errorList to capture ValidationExceptions
- getValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
- getValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
- getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
- getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
- getValue() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
- getValue() - Method in class org.owasp.esapi.waf.internal.Parameter
- getVersion() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Return the version used for backward compatibility.
- getWorkingDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
getWorkingDirectory returns the default directory where processes will be executed by the Executor.
- getWorkingDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Returns the default working directory for executing native processes with Runtime.exec().
- getWrap() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Get whether line wrapping at 64 characters is performed.
- getWrapped() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- getWriter() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- getWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- GZIP - Static variable in class org.owasp.esapi.codecs.Base64
-
Specify that data should be gzip-compressed.
H
- hash(String, String) - Method in interface org.owasp.esapi.Encryptor
-
Returns a string representation of the hash of the provided plaintext and salt.
- hash(String, String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Returns a string representation of the hash of the provided plaintext and salt.
- hash(String, String, int) - Method in interface org.owasp.esapi.Encryptor
-
Returns a string representation of the hash of the provided plaintext and salt.
- hash(String, String, int) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Returns a string representation of the hash of the provided plaintext and salt.
- HASH_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- HASH_ITERATIONS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- hashCode() - Method in class org.owasp.esapi.codecs.HashTrie
- hashCode() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- hashCode() - Method in class org.owasp.esapi.crypto.CipherSpec
- hashCode() - Method in class org.owasp.esapi.crypto.CipherText
- hashCode() - Method in class org.owasp.esapi.crypto.PlainText
-
Same as
this.toString().hashCode()
. - hashCode(Object) - Static method in class org.owasp.esapi.util.NullSafe
-
Object.hashCode()
of an object. - hashPassword(String, String) - Method in interface org.owasp.esapi.Authenticator
-
Returns a string representation of the hashed password, using the accountName as the salt.
- hashPassword(String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Returns a string representation of the hashed password, using the accountName as the salt.
- HashTrie<T> - Class in org.owasp.esapi.codecs
-
Trie implementation for CharSequence keys.
- HashTrie() - Constructor for class org.owasp.esapi.codecs.HashTrie
- hasNext() - Method in class org.owasp.esapi.codecs.PushbackString
- HEADER - Static variable in interface org.owasp.esapi.HTTPUtilities
- Hex - Class in org.owasp.esapi.codecs
-
Encode and decode to/from hexadecimal strings to byte arrays.
- Hex() - Constructor for class org.owasp.esapi.codecs.Hex
- HmacSHA1 - org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
- HmacSHA256 - org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
- HmacSHA384 - org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
- HmacSHA512 - org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
- HTMLEntityCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for HTML entity encoding.
- HTMLEntityCodec() - Constructor for class org.owasp.esapi.codecs.HTMLEntityCodec
- HTMLValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
- HTMLValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule
- HTMLValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule
- HTMLValidationRule(String, Encoder, String) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule
- HTTP_SESSION_ID_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- HTTPMethodRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <restrict-method> rules.
- HTTPMethodRule(String, Pattern, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.HTTPMethodRule
- httpUtilities() - Static method in class org.owasp.esapi.ESAPI
- HTTPUtilities - Interface in org.owasp.esapi
-
The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests, responses, sessions, cookies, headers, and logging.
I
- id - Variable in class org.owasp.esapi.waf.rules.Rule
- IDLE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- incrementFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser
-
Increment failed login count.
- incrementFailedLoginCount() - Method in interface org.owasp.esapi.User
-
Increment failed login count.
- index() - Method in class org.owasp.esapi.codecs.PushbackString
-
Get the current index of the PushbackString.
- info(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
- info(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
- info(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log an info level security event if 'info' level logging is enabled.
- info(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log an info level security event if 'info' level logging is enabled.
- info(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log an info level security event if 'info' level logging is enabled and also record the stack trace associated with the event.
- info(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log an info level security event if 'info' level logging is enabled and also record the stack trace associated with the event.
- INFO - Static variable in interface org.owasp.esapi.Logger
-
INFO indicates that INFO messages and above should be logged.
- init(FilterConfig) - Method in class org.owasp.esapi.filters.ClickjackFilter
-
Initialize "mode" parameter from web.xml.
- init(FilterConfig) - Method in class org.owasp.esapi.filters.ESAPIFilter
-
Called by the web container to indicate to a filter that it is being placed into service.
- init(FilterConfig) - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter
-
Called by the web container to indicate to a filter that it is being placed into service.
- init(FilterConfig) - Method in class org.owasp.esapi.filters.SecurityWrapper
- init(FilterConfig) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
-
This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected.
- initialize() - Method in class org.owasp.esapi.util.DefaultMessageUtil
- initialize(String) - Static method in class org.owasp.esapi.ESAPI
- InputStream(InputStream) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream
-
Constructs a
Base64.InputStream
in DECODE mode. - InputStream(InputStream, int) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream
-
Constructs a
Base64.InputStream
in either ENCODE or DECODE mode. - insertProviderAt(String, int) - Static method in class org.owasp.esapi.crypto.SecurityProviderLoader
-
This methods adds a provider to the
SecurityManager
either by some generic name or by the class name. - IntegerAccessReferenceMap - Class in org.owasp.esapi.reference
-
Reference implementation of the AccessReferenceMap interface.
- IntegerAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
-
TODO Javadoc
- IntegerValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
- IntegerValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule
- IntegerValidationRule(String, Encoder, int, int) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule
- IntegrityException - Exception in org.owasp.esapi.errors
-
An IntegrityException should be thrown when a problem with the integrity of data has been detected.
- IntegrityException() - Constructor for exception org.owasp.esapi.errors.IntegrityException
-
Instantiates a new availability exception.
- IntegrityException(String, String) - Constructor for exception org.owasp.esapi.errors.IntegrityException
-
Creates a new instance of IntegrityException.
- IntegrityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntegrityException
-
Instantiates a new IntegrityException.
- InterceptingHTTPServletRequest - Class in org.owasp.esapi.waf.internal
-
The wrapper for the HttpServletRequest object which will be passed to the application being protected by the WAF.
- InterceptingHTTPServletRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
- InterceptingHTTPServletResponse - Class in org.owasp.esapi.waf.internal
-
The wrapper for the HttpServletResponse object which will be passed to the application being protected by the WAF.
- InterceptingHTTPServletResponse(HttpServletResponse, boolean, List<Rule>) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- InterceptingPrintWriter - Class in org.owasp.esapi.waf.internal
-
The PrintWriter needed to buffer outbound data generated by the application being protected by the WAF.
- InterceptingPrintWriter(Writer) - Constructor for class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- InterceptingServletOutputStream - Class in org.owasp.esapi.waf.internal
-
This class was inspired by ModSecurity for Java by Ivan Ristic.
- InterceptingServletOutputStream(ServletOutputStream, boolean) - Constructor for class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- interval - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
-
The time frame within which 'count' number of actions has to be detected in order to trigger this threshold.
- INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- intrusionDetector() - Static method in class org.owasp.esapi.ESAPI
- IntrusionDetector - Interface in org.owasp.esapi
-
The IntrusionDetector interface is intended to track security relevant events and identify attack behavior.
- IntrusionException - Exception in org.owasp.esapi.errors
-
An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack in progress.
- IntrusionException(String, String) - Constructor for exception org.owasp.esapi.errors.IntrusionException
-
Creates a new instance of IntrusionException.
- IntrusionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntrusionException
-
Instantiates a new intrusion exception.
- IPRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <detect-source-ip> rules.
- IPRule(String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule
- IPRule(String, Pattern, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.Action
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.BlockAction
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DefaultAction
- isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DoNothingAction
- isAllowedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Return true if specified cipher mode is one that may be used for encryption / decryption operations via
Encryptor
. - isAllowNull() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- isAnonymous() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if user is anonymous.
- isAnonymous() - Method in interface org.owasp.esapi.User
-
Checks if user is anonymous.
- isAuthorized(Boolean) - Method in class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
-
Returns true iff runtimeParameter is a Boolean true.
- isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR
- isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR
- isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR
-
Returns true if runtimeParameter is a Boolean true.
