Package org.craftercms.studio.impl.v2.validation

Class StudioEsapiSecurityConfiguration

java.lang.Object
org.owasp.esapi.reference.DefaultSecurityConfiguration
org.craftercms.studio.impl.v2.validation.StudioEsapiSecurityConfiguration
All Implemented Interfaces:
org.owasp.esapi.configuration.EsapiPropertyLoader, org.owasp.esapi.SecurityConfiguration
public class StudioEsapiSecurityConfiguration extends org.owasp.esapi.reference.DefaultSecurityConfiguration
ESAPI DefaultSecurityConfiguration extension to allow overriding validation regex patterns.

  • Nested Class Summary

    Nested classes/interfaces inherited from interface org.owasp.esapi.SecurityConfiguration

    org.owasp.esapi.SecurityConfiguration.Threshold

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    STUDIO_VALIDATION_REGEX_OVERRIDE_FORMAT
     

    Fields inherited from class org.owasp.esapi.reference.DefaultSecurityConfiguration

    ABSOLUTE_TIMEOUT_DURATION, ACCEPT_LENIENT_DATES, ACCESS_CONTROL_IMPLEMENTATION, ADDITIONAL_ALLOWED_CIPHER_MODES, ALLOW_MIXED_ENCODING, ALLOW_MULTIPLE_ENCODING, ALLOWED_LOGIN_ATTEMPTS, APPLICATION_NAME, APPROVED_EXECUTABLES, APPROVED_UPLOAD_EXTENSIONS, AUTHENTICATION_IMPLEMENTATION, CANONICALIZATION_CODECS, CHARACTER_ENCODING, CIPHER_TRANSFORMATION_IMPLEMENTATION, CIPHERTEXT_USE_MAC, COMBINED_CIPHER_MODES, DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, DEFAULT_AUTHENTICATION_IMPLEMENTATION, DEFAULT_ENCODER_IMPLEMENTATION, DEFAULT_ENCRYPTION_IMPLEMENTATION, DEFAULT_EXECUTOR_IMPLEMENTATION, DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, DEFAULT_LOG_IMPLEMENTATION, DEFAULT_RANDOMIZER_IMPLEMENTATION, DEFAULT_RESOURCE_FILE, DEFAULT_VALIDATOR_IMPLEMENTATION, DIGITAL_SIGNATURE_ALGORITHM, DIGITAL_SIGNATURE_KEY_LENGTH, DISABLE_INTRUSION_DETECTION, DISCARD_LOGSPECIAL, ENCODER_IMPLEMENTATION, ENCRYPTION_ALGORITHM, ENCRYPTION_IMPLEMENTATION, EXECUTOR_IMPLEMENTATION, FORCE_HTTPONLYCOOKIES, FORCE_HTTPONLYSESSION, FORCE_SECURECOOKIES, FORCE_SECURESESSION, HASH_ALGORITHM, HASH_ITERATIONS, HTTP_SESSION_ID_NAME, HTTP_UTILITIES_IMPLEMENTATION, IDLE_TIMEOUT_DURATION, INTRUSION_DETECTION_IMPLEMENTATION, IV_TYPE, KDF_PRF_ALG, KEY_LENGTH, LOG_APPLICATION_NAME, LOG_CLIENT_INFO, LOG_ENCODING_REQUIRED, LOG_IMPLEMENTATION, LOG_SERVER_IP, LOG_USER_INFO, MASTER_KEY, MASTER_SALT, MAX_HTTP_HEADER_SIZE, MAX_OLD_PASSWORD_HASHES, MAX_REDIRECT_LOCATION, MAX_UPLOAD_FILE_BYTES, PASSWORD_PARAMETER_NAME, PLAINTEXT_OVERWRITE, PREFERRED_JCE_PROVIDER, PRINT_PROPERTIES_WHEN_LOADED, RANDOM_ALGORITHM, RANDOMIZER_IMPLEMENTATION, REMEMBER_TOKEN_DURATION, RESPONSE_CONTENT_TYPE, UPLOAD_DIRECTORY, UPLOAD_TEMP_DIRECTORY, USERNAME_PARAMETER_NAME, VALIDATION_PROPERTIES, VALIDATION_PROPERTIES_MULTIVALUED, VALIDATOR_HTML_VALIDATION_ACTION, VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE, VALIDATOR_IMPLEMENTATION, WORKING_DIRECTORY

