All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • org.owasp.esapi.reference.validation.DateValidationRule Maven / Gradle / Ivy

    Go to download

    The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

    There is a newer version: 2.5.5.0
    Show newest version
    /**
 * OWASP Enterprise Security API (ESAPI)
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * Enterprise Security API (ESAPI) project. For details, please see
 * http://www.owasp.org/index.php/ESAPI.
 *
 * Copyright (c) 2007 - The OWASP Foundation
 * 
 * The ESAPI is published by OWASP under the BSD license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jeff Williams Aspect Security
 * @created 2007
 */
package org.owasp.esapi.reference.validation;

import java.text.DateFormat;
import java.util.Date;

import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.StringUtilities;
import org.owasp.esapi.ValidationErrorList;
import org.owasp.esapi.errors.ValidationException;

/**
 * A validator performs syntax and possibly semantic validation of a single
 * piece of data from an untrusted source.
 * 
 * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
 * @since June 1, 2007
 * @see org.owasp.esapi.Validator
 */
public class DateValidationRule extends BaseValidationRule {
	private DateFormat format = DateFormat.getDateInstance();
	
	public DateValidationRule( String typeName, Encoder encoder, DateFormat newFormat ) {
		super( typeName, encoder );      
		setDateFormat( newFormat );
	}
	
    public final void setDateFormat( DateFormat newFormat ) {
        if (newFormat == null) {
			throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat");
		}
    	// CHECKME fail fast?
/*		
  		try {
			newFormat.parse(new Date());
		} catch (ParseException e) {
			throw new IllegalArgumentException(e);
		}
*/
        this.format = newFormat;
        this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
    }

    /**
     * {@inheritDoc}
     */
	public Date getValid( String context, String input ) throws ValidationException {
		return safelyParse(context, input, false);
	}

    /**
     * {@inheritDoc}
     */
	@Override
	public Date sanitize( String context, String input )  {
		return sanitize(context, input, null);
	}
	
	/**
     * Same as sanitize(String, String) except it returns any ValidationException generated in the provided errorList.
     * 
     *   @param errorList The error list to add any ValidationException to.
     *   @return The valid sanitized Date, or Date(0) if the supplied input was not a valid date.
     */
    public Date sanitize( String context, String input, ValidationErrorList errorList )  {
        Date date = new Date(0);
        try {
            date = safelyParse(context, input, true);
        } catch (ValidationException e) {
            if (errorList != null) {
                errorList.addError(context, e);
            }
        }
        return date;
    }
	    
	private Date safelyParse(String context, String input, boolean sanitize)
			throws ValidationException {
		// CHECKME should this allow empty Strings? "   " use IsBlank instead?
		if (StringUtilities.isEmpty(input)) {
			if (allowNull) {
				return null;
			}
			throw new ValidationException(context + ": Input date required",
					"Input date required: context=" + context + ", input="
							+ input, context);
		}

		 String canonical = encoder.canonicalize(input);
	        try {
	            Date rval = format.parse(canonical);
	            if (sanitize) {
	                String cycled = format.format(rval);
	                if (!cycled.equals(canonical)) {
	                    throw new Exception("Parameter date is not a clean translation between String and Date contexts.  Check input for additional characters");
	                }
	            }
	            return rval;
		} catch (Exception e) {
			throw new ValidationException(context
					+ ": Invalid date must follow the "
					+ format.getNumberFormat() + " format",
					"Invalid date: context=" + context + ", format=" + format
							+ ", input=" + input, e, context);
		}
	}
}




    © 2015 - 2024 Weber Informatics LLC | Privacy Policy