- isAuthorized(Object[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
-
Delegates to the method specified in setPolicyParameters
- isAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController
-
isAuthorized
executes theAccessControlRule
that is identified bykey
and listed in theresources/ESAPI-AccessControlPolicy.xml
file. - isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
- isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
isAuthorized
executes theAccessControlRule
that is identified bykey
and listed in theresources/ESAPI-AccessControlPolicy.xml
file. - isAuthorized(R) - Method in interface org.owasp.esapi.AccessControlRule
- isAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced data, represented as an Object.
- isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced data, represented as an Object.
- isAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced file.
- isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced file.
- isAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced function.
- isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced function.
- isAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced service.
- isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
TODO Javadoc
- isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced service.
- isAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController
-
Checks if the current user is authorized to access the referenced URL.
- isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
-
Deprecated.
- isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
-
Check if URL is authorized.
- isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
-
Checks if the current user is authorized to access the referenced URL.
- isCipherTextMACvalid(SecretKey, CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
If a Message Authentication Code (MAC) is required for the specified
CipherText
object, then attempt to validate the MAC that should be embedded within theCipherText
object by using a derived key based on the specifiedSecretKey
. - isCombinedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Return true if specified cipher mode is one of those specified in the
ESAPI.properties
file that supports both confidentiality and authenticity (i.e., a "combined cipher mode" as NIST refers to it). - isCommitted() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- isDebugEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isDebugEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isEmpty() - Method in class org.owasp.esapi.codecs.HashTrie
- isEmpty() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- isEmpty() - Method in class org.owasp.esapi.ValidationErrorList
-
Returns true if no error are present.
- isEmpty(String) - Static method in class org.owasp.esapi.StringUtilities
-
Returns true if String is empty ("") or null.
- isEnabled() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is currently enabled.
- isEnabled() - Method in interface org.owasp.esapi.User
-
Checks if this user's account is currently enabled.
- isErrorEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isErrorEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isExpired() - Method in class org.owasp.esapi.crypto.CryptoToken
-
Check if token has expired yet.
- isExpired() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is expired.
- isExpired() - Method in interface org.owasp.esapi.User
-
Checks if this user's account is expired.
- isFatalEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isFatalEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isHexDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString
-
Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
- isInfoEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isInfoEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isInList(Collection, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
- isInList(Enumeration, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
- isInList(Map, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
- isInRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is assigned a particular role.
- isInRole(String) - Method in interface org.owasp.esapi.User
-
Checks if this user's account is assigned a particular role.
- isLocked() - Method in class org.owasp.esapi.reference.DefaultUser
-
Checks if this user's account is locked.
- isLocked() - Method in interface org.owasp.esapi.User
-
Checks if this user's account is locked.
- isLoggedIn() - Method in class org.owasp.esapi.reference.DefaultUser
-
Tests to see if the user is currently logged in.
- isLoggedIn() - Method in interface org.owasp.esapi.User
-
Tests to see if the user is currently logged in.
- isMACRequired(CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Check to see if a Message Authentication Code (MAC) is required for a given
CipherText
object and the current ESAPI.property settings. - isOctalDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString
-
Returns true if the parameter character is an octal digit 0 through 7.
- isReady() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- isRequestedSessionIdFromCookie() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isRequestedSessionIdFromUrl() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Deprecated.in servlet spec 2.1. Use
SecurityWrapperRequest.isRequestedSessionIdFromURL()
instead. - isRequestedSessionIdFromURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isRequestedSessionIdValid() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isSecure() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- isSessionAbsoluteTimeout() - Method in class org.owasp.esapi.reference.DefaultUser
-
Tests to see if this user's session has exceeded the absolute time out based on ESAPI's configuration settings.
- isSessionAbsoluteTimeout() - Method in interface org.owasp.esapi.User
-
Tests to see if this user's session has exceeded the absolute time out based on ESAPI's configuration settings.
- isSessionTimeout() - Method in class org.owasp.esapi.reference.DefaultUser
-
Tests to see if the user's session has timed out from inactivity based on ESAPI's configuration settings.
- isSessionTimeout() - Method in interface org.owasp.esapi.User
-
Tests to see if the user's session has timed out from inactivity based on ESAPI's configuration settings.
- isSuccess() - Method in class org.owasp.esapi.Logger.EventType
- isTraceEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isTraceEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isUserInRole(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Returns true if the ESAPI User associated with this request has the specified role.
- isUsingHttpOnlyFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- isUsingSecureFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- isUsingWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- isValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- isValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
- isValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidCreditCard and returns true if no exceptions are thrown.
- isValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidCreditCard and returns true if no exceptions are thrown.
- isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidCreditCard and returns true if no exceptions are thrown.
- isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidCreditCard and returns true if no exceptions are thrown.
- isValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls isValidDate and returns true if no exceptions are thrown.
- isValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls isValidDate and returns true if no exceptions are thrown.
- isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls isValidDate and returns true if no exceptions are thrown.
- isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls isValidDate and returns true if no exceptions are thrown.
- isValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
- isValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
- isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
- isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
- isValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidDouble and returns true if no exceptions are thrown.
- isValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidDouble and returns true if no exceptions are thrown.
- isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidDouble and returns true if no exceptions are thrown.
- isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidDouble and returns true if no exceptions are thrown.
- isValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileContent and returns true if no exceptions are thrown.
- isValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileContent and returns true if no exceptions are thrown.
- isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileContent and returns true if no exceptions are thrown.
- isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileContent and returns true if no exceptions are thrown.
- isValidFileName(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileName with the default list of allowedExtensions
- isValidFileName(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileName with the default list of allowedExtensions
- isValidFileName(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileName with the default list of allowedExtensions
- isValidFileName(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileName with the default list of allowedExtensions
- isValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileName and returns true if no exceptions are thrown.
- isValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileName and returns true if no exceptions are thrown.
- isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileName and returns true if no exceptions are thrown.
- isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileName and returns true if no exceptions are thrown.
- isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileUpload and returns true if no exceptions are thrown.
- isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileUpload and returns true if no exceptions are thrown.
- isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidFileUpload and returns true if no exceptions are thrown.
- isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidFileUpload and returns true if no exceptions are thrown.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator
-
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
- isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
- isValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if data received from browser is valid.
- isValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls isValidInput and returns true if no exceptions are thrown.
- isValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
- isValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls isValidInput and returns true if no exceptions are thrown.
- isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
- isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls isValidInput and returns true if no exceptions are thrown.
- isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
- isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls isValidInput and returns true if no exceptions are thrown.
- isValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidInteger and returns true if no exceptions are thrown.
- isValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidInteger and returns true if no exceptions are thrown.
- isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidInteger and returns true if no exceptions are thrown.
- isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidInteger and returns true if no exceptions are thrown.
- isValidKDFVersion(int, boolean, boolean) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Is this particular KDF version number one that is sane? For that, we just make sure it is inbounds of the valid range which is:
- isValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidListItem and returns true if no exceptions are thrown.
- isValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator
-
Calls getValidListItem and returns true if no exceptions are thrown.
- isValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidListItem and returns true if no exceptions are thrown.
- isValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidListItem and returns true if no exceptions are thrown.
- isValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidNumber and returns true if no exceptions are thrown.
- isValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidNumber and returns true if no exceptions are thrown.
- isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidNumber and returns true if no exceptions are thrown.
- isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidNumber and returns true if no exceptions are thrown.
- isValidPRF(String) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Check if specified algorithm name is a valid PRF that can be used.
- isValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidPrintable and returns true if no exceptions are thrown.
- isValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input is a valid redirect location.
- isValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidRedirectLocation and returns true if no exceptions are thrown.
- isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Returns true if input is a valid redirect location.
- isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidRedirectLocation and returns true if no exceptions are thrown.
- isValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidSafeHTML and returns true if no exceptions are thrown.
- isValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
-
Calls getValidSafeHTML and returns true if no exceptions are thrown.
- isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Calls getValidSafeHTML and returns true if no exceptions are thrown.
- isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
-
Calls getValidSafeHTML and returns true if no exceptions are thrown.
