| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| /** |
| * OWASP Enterprise Security API (ESAPI) |
| * |
| * This file is part of the Open Web Application Security Project (OWASP) |
| * Enterprise Security API (ESAPI) project. For details, please see |
| * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>. |
| * |
| * Copyright (c) 2007 - The OWASP Foundation |
| * |
| * The ESAPI is published by OWASP under the BSD license. You should read and accept the |
| * LICENSE before you use, modify, and/or redistribute this software. |
| * |
| * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a> |
| * @created 2007 |
| */ |
| package org.apache.sling.xss.impl; |
| |
| import org.apache.sling.xss.XSSAPI; |
| import org.owasp.esapi.Encoder; |
| import org.owasp.esapi.StringUtilities; |
| import org.owasp.esapi.errors.ValidationException; |
| import org.owasp.esapi.reference.validation.BaseValidationRule; |
| |
| |
| /** |
| * A validator performs syntax and possibly semantic validation of a single |
| * piece of data from an untrusted source. |
| * <p> |
| * This class is derived from the OWASP ESAPI {@code LongValidationRule} |
| * class to support validation of {@code long} values. |
| * |
| * @see XSSAPI#getValidLong(String, long) |
| * @see org.owasp.esapi.Validator |
| * @see org.owasp.esapi.reference.validation.IntegerValidationRule |
| */ |
| class LongValidationRule extends BaseValidationRule { |
| |
| private final long minValue; |
| private final long maxValue; |
| |
| LongValidationRule( String typeName, Encoder encoder, long minValue, long maxValue ) { |
| super( typeName, encoder ); |
| this.minValue = minValue; |
| this.maxValue = maxValue; |
| } |
| |
| public Long getValid( String context, String input ) throws ValidationException { |
| return safelyParse(context, input); |
| } |
| |
| private Long safelyParse(String context, String input) throws ValidationException { |
| // do not allow empty Strings such as " " - so trim to ensure |
| // isEmpty catches " " |
| if (input != null) input = input.trim(); |
| |
| if ( StringUtilities.isEmpty(input) ) { |
| if (allowNull) { |
| return null; |
| } |
| throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context ); |
| } |
| |
| // canonicalize |
| String canonical = encoder.canonicalize( input ); |
| |
| if (minValue > maxValue) { |
| throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context ); |
| } |
| |
| // validate min and max |
| try { |
| long i = Long.parseLong(canonical); |
| if (i < minValue) { |
| throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context ); |
| } |
| if (i > maxValue) { |
| throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context ); |
| } |
| return i; |
| } catch (NumberFormatException e) { |
| throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context); |
| } |
| } |
| |
| @Override |
| public Long sanitize( String context, String input ) { |
| Long toReturn = Long.valueOf( 0 ); |
| try { |
| toReturn = safelyParse(context, input); |
| } catch (ValidationException e ) { |
| // do nothing |
| } |
| return toReturn; |
| } |
| } |