  • Constructor Summary

    Constructors
    Constructor
    Description
    StudioEsapiSecurityConfiguration(StudioConfiguration studioConfiguration)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static org.owasp.esapi.SecurityConfiguration
    getInstance()
     
    Pattern
    getValidationPattern(String key)
    Returns a single pattern based upon key.

    Methods inherited from class org.owasp.esapi.reference.DefaultSecurityConfiguration

    getAccessControlImplementation, getAdditionalAllowedCipherModes, getAllowedExecutables, getAllowedFileExtensions, getAllowedFileUploadSize, getAllowedLoginAttempts, getAllowMixedEncoding, getAllowMultipleEncoding, getApplicationName, getAuthenticationImplementation, getBooleanProp, getByteArrayProp, getCharacterEncoding, getCipherTransformation, getCombinedCipherModes, getDefaultCanonicalizationCodecs, getDigitalSignatureAlgorithm, getDigitalSignatureKeyLength, getDisableIntrusionDetection, getEncoderImplementation, getEncryptionAlgorithm, getEncryptionImplementation, getEncryptionKeyLength, getESAPIProperties, getESAPIProperty, getESAPIProperty, getESAPIProperty, getESAPIProperty, getESAPIPropertyEncoded, getExecutorImplementation, getForceHttpOnlyCookies, getForceHttpOnlySession, getForceSecureCookies, getForceSecureSession, getHashAlgorithm, getHashIterations, getHttpSessionIdName, getHTTPUtilitiesImplementation, getIntProp, getIntrusionDetectionImplementation, getIVType, getKDFPseudoRandomFunction, getLenientDatesAccepted, getLogApplicationName, getLogEncodingRequired, getLogImplementation, getLogServerIP, getMasterKey, getMasterSalt, getMaxHttpHeaderSize, getMaxOldPasswordHashes, getPasswordParameterName, getPreferredJCEProvider, getQuota, getRandomAlgorithm, getRandomizerImplementation, getRememberTokenDuration, getResourceFile, getResourceStream, getResponseContentType, getSessionAbsoluteTimeoutLength, getSessionIdleTimeoutLength, getStringProp, getUploadDirectory, getUploadTempDirectory, getUsernameParameterName, getValidationImplementation, getWorkingDirectory, loadConfiguration, logToStdout, overwritePlainText, setCipherTransformation, setResourceDirectory, shouldPrintProperties, useMACforCipherText

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • STUDIO_VALIDATION_REGEX_OVERRIDE_FORMAT

      public static final String STUDIO_VALIDATION_REGEX_OVERRIDE_FORMAT
      See Also:

  • Constructor Details

    • StudioEsapiSecurityConfiguration

      public StudioEsapiSecurityConfiguration(StudioConfiguration studioConfiguration)

  • Method Details

    • getInstance

      public static org.owasp.esapi.SecurityConfiguration getInstance()

    • getValidationPattern

      public Pattern getValidationPattern(String key)
      Returns a single pattern based upon key. It first tries to get the value from studio configuration, using the key prefix 'studio.validation.regex.%s'. If value is not found in studio configuration, it invokes the super class (DefaultSecurityConfiguration) method to get default configured value.
      Specified by:
      getValidationPattern in interface org.owasp.esapi.SecurityConfiguration
      Overrides:
      getValidationPattern in class org.owasp.esapi.reference.DefaultSecurityConfiguration
      Parameters:
      key - validation pattern name you'd like
      Returns:
      if key exists, the associated validation pattern, null otherwise