- isWarningEnabled() - Method in interface org.owasp.esapi.Logger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- isWarningEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
-
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
- iterator() - Method in interface org.owasp.esapi.AccessReferenceMap
-
Get an iterator through the direct object references.
- iterator() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Get an iterator through the direct object references.
- itod - Variable in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
The Indirect to Direct Map
- IV_TYPE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
J
- JavaEncryptor - Class in org.owasp.esapi.reference.crypto
-
Reference implementation of the
Encryptor
interface. - JavaLogFactory - Class in org.owasp.esapi.reference
-
Reference implementation of the LogFactory and Logger interfaces.
- JavaLogFactory() - Constructor for class org.owasp.esapi.reference.JavaLogFactory
-
Null argument constructor for this implementation of the LogFactory interface needed for dynamic configuration.
- JavaLogFactory.JavaLoggerLevel - Class in org.owasp.esapi.reference
-
A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
- JavaLoggerLevel(String, int) - Constructor for class org.owasp.esapi.reference.JavaLogFactory.JavaLoggerLevel
-
Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of the defined level and its numeric value.
- JAVASCRIPT_REDIRECT - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- JAVASCRIPT_TARGET_TOKEN - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- JavaScriptCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for backslash encoding in JavaScript.
- JavaScriptCodec() - Constructor for class org.owasp.esapi.codecs.JavaScriptCodec
K
- KDF_PRF_ALG - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- kdfVersion - Static variable in class org.owasp.esapi.crypto.KeyDerivationFunction
- KEY_LENGTH - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- KeyDerivationFunction - Class in org.owasp.esapi.crypto
-
This class implements a Key Derivation Function (KDF) and supporting methods.
- KeyDerivationFunction() - Constructor for class org.owasp.esapi.crypto.KeyDerivationFunction
-
Construct a
KeyDerivationFunction
based on the ESAPI.property property,Encryptor.KDF.PRF
. - KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS) - Constructor for class org.owasp.esapi.crypto.KeyDerivationFunction
-
Construct a
KeyDerivationFunction
. - KeyDerivationFunction.PRF_ALGORITHMS - Enum in org.owasp.esapi.crypto
- keySet() - Method in class org.owasp.esapi.codecs.HashTrie
- keySet() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- keySet() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
- keySet() - Method in interface org.owasp.esapi.EncryptedProperties
-
Returns a
Set
view of properties. - keySet() - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Returns a
Set
view of properties. - killAllCookies() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls killAllCookies with the *current* request and response.
- killAllCookies() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls killAllCookies with the *current* request and response.
- killAllCookies(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
-
Kill all cookies received in the last request from the browser.
- killAllCookies(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Kill all cookies received in the last request from the browser.
- killCookie(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls killCookie with the *current* request and response.
- killCookie(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls killCookie with the *current* request and response.
- killCookie(HttpServletRequest, HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Kills the specified cookie by setting a new cookie that expires immediately.
- killCookie(HttpServletRequest, HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Kills the specified cookie by setting a new cookie that expires immediately.
L
- length() - Method in class org.owasp.esapi.crypto.PlainText
-
Return the length of the UTF-8 encoded byte array representing this object.
- LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
- list(PrintStream) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to throw an
UnsupportedOperationException
- list(PrintWriter) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to throw an
UnsupportedOperationException
- load() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
- load(InputStream) - Method in interface org.owasp.esapi.EncryptedProperties
-
Reads a property list (key and element pairs) from the input stream.
- load(InputStream) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Reads a property list (key and element pairs) from the input stream.
- load(InputStream) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
Reads a property list (key and element pairs) from the input stream.
- load(Reader) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
For JDK 1.5 compatibility, this method has been overridden convert the Reader into an InputStream and call the superclass constructor.
- loadConfiguration() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Load configuration.
- loadESAPIPreferredJCEProvider() - Static method in class org.owasp.esapi.crypto.SecurityProviderLoader
-
Load the preferred JCE provider for ESAPI based on the ESAPI.properties property
Encryptor.PreferredJCEProvider
. - loadProperties(String, Boolean) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
-
Loads a Properties file from a filename.
- loadUsersIfNecessary() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Load users if they haven't been loaded in a while.
- loadUsersImmediately() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
- lock() - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
-
This makes the map itself read only, but the mutability of objects that this map contains is not affected.
- lock() - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
-
This makes the map itself read only, but the mutability of objects that this map contains is not affected.
- lock() - Method in class org.owasp.esapi.reference.DefaultUser
-
Lock this user's account.
- lock() - Method in interface org.owasp.esapi.User
-
Lock this user's account.
- log() - Static method in class org.owasp.esapi.ESAPI
- log(HttpServletRequest, String) - Method in class org.owasp.esapi.waf.rules.Rule
- LOG - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- LOG_APPLICATION_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- LOG_DIRECTORY - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- LOG_ENCODING_REQUIRED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- LOG_FILE_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- LOG_LEVEL - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- LOG_LEVEL - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- LOG_SERVER_IP - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- Log4JLogFactory - Class in org.owasp.esapi.reference
-
Reference implementation of the LogFactory interface.
- Log4JLogFactory() - Constructor for class org.owasp.esapi.reference.Log4JLogFactory
- Log4JLogger - Class in org.owasp.esapi.reference
-
Reference implementation of the Logger interface.
- Log4JLogger(String) - Constructor for class org.owasp.esapi.reference.Log4JLogger
- Log4JLoggerFactory - Class in org.owasp.esapi.reference
-
Implementation of the LoggerFactory interface.
- Log4JLoggerFactory() - Constructor for class org.owasp.esapi.reference.Log4JLoggerFactory
-
This constructor must be public so it can be accessed from within log4j
- LogFactory - Interface in org.owasp.esapi
-
The LogFactory interface is intended to allow substitution of various logging packages, while providing a common interface to access them.
- logger - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityException
-
The logger.
- logger - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
-
The logger.
- logger - Variable in exception org.owasp.esapi.errors.IntrusionException
-
The logger.
- logger - Variable in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
- logger - Variable in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
- logger - Variable in class org.owasp.esapi.reference.DefaultAccessController
- logger - Static variable in class org.owasp.esapi.waf.rules.Rule
- Logger - Interface in org.owasp.esapi
-
The Logger interface defines a set of methods that can be used to log security events.
- Logger.EventType - Class in org.owasp.esapi
-
Defines the type of log event that is being generated.
- logHTTPRequest() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls logHTTPRequest with the *current* request and logger.
- logHTTPRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls logHTTPRequest with the *current* request and logger.
- logHTTPRequest(HttpServletRequest, Logger) - Method in interface org.owasp.esapi.HTTPUtilities
-
Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.
- logHTTPRequest(HttpServletRequest, Logger) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.
- logHTTPRequest(HttpServletRequest, Logger, List) - Method in interface org.owasp.esapi.HTTPUtilities
-
Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.
- logHTTPRequest(HttpServletRequest, Logger, List) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Formats an HTTP request into a log suitable string.
- login() - Method in interface org.owasp.esapi.Authenticator
-
Calls login with the *current* request and response.
- login() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Calls login with the *current* request and response.
- login(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.Authenticator
-
This method should be called for every HTTP request, to login the current user either from the session of HTTP request.
- login(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
This method should be called for every HTTP request, to login the current user either from the session of HTTP request.
- loginWithPassword(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Login with password.
- loginWithPassword(String) - Method in interface org.owasp.esapi.User
-
Login with password.
- logMessage - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityException
- logMessage - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
- logMessage - Variable in exception org.owasp.esapi.errors.IntrusionException
- logout() - Method in interface org.owasp.esapi.Authenticator
-
Logs out the current user.
- logout() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Logs out the current user.
- logout() - Method in class org.owasp.esapi.reference.DefaultUser
-
Logout this user.
- logout() - Method in interface org.owasp.esapi.User
-
Logout this user.
- LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
M
- main(String[]) - Static method in class org.owasp.esapi.codecs.Base64
-
Encodes or decodes two files from the command line; feel free to delete this method (in fact you probably should) if you're embedding this code into a larger program.
- main(String...) - Static method in class org.owasp.esapi.crypto.CryptoDiscoverer
- main(String[]) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Print list of ESAPI supported pseudo-random functions for KDF and KDF version information.
