src/main/java/org/apache/sling/xss/impl/LongValidationRule.java - sling-org-apache-sling-xss - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 /**
  * OWASP Enterprise Security API (ESAPI)
  *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
  *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
 package org.apache.sling.xss.impl;

 import org.apache.sling.xss.XSSAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.StringUtilities;
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.reference.validation.BaseValidationRule;


 /**
  * A validator performs syntax and possibly semantic validation of a single
  * piece of data from an untrusted source.
  * <p>
  * This class is derived from the OWASP ESAPI {@code LongValidationRule}
  * class to support validation of {@code long} values.
  *
  * @see XSSAPI#getValidLong(String, long)
  * @see org.owasp.esapi.Validator
  * @see org.owasp.esapi.reference.validation.IntegerValidationRule
  */
 class LongValidationRule extends BaseValidationRule {

     private final long minValue;
     private final long maxValue;

     LongValidationRule( String typeName, Encoder encoder, long minValue, long maxValue ) {
         super( typeName, encoder );
         this.minValue = minValue;
         this.maxValue = maxValue;
     }

     public Long getValid( String context, String input ) throws ValidationException {
         return safelyParse(context, input);
     }

     private Long safelyParse(String context, String input) throws ValidationException {
         // do not allow empty Strings such as "   " - so trim to ensure
         // isEmpty catches "    "
         if (input != null) input = input.trim();

         if ( StringUtilities.isEmpty(input) ) {
             if (allowNull) {
                 return null;
             }
             throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
         }

         // canonicalize
         String canonical = encoder.canonicalize( input );

         if (minValue > maxValue) {
             throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
         }

         // validate min and max
         try {
             long i = Long.parseLong(canonical);
             if (i < minValue) {
                 throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
             }
             if (i > maxValue) {
                 throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
             }
             return i;
         } catch (NumberFormatException e) {
             throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
         }
     }

     @Override
     public Long sanitize( String context, String input ) {
         Long toReturn = Long.valueOf( 0 );
         try {
             toReturn = safelyParse(context, input);
         } catch (ValidationException e ) {
             // do nothing
         }
         return toReturn;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	/**
	* OWASP Enterprise Security API (ESAPI)
	*
	* This file is part of the Open Web Application Security Project (OWASP)
	* Enterprise Security API (ESAPI) project. For details, please see
	* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
	*
	* Copyright (c) 2007 - The OWASP Foundation
	*
	* The ESAPI is published by OWASP under the BSD license. You should read and accept the
	* LICENSE before you use, modify, and/or redistribute this software.
	*
	* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
	* @created 2007
	*/
	package org.apache.sling.xss.impl;

	import org.apache.sling.xss.XSSAPI;
	import org.owasp.esapi.Encoder;
	import org.owasp.esapi.StringUtilities;
	import org.owasp.esapi.errors.ValidationException;
	import org.owasp.esapi.reference.validation.BaseValidationRule;


	/**
	* A validator performs syntax and possibly semantic validation of a single
	* piece of data from an untrusted source.
	* <p>
	* This class is derived from the OWASP ESAPI {@code LongValidationRule}
	* class to support validation of {@code long} values.
	*
	* @see XSSAPI#getValidLong(String, long)
	* @see org.owasp.esapi.Validator
	* @see org.owasp.esapi.reference.validation.IntegerValidationRule
	*/
	class LongValidationRule extends BaseValidationRule {

	private final long minValue;
	private final long maxValue;

	LongValidationRule( String typeName, Encoder encoder, long minValue, long maxValue ) {
	super( typeName, encoder );
	this.minValue = minValue;
	this.maxValue = maxValue;
	}

	public Long getValid( String context, String input ) throws ValidationException {
	return safelyParse(context, input);
	}

	private Long safelyParse(String context, String input) throws ValidationException {
	// do not allow empty Strings such as " " - so trim to ensure
	// isEmpty catches " "
	if (input != null) input = input.trim();

	if ( StringUtilities.isEmpty(input) ) {
	if (allowNull) {
	return null;
	}
	throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
	}

	// canonicalize
	String canonical = encoder.canonicalize( input );

	if (minValue > maxValue) {
	throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
	}

	// validate min and max
	try {
	long i = Long.parseLong(canonical);
	if (i < minValue) {
	throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
	}
	if (i > maxValue) {
	throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
	}
	return i;
	} catch (NumberFormatException e) {
	throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
	}
	}

	@Override
	public Long sanitize( String context, String input ) {
	Long toReturn = Long.valueOf( 0 );
	try {
	toReturn = safelyParse(context, input);
	} catch (ValidationException e ) {
	// do nothing
	}
	return toReturn;
	}
	}