Class: Owasp::Esapi::Validator::BaseRule

Inherits:
Object
  • Object
show all
Defined in:
lib/validator/base_rule.rb

Overview

A ValidationRule performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

Direct Known Subclasses

DateRule, FloatRule, IntegerRule, StringRule

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name, encoder = nil) ⇒ BaseRule

Returns a new instance of BaseRule.



17
18
19
20
21
22
 
# File 'lib/validator/base_rule.rb', line 17

def initialize(name,encoder=nil)
  @name = name
  @encoder = encoder
  @encoder = Owasp::Esapi.encoder if @encoder.nil?
  @allow_nil = false
end

Instance Attribute Details

#allow_nilObject

Returns the value of attribute allow_nil.



16
17
18
 
# File 'lib/validator/base_rule.rb', line 16

def allow_nil
  @allow_nil
end

#encoderObject

Returns the value of attribute encoder.



16
17
18
 
# File 'lib/validator/base_rule.rb', line 16

def encoder
  @encoder
end

#nameObject

Returns the value of attribute name.



16
17
18
 
# File 'lib/validator/base_rule.rb', line 16

def name
  @name
end

Instance Method Details

#safe(context, string) ⇒ Object

Try to call get valid, then call sanitize, finally return a default value



57
58
59
60
61
62
63
64
65
 
# File 'lib/validator/base_rule.rb', line 57

def safe(context,string)
  valid = nil
  begin
    valid = valid(context,input)
  rescue ValidationException => e
    return sanitize(context,input)
  end
  return valid
end

#sanitize(context, input) ⇒ Object

The method is similar to getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value. Subclasses should implment this method



72
73
74
 
# File 'lib/validator/base_rule.rb', line 72

def sanitize(context,input)
  input
end

#valid(context, input) ⇒ Object

Parse the input, raise exceptions if validation fails sub classes need to implment this method as the base class will always raise an exception

Raises:



52
53
54
 
# File 'lib/validator/base_rule.rb', line 52

def valid(context,input)
  raise Owasp::Esapi::ValidationException.new(input,input,context)
end

#valid?(context, input) ⇒ Boolean

return true if the input passes validation

Returns:

  • (Boolean) 


25
26
27
28
29
30
31
32
33
 
# File 'lib/validator/base_rule.rb', line 25

def valid?(context,input)
  valid = false
  begin
    valid(context,input)
    valid = true
  rescue Exception =>e
  end
  valid
end

#validate(context, input, errors = nil) ⇒ Object

Parse the input, calling the valid method if an exception if thrown it will be added to the ValidatorErrorList object. This method allows for multiple rules to be executed and collect all the errors that were invoked along the way.



39
40
41
42
43
44
45
46
47
 
# File 'lib/validator/base_rule.rb', line 39

def validate(context,input, errors=nil)
  valid = nil
  begin
    valid = valid(context,input)
  rescue ValidationException => e
    errors<< e unless errors.nil?
  end
  input
end

#whitelist(input, list) ⇒ Object

Removes characters that aren’t in the whitelist from the input String. chars is expected to be string



78
79
80
81
82
83
84
 
# File 'lib/validator/base_rule.rb', line 78

def whitelist(input,list)
  rc = ''
  input.chars do |c|
    rc << c if list.include?(c)
  end
  rc
end