- main(String[]) - Static method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Deprecated.Use
EncryptedPropertiesUtils
instead, which allows creating, reading, and writing encrypted properties. - main(String[]) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
-
Loads encrypted or plaintext properties file based on the location passed in args then prompts the user to input key-value pairs.
- main(String[]) - Static method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Generates a new strongly random secret key and salt that can be copy and pasted in the ESAPI.properties file.
- main(String[]) - Static method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Fail safe main program to add or update an account in an emergency.
- make(String, String) - Static method in class org.owasp.esapi.util.ObjFactory
-
Create an object based on the
className
parameter. - makeNewLoggerInstance(String) - Method in class org.owasp.esapi.reference.Log4JLoggerFactory
-
Overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
- mark() - Method in class org.owasp.esapi.codecs.PushbackString
- MASTER_KEY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- MASTER_SALT - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- MAX_COOKIE_LEN - Static variable in interface org.owasp.esapi.HTTPUtilities
- MAX_COOKIE_PAIRS - Static variable in interface org.owasp.esapi.HTTPUtilities
- MAX_FILE_NAME_LENGTH - Variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- MAX_HTTP_HEADER_SIZE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- MAX_LOG_FILE_SIZE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- MAX_OLD_PASSWORD_HASHES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- MAX_REDIRECT_LOCATION - Variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- MAX_UPLOAD_FILE_BYTES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- maxLength - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
- minLength - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
- MustMatchRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <must-match> rules.
- MustMatchRule(String, Pattern, String, int, String) - Constructor for class org.owasp.esapi.waf.rules.MustMatchRule
- MYSQL_MODE - Static variable in class org.owasp.esapi.codecs.MySQLCodec
-
Target MySQL Server is running in Standard MySQL (Default) mode.
- MySQLCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for MySQL strings.
- MySQLCodec(int) - Constructor for class org.owasp.esapi.codecs.MySQLCodec
-
Deprecated.
- MySQLCodec(MySQLCodec.Mode) - Constructor for class org.owasp.esapi.codecs.MySQLCodec
-
Instantiate the MySQL Codec with the given SQL
MySQLCodec.Mode
. - MySQLCodec.Mode - Enum in org.owasp.esapi.codecs
-
Specifies the SQL Mode the target MySQL Server is running with.
N
- name - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
-
The name of this threshold.
- next() - Method in class org.owasp.esapi.codecs.PushbackString
- nextHex() - Method in class org.owasp.esapi.codecs.PushbackString
- nextOctal() - Method in class org.owasp.esapi.codecs.PushbackString
- NO_OPTIONS - Static variable in class org.owasp.esapi.codecs.Base64
-
No options specified.
- notNullOrEmpty(String, boolean) - Static method in class org.owasp.esapi.StringUtilities
-
Check to ensure that a
String
is not null or empty (after optional trimming of leading and trailing whitespace). - NullSafe - Class in org.owasp.esapi.util
- NumberValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
- NumberValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.NumberValidationRule
- NumberValidationRule(String, Encoder, double, double) - Constructor for class org.owasp.esapi.reference.validation.NumberValidationRule
O
- ObjFactory - Class in org.owasp.esapi.util
-
A generic object factory to create an object of class T.
- OFF - Static variable in interface org.owasp.esapi.Logger
-
OFF indicates that no messages should be logged.
- OPERATOR_CONTAINS - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- OPERATOR_EQ - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- OPERATOR_EXISTS - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- OPERATOR_IN_LIST - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- OracleCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for Oracle strings.
- OracleCodec() - Constructor for class org.owasp.esapi.codecs.OracleCodec
- ORDERED - Static variable in class org.owasp.esapi.codecs.Base64
-
Encode using the special "ordered" dialect of Base64 described here: http://www.faqs.org/qa/rfcc-1940.html.
- org.owasp.esapi - package org.owasp.esapi
-
The ESAPI interfaces and
Exception
classes model the most important security functions to enterprise web applications. - org.owasp.esapi.codecs - package org.owasp.esapi.codecs
-
This package contains codecs for application layer encoding/escaping schemes that can be used for both canonicalization and output encoding.
- org.owasp.esapi.crypto - package org.owasp.esapi.crypto
-
This package contains ESAPI cryptography-related classes used throughout ESAPI.
- org.owasp.esapi.errors - package org.owasp.esapi.errors
-
A set of exception classes designed to model the error conditions that frequently arise in enterprise web applications and web services.
- org.owasp.esapi.filters - package org.owasp.esapi.filters
-
This package contains several filters that demonstrate ways of using the ESAPI security controls in front of your application.
- org.owasp.esapi.reference - package org.owasp.esapi.reference
-
This package contains reference implementations of the ESAPI interfaces.
- org.owasp.esapi.reference.accesscontrol - package org.owasp.esapi.reference.accesscontrol
- org.owasp.esapi.reference.accesscontrol.policyloader - package org.owasp.esapi.reference.accesscontrol.policyloader
- org.owasp.esapi.reference.crypto - package org.owasp.esapi.reference.crypto
-
This package contains the reference implementation for some of the ESAPI cryptography-related classes used throughout ESAPI.
- org.owasp.esapi.reference.validation - package org.owasp.esapi.reference.validation
-
This package contains data format-specific validation rule functions.
- org.owasp.esapi.tags - package org.owasp.esapi.tags
-
This package contains sample JSP tags that demonstrate how to use the ESAPI functions to protect an application from within a JSP page.
- org.owasp.esapi.util - package org.owasp.esapi.util
-
This package contains ESAPI utility classes used throughout the reference implementation of ESAPI but may also be directly useful.
- org.owasp.esapi.waf - package org.owasp.esapi.waf
-
This package contains the ESAPI Web Application Firewall (WAF).
- org.owasp.esapi.waf.actions - package org.owasp.esapi.waf.actions
-
This package contains the Action objects that are executed after a Rule subclass executes.
- org.owasp.esapi.waf.configuration - package org.owasp.esapi.waf.configuration
-
This package contains the both the configuration object model and the utility class to create that object model from an existing policy file.
- org.owasp.esapi.waf.internal - package org.owasp.esapi.waf.internal
-
This package contains all HTTP-related classes used internally by the WAF for the implementation of its rules.
- org.owasp.esapi.waf.rules - package org.owasp.esapi.waf.rules
-
This package contains all of the Rule subclasses that correspond to policy file entries.
- originalVersion - Static variable in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Used to support backward compatibility.
- OutputStream(OutputStream) - Constructor for class org.owasp.esapi.codecs.Base64.OutputStream
-
Constructs a
Base64.OutputStream
in ENCODE mode. - OutputStream(OutputStream, int) - Constructor for class org.owasp.esapi.codecs.Base64.OutputStream
-
Constructs a
Base64.OutputStream
in either ENCODE or DECODE mode. - override(SecurityConfiguration) - Static method in class org.owasp.esapi.ESAPI
-
Overrides the current security configuration with a new implementation.
- overwrite() - Method in class org.owasp.esapi.crypto.PlainText
-
First overwrite the bytes of plaintext with the character '*'.
- overwrite(byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Overwrite a byte array with the byte containing '*'.
- overwrite(byte[], byte) - Static method in class org.owasp.esapi.crypto.CryptoHelper
-
Overwrite a byte array with a specified byte.
- overwritePlainText() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Indicates whether the
PlainText
objects may be overwritten after they have been encrypted. - overwritePlainText() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Indicates whether the
PlainText
objects may be overwritten after they have been encrypted.
P
- Parameter - Class in org.owasp.esapi.waf.internal
-
A simple object to represent a name=value HTTP parameter.
- Parameter(String, String, boolean) - Constructor for class org.owasp.esapi.waf.internal.Parameter
- PARAMETER - Static variable in interface org.owasp.esapi.HTTPUtilities
- PASSWORD_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
- PASSWORD_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
- PASSWORD_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
- PASSWORD_PARAMETER_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- PASSWORD_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
- PASSWORD_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
- PathExtensionRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <restrict-extension> rules.
- PathExtensionRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.PathExtensionRule
- peek() - Method in class org.owasp.esapi.codecs.PushbackString
-
Return the next character without affecting the current index.
