I was not able to use the of method present under ESAPI class'
java.lang.String getValidInput(java.lang.String context, java.lang.String input, java.lang.String type, int maxLength, boolean allowNull) throws ValidationException, IntrusionException Parameters: type - The regular expression name that maps to the actual regular expression from "ESAPI.properties".
How to pass parameter type from ESAPI.properties file? Any example to use properties file value from which I can refer?
Here's an example call where I'm validating the "to" address field:
validator.getValidInput("toAddress", it.next(), "Email", Email.MAX_ADDRESS_SIZE, true)
ESAPI assumes you're using an IDE or have access to the direct source. If you're using Eclipse, just mouse-hover over the method name, and the parameter types will be displayed.
===UPDATED===
Here's the rip directly from the javadoc:
/** * Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException, * and input that is clearly an attack will generate a descriptive IntrusionException. * * @param context * A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in. * @param input * The actual user input data to validate. * @param type * The regular expression name that maps to the actual regular expression from "ESAPI.properties". * @param maxLength * The maximum post-canonicalized String length allowed. * @param allowNull * If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException. * * @return The canonicalized user input. * * @throws ValidationException * @throws IntrusionException */
ESAPI.validator().getValidInput("Validationofinput", StringInput, "Onlycharacters",200, true);
