org.owasp.esapi.reference.validation.DateValidationRule Maven / Gradle / Ivy
/**
* OWASP Enterprise Security API (ESAPI)
*
* This file is part of the Open Web Application Security Project (OWASP)
* Enterprise Security API (ESAPI) project. For details, please see
* http://www.owasp.org/index.php/ESAPI.
*
* Copyright (c) 2007 - The OWASP Foundation
*
* The ESAPI is published by OWASP under the BSD license. You should read and accept the
* LICENSE before you use, modify, and/or redistribute this software.
*
* @author Jeff Williams Aspect Security
* @created 2007
*/
package org.owasp.esapi.reference.validation;
import java.text.DateFormat;
import java.util.Date;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.StringUtilities;
import org.owasp.esapi.ValidationErrorList;
import org.owasp.esapi.errors.ValidationException;
/**
* A validator performs syntax and possibly semantic validation of a single
* piece of data from an untrusted source.
*
* @author Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
* @since June 1, 2007
* @see org.owasp.esapi.Validator
*/
public class DateValidationRule extends BaseValidationRule {
private DateFormat format = DateFormat.getDateInstance();
public DateValidationRule( String typeName, Encoder encoder, DateFormat newFormat ) {
super( typeName, encoder );
setDateFormat( newFormat );
}
public final void setDateFormat( DateFormat newFormat ) {
if (newFormat == null) {
throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat");
}
// CHECKME fail fast?
/*
try {
newFormat.parse(new Date());
} catch (ParseException e) {
throw new IllegalArgumentException(e);
}
*/
this.format = newFormat;
this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
}
/**
* {@inheritDoc}
*/
public Date getValid( String context, String input ) throws ValidationException {
return safelyParse(context, input, false);
}
/**
* {@inheritDoc}
*/
@Override
public Date sanitize( String context, String input ) {
return sanitize(context, input, null);
}
/**
* Same as sanitize(String, String) except it returns any ValidationException generated in the provided errorList.
*
* @param errorList The error list to add any ValidationException to.
* @return The valid sanitized Date, or Date(0) if the supplied input was not a valid date.
*/
public Date sanitize( String context, String input, ValidationErrorList errorList ) {
Date date = new Date(0);
try {
date = safelyParse(context, input, true);
} catch (ValidationException e) {
if (errorList != null) {
errorList.addError(context, e);
}
}
return date;
}
private Date safelyParse(String context, String input, boolean sanitize)
throws ValidationException {
// CHECKME should this allow empty Strings? " " use IsBlank instead?
if (StringUtilities.isEmpty(input)) {
if (allowNull) {
return null;
}
throw new ValidationException(context + ": Input date required",
"Input date required: context=" + context + ", input="
+ input, context);
}
String canonical = encoder.canonicalize(input);
try {
Date rval = format.parse(canonical);
if (sanitize) {
String cycled = format.format(rval);
if (!cycled.equals(canonical)) {
throw new Exception("Parameter date is not a clean translation between String and Date contexts. Check input for additional characters");
}
}
return rval;
} catch (Exception e) {
throw new ValidationException(context
+ ": Invalid date must follow the "
+ format.getNumberFormat() + " format",
"Invalid date: context=" + context + ", format=" + format
+ ", input=" + input, e, context);
}
}
}