- peek(char) - Method in class org.owasp.esapi.codecs.PushbackString
-
Test to see if the next character is a particular value without affecting the current index.
- PercentCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for percent encoding (aka URL encoding).
- PercentCodec() - Constructor for class org.owasp.esapi.codecs.PercentCodec
- PlainText - Class in org.owasp.esapi.crypto
-
A class representing plaintext (versus ciphertext) as related to cryptographic systems.
- PlainText(byte[]) - Constructor for class org.owasp.esapi.crypto.PlainText
-
Construct a
PlainText
object from abyte
array. - PlainText(String) - Constructor for class org.owasp.esapi.crypto.PlainText
-
Construct a
PlainText
object from aString
. - PLAINTEXT_OVERWRITE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- PolicyDTO - Class in org.owasp.esapi.reference.accesscontrol.policyloader
-
The point of the loaders is to create this
- PolicyDTO() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
- policyParameters - Variable in class org.owasp.esapi.reference.accesscontrol.BaseACR
- PolicyParameters - Interface in org.owasp.esapi.reference.accesscontrol.policyloader
- policyProperties - Variable in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- PREFERRED_JCE_PROVIDER - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- PreparedString - Class in org.owasp.esapi
-
A parameterized string that uses escaping to make untrusted data safe before combining it with a command or query intended for use in an interpreter.
- PreparedString(String, char, Codec) - Constructor for class org.owasp.esapi.PreparedString
-
Create a PreparedString with the supplied template, parameter placeholder character, and Codec.
- PreparedString(String, Codec) - Constructor for class org.owasp.esapi.PreparedString
-
Create a PreparedString with the supplied template and Codec.
- print(boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(double) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(float) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(long) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(Object) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- print(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- PRINT_PROPERTIES_WHEN_LOADED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- printf(String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- printf(Locale, String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(double) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(float) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(long) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(Object) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- println(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- pushback(Character) - Method in class org.owasp.esapi.codecs.PushbackString
- PushbackString - Class in org.owasp.esapi.codecs
-
The pushback string is used by Codecs to allow them to push decoded characters back onto a string for further decoding.
- PushbackString(String) - Constructor for class org.owasp.esapi.codecs.PushbackString
- put(CharSequence, T) - Method in class org.owasp.esapi.codecs.HashTrie
-
Add mapping.
- put(CharSequence, T) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- put(CharSequence, T) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
- put(Object, Object) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to only accept Strings for key and value, and to encrypt those Strings before storing them.
- put(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- put(String, Object) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
-
This is a convenience method for developers that prefer to think of this as a map instead of being bean-like.
- putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.HashTrie
- putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
R
- RANDOM_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- RandomAccessReferenceMap - Class in org.owasp.esapi.reference
-
Reference implementation of the AccessReferenceMap interface.
- RandomAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
-
This AccessReferenceMap implementation uses short random strings to create a layer of indirection.
- RandomAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
- RandomAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
- RandomAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
- randomizer() - Static method in class org.owasp.esapi.ESAPI
- Randomizer - Interface in org.owasp.esapi
-
The Randomizer interface defines a set of methods for creating cryptographically random numbers and strings.
- RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- read() - Method in class org.owasp.esapi.codecs.Base64.InputStream
-
Reads enough of the input stream to convert to/from Base64 and returns the next byte.
- read(byte[], int, int) - Method in class org.owasp.esapi.codecs.Base64.InputStream
-
Calls
Base64.InputStream.read()
repeatedly until the end of stream is reached or len bytes are read. - readConfigurationFile(InputStream, String) - Static method in class org.owasp.esapi.waf.configuration.ConfigurationParser
- REDIRECT - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- RedirectAction - Class in org.owasp.esapi.waf.actions
-
The class that indicates the user should be redirected to another location.
- RedirectAction() - Constructor for class org.owasp.esapi.waf.actions.RedirectAction
- ReferenceEncryptedProperties - Class in org.owasp.esapi.reference.crypto
-
Reference implementation of the
EncryptedProperties
interface. - ReferenceEncryptedProperties() - Constructor for class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
Instantiates a new encrypted properties.
- ReferenceEncryptedProperties(Properties) - Constructor for class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
- remainder() - Method in class org.owasp.esapi.codecs.PushbackString
- REMEMBER_TOKEN_COOKIE_NAME - Static variable in interface org.owasp.esapi.HTTPUtilities
- REMEMBER_TOKEN_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- remove(CharSequence) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
- remove(Object) - Method in class org.owasp.esapi.codecs.HashTrie
-
Remove a entry.
- remove(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- removeAttribute(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- removeDirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
- removeDirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
- removeRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Removes a role from this user's account.
- removeRole(String) - Method in interface org.owasp.esapi.User
-
Removes a role from this user's account.
- removeSession(HttpSession) - Method in class org.owasp.esapi.reference.DefaultUser
-
Removes a session for this User.
- removeSession(HttpSession) - Method in interface org.owasp.esapi.User
-
Removes a session for this User.
- removeUser(String) - Method in interface org.owasp.esapi.Authenticator
-
Removes the account of the specified accountName.
- removeUser(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Removes the account of the specified accountName.
- ReplaceContentRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <dynamic-insertion> rules.
- ReplaceContentRule(String, Pattern, String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.ReplaceContentRule
- replaceLinearWhiteSpace(String) - Static method in class org.owasp.esapi.StringUtilities
- replaceNull(String, String) - Static method in class org.owasp.esapi.StringUtilities
-
Returns the replace value if the value of test is null, "null", or ""
- RequestRateThrottleFilter - Class in org.owasp.esapi.filters
-
A simple servlet filter that limits the request rate to a certain threshold of requests per second.
- RequestRateThrottleFilter() - Constructor for class org.owasp.esapi.filters.RequestRateThrottleFilter
- requiresIV() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Return true if the cipher mode requires an IV.
- requiresIV() - Method in class org.owasp.esapi.crypto.CipherText
-
Return true if the cipher mode used requires an IV.
- reset() - Method in class org.owasp.esapi.codecs.PushbackString
- reset() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- reset() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- resetBuffer() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- resetCSRFToken() - Method in class org.owasp.esapi.reference.DefaultUser
-
Returns a token to be used as a prevention against CSRF attacks.
- resetCSRFToken() - Method in interface org.owasp.esapi.User
-
Returns a token to be used as a prevention against CSRF attacks.
- RESOURCE_FILE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
The name of the ESAPI property file
- RESPONSE_CONTENT_TYPE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- RestrictContentTypeRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <dynamic-insertion> rules.
- RestrictContentTypeRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.RestrictContentTypeRule
- RestrictUserAgentRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <restrict-user-agent> rules.
- RestrictUserAgentRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.RestrictUserAgentRule
- resumeEncoding() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
-
Resumes encoding of the stream.
- Rule - Class in org.owasp.esapi.waf.rules
-
This is the base class for the WAF rules.
- Rule() - Constructor for class org.owasp.esapi.waf.rules.Rule
- RuleUtil - Class in org.owasp.esapi.waf.rules
-
This is a small utility class for use by Rule subclasses.
- RuleUtil() - Constructor for class org.owasp.esapi.waf.rules.RuleUtil
S
- SafeFile - Class in org.owasp.esapi
-
Extension to java.io.File to prevent against null byte injections and other unforeseen problems resulting from unprintable characters causing problems in path lookups.
- SafeFile(File, String) - Constructor for class org.owasp.esapi.SafeFile
- SafeFile(String) - Constructor for class org.owasp.esapi.SafeFile
- SafeFile(String, String) - Constructor for class org.owasp.esapi.SafeFile
- SafeFile(URI) - Constructor for class org.owasp.esapi.SafeFile
- safeReadLine(InputStream, int) - Method in class org.owasp.esapi.reference.DefaultValidator
-
Reads from an input stream until end-of-line or a maximum number of characters.
- safeReadLine(InputStream, int) - Method in interface org.owasp.esapi.Validator
-
Reads from an input stream until end-of-line or a maximum number of characters.
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
- sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
- saveUsers() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Saves the user database to the file system.
- saveUsers(PrintWriter) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Save users.
