Package | Description |
---|---|
org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
org.owasp.esapi.codecs |
This package contains codecs for application layer encoding/escaping schemes that can be used for
both canonicalization and output encoding.
|
org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
Modifier and Type | Method and Description |
---|---|
String |
Encoder.encodeForOS(Codec codec,
String input)
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
|
String |
Encoder.encodeForSQL(Codec codec,
String input)
Encode input for use in a SQL query, according to the selected codec
(appropriate codecs include the MySQLCodec and OracleCodec).
|
ExecuteResult |
Executor.executeSystemCommand(File executable,
List params,
File workdir,
Codec codec,
boolean logParams,
boolean redirectErrorStream)
Executes a system command after checking that the executable exists and
escaping all the parameters to ensure that injection is impossible.
|
void |
PreparedString.set(int index,
String value,
Codec codec)
Set the parameter at index with supplied value using the supplied Codec to escape.
|
Constructor and Description |
---|
PreparedString(String template,
char parameterCharacter,
Codec codec)
Create a PreparedString with the supplied template, parameter placeholder character, and Codec.
|
PreparedString(String template,
Codec codec)
Create a PreparedString with the supplied template and Codec.
|
Modifier and Type | Class and Description |
---|---|
class |
CSSCodec
Implementation of the Codec interface for backslash encoding used in CSS.
|
class |
DB2Codec
Implementation of the Codec interface for DB2 strings.
|
class |
HTMLEntityCodec
Implementation of the Codec interface for HTML entity encoding.
|
class |
JavaScriptCodec
Implementation of the Codec interface for backslash encoding in JavaScript.
|
class |
MySQLCodec
Implementation of the Codec interface for MySQL strings.
|
class |
OracleCodec
Implementation of the Codec interface for Oracle strings.
|
class |
PercentCodec
Implementation of the Codec interface for percent encoding (aka URL encoding).
|
class |
UnixCodec
Implementation of the Codec interface for '\' encoding from Unix command shell.
|
class |
VBScriptCodec
Implementation of the Codec interface for 'quote' encoding from VBScript.
|
class |
WindowsCodec
Implementation of the Codec interface for '^' encoding from Windows command shell.
|
class |
XMLEntityCodec
Implementation of the Codec interface for XML entity encoding.
|
Modifier and Type | Method and Description |
---|---|
String |
DefaultEncoder.encodeForOS(Codec codec,
String input)
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
|
String |
DefaultEncoder.encodeForSQL(Codec codec,
String input)
Encode input for use in a SQL query, according to the selected codec
(appropriate codecs include the MySQLCodec and OracleCodec).
|
ExecuteResult |
DefaultExecutor.executeSystemCommand(File executable,
List params,
File workdir,
Codec codec,
boolean logParams,
boolean redirectErrorStream)
Executes a system command after checking that the executable exists and
escaping all the parameters to ensure that injection is impossible.
|
Copyright © 2013 The Open Web Application Security Project (OWASP). All Rights Reserved.