- seal(String, long) - Method in interface org.owasp.esapi.Encryptor
-
Creates a seal that binds a set of data and includes an expiration timestamp.
- seal(String, long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Creates a seal that binds a set of data and includes an expiration timestamp.
- SECURITY_AUDIT - Static variable in interface org.owasp.esapi.Logger
-
A security type of log event that is associated with an audit trail of some type, but the log event is not specifically something that has either succeeded or failed or that is irrelevant in the case of this logged message.
- SECURITY_FAILURE - Static variable in interface org.owasp.esapi.Logger
-
A security type of log event that has failed.
- SECURITY_SUCCESS - Static variable in interface org.owasp.esapi.Logger
-
A security type of log event that has succeeded.
- securityConfiguration() - Static method in class org.owasp.esapi.ESAPI
- SecurityConfiguration - Interface in org.owasp.esapi
-
The
SecurityConfiguration
interface stores all configuration information that directs the behavior of the ESAPI implementation. - SecurityConfiguration.Threshold - Class in org.owasp.esapi
-
Models a simple threshold as a count and an interval, along with a set of actions to take if the threshold is exceeded.
- SecurityProviderLoader - Class in org.owasp.esapi.crypto
-
This class provides a generic static method that loads a
java.security.Provider
either by some generic name (i.e.,Provider.getName()
) or by a fully-qualified class name. - SecurityProviderLoader() - Constructor for class org.owasp.esapi.crypto.SecurityProviderLoader
- SecurityWrapper - Class in org.owasp.esapi.filters
-
This filter wraps the incoming request and outgoing response and overrides many methods with safer versions.
- SecurityWrapper() - Constructor for class org.owasp.esapi.filters.SecurityWrapper
- SecurityWrapperRequest - Class in org.owasp.esapi.filters
-
This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible.
- SecurityWrapperRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.filters.SecurityWrapperRequest
-
Construct a safe request that overrides the default request methods with safer versions.
- SecurityWrapperResponse - Class in org.owasp.esapi.filters
-
This response wrapper simply overrides unsafe methods in the HttpServletResponse API with safe versions.
- SecurityWrapperResponse(HttpServletResponse) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse
-
Construct a safe response that overrides the default response methods with safer versions.
- SecurityWrapperResponse(HttpServletResponse, String) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse
- sendError(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Override the error code with a 200 in order to confound attackers using automated scanners.
- sendError(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Override the error code with a 200 in order to confound attackers using automated scanners.
- sendForward(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls sendForward with the *current* request and response.
- sendForward(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls sendForward with the *current* request and response.
- sendForward(HttpServletRequest, HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- sendForward(HttpServletRequest, HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- sendRedirect(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
This method generates a redirect response that can only be used to redirect the browser to safe locations, as configured in the ESAPI security configuration.
- sendRedirect(String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls sendRedirect with the *current* response.
- sendRedirect(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls sendRedirect with the *current* response.
- sendRedirect(HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- sendRedirect(HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
This method performs a forward to any resource located inside the WEB-INF directory.
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.ConfigurationException
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityException
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
- serialVersionUID - Static variable in exception org.owasp.esapi.errors.ValidationException
- serialVersionUID - Static variable in class org.owasp.esapi.reference.JavaLogFactory.JavaLoggerLevel
- set(int, String) - Method in class org.owasp.esapi.PreparedString
-
Set the parameter at index with supplied value using the default Codec to escape.
- set(int, String, Codec) - Method in class org.owasp.esapi.PreparedString
-
Set the parameter at index with supplied value using the supplied Codec to escape.
- set(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- set(String, Object) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
-
This works just like a Map, except it will throw an exception if lock() has been called.
- setAccountName(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets this user's account name.
- setAccountName(String) - Method in interface org.owasp.esapi.User
-
Sets this user's account name.
- setActionNecessary(boolean) - Method in class org.owasp.esapi.waf.actions.Action
- setAllowableContentRoot(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
- setAllowNull(boolean) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Whether or not a valid valid can be null.
- setAllowNull(boolean) - Method in interface org.owasp.esapi.ValidationRule
-
Whether or not a valid valid can be null.
- setApplyHTTPOnlyFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- setApplySecureFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- setAttribute(String, Object) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Same as HttpServletRequest, no security changes required.
- setAttribute(String, String) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set a name/value pair as an attribute.
- setBlockSize(int) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the block size for this
CipherSpec
. - setBufferSize(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
-
Sets the character encoding scheme to the ESAPI configured encoding scheme.
- setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Sets the character encoding to the ESAPI configured encoding.
- setCiphertext(byte[]) - Method in class org.owasp.esapi.crypto.CipherText
-
Set the raw ciphertext.
- setCipherTransformation(String) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the cipher transformation for this
CipherSpec
. - setCipherTransformation(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Set the cipher transformation.
- setCipherTransformation(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Deprecated.To be replaced by new class in ESAPI 2.1, but here if you need it until then. Details of replacement forthcoming to ESAPI-Dev list.
- setConfiguration(String, String) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
-
This function is used in testing to dynamically alter the configuration.
- setContentLength(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setContentType() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls setContentType with the *current* request and response.
- setContentType() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setContentType with the *current* request and response.
- setContentType(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setContentType(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- setContentType(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
-
Set the content type character encoding header on every HttpServletResponse in order to limit the ways in which the input data can be represented.
- setContentType(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Set the content type character encoding header on every HttpServletResponse in order to limit the ways in which the input data can be represented.
- setContext(String) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Set the 'context' as specified by NIST Special Publication 800-108.
- setContext(String) - Method in exception org.owasp.esapi.errors.ValidationException
-
Set's the UI reference that caused this ValidationException
- setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
-
Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout ESAPI (and elsewhere)
- setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout ESAPI (and elsewhere)
- setCurrentUser(User) - Method in interface org.owasp.esapi.Authenticator
-
Sets the currently logged in User.
- setCurrentUser(User) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
-
Sets the currently logged in User.
- setDateFormat(DateFormat) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
- setDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a date header to the response after ensuring that there are no encoded or illegal characters in the name.
- setDefaultErrorPage(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- setDefaultResponseCode(int) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- setEncoder(Encoder) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- setEncoder(Encoder) - Method in interface org.owasp.esapi.ValidationRule
- setEncoding(String) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Set the encoding used to convert the content to bytes for encoding.
- setError() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- setExpiration(int) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set expiration time to expire in 'interval' seconds (NOT milliseconds).
- setExpiration(Date) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set expiration time for a specific date/time.
- setExpirationTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets the date and time when this user's account will expire.
- setExpirationTime(Date) - Method in interface org.owasp.esapi.User
-
Sets the date and time when this user's account will expire.
- setFailed(boolean) - Method in class org.owasp.esapi.waf.actions.Action
- setHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.
- setHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls setHeader with the *current* response.
- setHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setHeader with the *current* response.
- setHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.
- setHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.
- setId(String) - Method in class org.owasp.esapi.waf.rules.Rule
- setIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Add an int header to the response after ensuring that there are no encoded or illegal characters in the name.
- setIV(byte[]) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the initialization vector (IV).
- setIVandCiphertext(byte[], byte[]) - Method in class org.owasp.esapi.crypto.CipherText
-
Set the IV and raw ciphertext.
- setKDF_PRF(int) - Method in class org.owasp.esapi.crypto.CipherText
- setKDFVersion(int) - Method in class org.owasp.esapi.crypto.CipherText
- setKeySize(int) - Method in class org.owasp.esapi.crypto.CipherSpec
-
Set the key size for this
CipherSpec
. - setLastFailedLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the time of the last failed login for this user.
- setLastFailedLoginTime(Date) - Method in interface org.owasp.esapi.User
-
Set the time of the last failed login for this user.
- setLastHostAddress(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the last remote host address used by this user.
- setLastHostAddress(String) - Method in interface org.owasp.esapi.User
-
Set the last remote host address used by this user.
- setLastLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the time of the last successful login for this user.
- setLastLoginTime(Date) - Method in interface org.owasp.esapi.User
-
Set the time of the last successful login for this user.
- setLastPasswordChangeTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
-
Set the time of the last password change for this user.
- setLastPasswordChangeTime(Date) - Method in interface org.owasp.esapi.User
-
Set the time of the last password change for this user.
- setLevel(int) - Method in interface org.owasp.esapi.Logger
-
Dynamically set the ESAPI logging severity level.
- setLevel(int) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Dynamically set the ESAPI logging severity level.
- setLocale(Locale) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Same as HttpServletResponse, no security changes required.
- setLocale(Locale) - Method in class org.owasp.esapi.reference.DefaultUser
- setLocale(Locale) - Method in interface org.owasp.esapi.User
- setLogDirectory(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
Deprecated.
- setLogLevel(Level) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
-
Deprecated.
- setMaxCardLength(int) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
- setMaximumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
- setMinimumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
- setName(String) - Method in class org.owasp.esapi.waf.internal.Parameter
- setNoCacheHeaders() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls setNoCacheHeaders with the *current* response.
- setNoCacheHeaders() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setNoCacheHeaders with the *current* response.
- setNoCacheHeaders(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
-
Set headers to protect sensitive information against being cached in the browser.
- setNoCacheHeaders(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Set headers to protect sensitive information against being cached in the browser.
- setPolicyParameters(DynaBeanACRParameter) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
- setPolicyParameters(P) - Method in interface org.owasp.esapi.AccessControlRule
- setPolicyParameters(P) - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR
- setProperty(String, String) - Method in interface org.owasp.esapi.EncryptedProperties
-
Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.
- setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.
- setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.
- setRedirectURL(String) - Method in class org.owasp.esapi.waf.actions.RedirectAction
- setRememberToken(String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls setNoCacheHeaders with the *current* response.
- setRememberToken(String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls setNoCacheHeaders with the *current* response.
- setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
-
Set a cookie containing the current User's remember me token for automatic authentication.
- setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Set a cookie containing the current User's remember me token for automatic authentication.
- setResourceDirectory(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Sets the ESAPI resource directory.
- setResourceDirectory(String) - Method in interface org.owasp.esapi.SecurityConfiguration
-
Sets the ESAPI resource directory.
- setResponseBytes(byte[]) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- setRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets the roles for this account.
- setRoles(Set<String>) - Method in interface org.owasp.esapi.User
-
Sets the roles for this account.
- setScreenName(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Sets the screen name (username alias) for this user.
- setScreenName(String) - Method in interface org.owasp.esapi.User
-
Sets the screen name (username alias) for this user.
- setSessionCookieName(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- setStatus(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Override the status code with a 200 in order to confound attackers using automated scanners.
- setStatus(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
-
Deprecated.In Servlet spec 2.1.
- setStringValidatorRule(StringValidationRule) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
- setTypeName(String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
- setTypeName(String) - Method in interface org.owasp.esapi.ValidationRule
- setUserAccountName(String) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Set the user account name associated with this cryptographic token object.
- setValidateInputAndCanonical(boolean) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
-
Set the flag which determines whether the in input itself is checked as well as the canonical form of the input.
- setValue(String) - Method in class org.owasp.esapi.waf.internal.Parameter
- setVersion(int) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
-
Set version so backward compatibility can be supported.
- setWrap(boolean) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
-
Set whether line wrapping at 64 characters is performed.
- setWriteListener(WriteListener) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- shouldPrintProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- sign(String) - Method in interface org.owasp.esapi.Encryptor
-
Create a digital signature for the provided data and return it in a string.
- sign(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Create a digital signature for the provided data and return it in a string.
- SimpleVirtualPatchRule - Class in org.owasp.esapi.waf.rules
-
This is the Rule subclass executed for <virtual-patch> rules.
- SimpleVirtualPatchRule(String, Pattern, String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule
- size() - Method in class org.owasp.esapi.codecs.HashTrie
-
Get the number of entries.
- size() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- size() - Method in class org.owasp.esapi.ValidationErrorList
-
Returns the numbers of errors present.
- SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
- STANDARD - org.owasp.esapi.codecs.MySQLCodec.Mode
- store(OutputStream, String) - Method in interface org.owasp.esapi.EncryptedProperties
-
Writes this property list (key and element pairs) in this Properties table to the output stream in a format suitable for loading into a Properties table using the load method.
- store(OutputStream, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
-
Writes this property list (key and element pairs) in this Properties table to the output stream in a format suitable for loading into a Properties table using the load method.
- storeProperties(String, Properties, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
-
Stores a Properties object to a file.
- StringUtilities - Class in org.owasp.esapi
-
String utilities used in various filters.
- StringUtilities() - Constructor for class org.owasp.esapi.StringUtilities
- StringValidationRule - Class in org.owasp.esapi.reference.validation
-
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
- StringValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
- StringValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
- StringValidationRule(String, Encoder, String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
- stripControls(String) - Static method in class org.owasp.esapi.StringUtilities
-
Removes all unprintable characters from a string and replaces with a space.
- strToChars(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a String to a char array
- strToSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a String to a set of characters.
- strToUnmodifiableSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
-
Convert a String to a unmodifiable set of characters.
- suspendEncoding() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
-
Suspends encoding of the stream.
T
- testValue(String, String, int) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
- Threshold(String, int, long, List<String>) - Constructor for class org.owasp.esapi.SecurityConfiguration.Threshold
-
Constructs a threshold that is composed of its name, its threshold count, the time window for the threshold, and the actions to take if the threshold is triggered.
- toHex(byte[], boolean) - Static method in class org.owasp.esapi.codecs.Hex
-
Output byte representation as hexadecimal representation.
- toHex(char) - Static method in class org.owasp.esapi.codecs.Codec
- toInt(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil
-
Converts a given byte array to an
int
. - toLong(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil
-
Converts a given byte array to a
long
. - toOctal(char) - Static method in class org.owasp.esapi.codecs.Codec
- toShort(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil
-
Converts a given byte array to an
short
. - toString() - Method in class org.owasp.esapi.codecs.HashTrie
- toString() - Method in class org.owasp.esapi.crypto.CipherSpec
-
Override
Object.toString()
to provide something more useful. - toString() - Method in class org.owasp.esapi.crypto.CipherText
-
More useful
toString()
method. - toString() - Method in class org.owasp.esapi.crypto.PlainText
-
Convert the
PlainText
object to a UTF-8 encodedString
. - toString() - Method in class org.owasp.esapi.ExecuteResult
- toString() - Method in class org.owasp.esapi.Logger.EventType
-
Convert the
EventType
to a string. - toString() - Method in class org.owasp.esapi.PreparedString
-
Render the PreparedString by combining the template with properly escaped parameters.
- toString() - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
- toString() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
- toString() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to not print out the keys and values stored in this properties file.
- toString() - Method in class org.owasp.esapi.reference.DefaultUser
- toString() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- toString() - Method in class org.owasp.esapi.waf.rules.Rule
- toString(Object) - Static method in class org.owasp.esapi.util.NullSafe
-
Object.toString()
of an object. - trace(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
- trace(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
- trace(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log a trace level security event if 'trace' level logging is enabled.
- trace(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a trace level security event if 'trace' level logging is enabled.
- trace(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log a trace level security event if 'trace' level logging is enabled and also record the stack trace associated with the event.
- trace(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a trace level security event if 'trace' level logging is enabled and also record the stack trace associated with the event.
- TRACE - Static variable in interface org.owasp.esapi.Logger
-
TRACE indicates that TRACE messages and above should be logged.
- Trie<T> - Interface in org.owasp.esapi.codecs
- Trie.TrieProxy<T> - Class in org.owasp.esapi.codecs
- Trie.Unmodifiable<T> - Class in org.owasp.esapi.codecs
- Trie.Util - Class in org.owasp.esapi.codecs
U
- union(char[]...) - Static method in class org.owasp.esapi.StringUtilities
-
Union multiple character arrays.
- UnixCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for '\' encoding from Unix command shell.
- UnixCodec() - Constructor for class org.owasp.esapi.codecs.UnixCodec
- unlock() - Method in class org.owasp.esapi.reference.DefaultUser
-
Unlock this user's account.
- unlock() - Method in interface org.owasp.esapi.User
-
Unlock this user's account.
- unseal(String) - Method in interface org.owasp.esapi.Encryptor
-
Unseals data (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or decryption error.
- unseal(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Unseals data (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or decryption error.
- update(Set) - Method in interface org.owasp.esapi.AccessReferenceMap
-
Updates the access reference map with a new set of direct references, maintaining any existing indirect references associated with items that are in the new list.
- update(Set) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
-
Updates the access reference map with a new set of direct references, maintaining any existing indirect references associated with items that are in the new list.
- updateToken(int) - Method in class org.owasp.esapi.crypto.CryptoToken
-
Update the (current) expiration time by adding the specified number of seconds to it and then re-encrypting with the current
SecretKey
that was used to construct this object. - UPLOAD_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- UPLOAD_TEMP_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
- URL_SAFE - Static variable in class org.owasp.esapi.codecs.Base64
-
Encode using Base64-like encoding that is URL- and Filename-safe as described in Section 4 of RFC3548: http://www.faqs.org/rfcs/rfc3548.html.
- useMACforCipherText() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
-
Determines whether the
CipherText
should be used with a Message Authentication Code (MAC). - useMACforCipherText() - Method in interface org.owasp.esapi.SecurityConfiguration
-
Determines whether the
CipherText
should be used with a Message Authentication Code (MAC). - User - Interface in org.owasp.esapi
-
The User interface represents an application user or user account.
- USER - Static variable in class org.owasp.esapi.reference.AbstractAuthenticator
-
Key for user in session
- USERNAME_PARAMETER_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
V
- validateInputAndCanonical - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
- validateMAC(SecretKey) - Method in class org.owasp.esapi.crypto.CipherText
-
Validate the message authentication code (MAC) associated with the ciphertext.
- VALIDATION_PROPERTIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- ValidationAvailabilityException - Exception in org.owasp.esapi.errors
- ValidationAvailabilityException() - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException
-
Instantiates a new validation exception.
- ValidationAvailabilityException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException
-
Create a new ValidationException
- ValidationAvailabilityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException
-
Create a new ValidationException
- ValidationErrorList - Class in org.owasp.esapi
-
The ValidationErrorList class defines a well-formed collection of ValidationExceptions so that groups of validation functions can be called in a non-blocking fashion.
- ValidationErrorList() - Constructor for class org.owasp.esapi.ValidationErrorList
- ValidationException - Exception in org.owasp.esapi.errors
-
A ValidationException should be thrown to indicate that the data provided by the user or from some other external source does not match the validation rules that have been specified for that data.
- ValidationException() - Constructor for exception org.owasp.esapi.errors.ValidationException
-
Instantiates a new validation exception.
- ValidationException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationException
-
Creates a new instance of ValidationException.
- ValidationException(String, String, String) - Constructor for exception org.owasp.esapi.errors.ValidationException
-
Creates a new instance of ValidationException.
- ValidationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationException
-
Instantiates a new ValidationException.
- ValidationException(String, String, Throwable, String) - Constructor for exception org.owasp.esapi.errors.ValidationException
-
Instantiates a new ValidationException.
- ValidationRule - Interface in org.owasp.esapi
- ValidationUploadException - Exception in org.owasp.esapi.errors
- ValidationUploadException() - Constructor for exception org.owasp.esapi.errors.ValidationUploadException
-
Instantiates a new validation exception.
- ValidationUploadException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationUploadException
-
Create a new ValidationException
- ValidationUploadException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationUploadException
-
Create a new ValidationException
- validator() - Static method in class org.owasp.esapi.ESAPI
- Validator - Interface in org.owasp.esapi
-
The Validator interface defines a set of methods for canonicalizing and validating untrusted input.
- VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- validCreditCardFormat(String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
-
Performs additional validation on the card nummber.
- valueOf(String) - Static method in enum org.owasp.esapi.codecs.MySQLCodec.Mode
-
Returns the enum constant of this type with the specified name.
- valueOf(String) - Static method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
-
Returns the enum constant of this type with the specified name.
- values() - Method in class org.owasp.esapi.codecs.HashTrie
- values() - Static method in enum org.owasp.esapi.codecs.MySQLCodec.Mode
-
Returns an array containing the constants of this enum type, in the order they are declared.
- values() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
- values() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
- values() - Static method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
-
Returns an array containing the constants of this enum type, in the order they are declared.
- values() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
-
This method has been overridden to throw an
UnsupportedOperationException
- VBScriptCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for 'quote' encoding from VBScript.
- VBScriptCodec() - Constructor for class org.owasp.esapi.codecs.VBScriptCodec
- verifyAccountNameStrength(String) - Method in interface org.owasp.esapi.Authenticator
-
Ensures that the account name passes site-specific complexity requirements, like minimum length.
- verifyAccountNameStrength(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Ensures that the account name passes site-specific complexity requirements, like minimum length.
- verifyCSRFToken() - Method in interface org.owasp.esapi.HTTPUtilities
-
Calls verifyCSRFToken with the *current* request.
- verifyCSRFToken() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Calls verifyCSRFToken with the *current* request.
- verifyCSRFToken(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
-
Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and throws an IntrusionException if it is missing.
- verifyCSRFToken(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
-
Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and throws an IntrusionException if it is missing.
- verifyPassword(String) - Method in class org.owasp.esapi.reference.DefaultUser
-
Verify that the supplied password matches the password for this user.
- verifyPassword(String) - Method in interface org.owasp.esapi.User
-
Verify that the supplied password matches the password for this user.
- verifyPassword(User, String) - Method in interface org.owasp.esapi.Authenticator
-
Verify that the supplied password matches the password for this user.
- verifyPassword(User, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Verify that the supplied password matches the password for this user.
- verifyPasswordStrength(String, String, User) - Method in interface org.owasp.esapi.Authenticator
-
Ensures that the password meets site-specific complexity requirements, like length or number of character sets.
- verifyPasswordStrength(String, String, User) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
-
Ensures that the password meets site-specific complexity requirements, like length or number of character sets.
- verifySeal(String) - Method in interface org.owasp.esapi.Encryptor
-
Verifies a seal (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or data mismatch.
- verifySeal(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Verifies a seal (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or data mismatch.
- verifySignature(String, String) - Method in interface org.owasp.esapi.Encryptor
-
Verifies a digital signature (created with the sign method) and returns the boolean result.
- verifySignature(String, String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
-
Verifies a digital signature (created with the sign method) and returns the boolean result.
W
- warn(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
- warn(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
- warning(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
-
Log a warning level security event if 'warning' level logging is enabled.
- warning(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a warning level security event if 'warning' level logging is enabled.
- warning(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
-
Log a warning level security event if 'warning' level logging is enabled and also record the stack trace associated with the event.
- warning(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
-
Log a warning level security event if 'warning' level logging is enabled and also record the stack trace associated with the event.
- WARNING - Static variable in interface org.owasp.esapi.Logger
-
WARNING indicates that WARNING messages and above should be logged.
- whitelist(String, char[]) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
String the input of all chars contained in the list
- whitelist(String, char[]) - Method in interface org.owasp.esapi.ValidationRule
-
String the input of all chars contained in the list
- whitelist(String, Set<Character>) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
-
Removes characters that aren't in the whitelist from the input String.
- whitelist(String, Set<Character>) - Method in interface org.owasp.esapi.ValidationRule
-
String the input of all chars contained in the list
- whitelistPatterns - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
- WindowsCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for '^' encoding from Windows command shell.
- WindowsCodec() - Constructor for class org.owasp.esapi.codecs.WindowsCodec
- WORKING_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
- write(byte[]) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- write(byte[], int, int) - Method in class org.owasp.esapi.codecs.Base64.OutputStream
-
Calls
Base64.OutputStream.write(int)
repeatedly until len bytes are written. - write(byte[], int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- write(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- write(char[], int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- write(int) - Method in class org.owasp.esapi.codecs.Base64.OutputStream
-
Writes the byte to the output stream after converting to/from Base64 notation.
- write(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- write(int) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
- write(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
- write(String, int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
X
- XMLEntityCodec - Class in org.owasp.esapi.codecs
-
Implementation of the Codec interface for XML entity encoding.
- XMLEntityCodec() - Constructor for class org.owasp.esapi.codecs.XMLEntityCodec
All Classes All Packages