ESAPI配置方法
Hi,大家好,我是编程小6,很荣幸遇见你,我把这些年在开发过程中遇到的问题或想法写出来,今天说一说ESAPI配置方法,希望能够帮助你!!!。
ESAPI配置方法
- 一、导入jar包
- 二、在resource文件夹下添加ESAPI.properties配置文件
- 三、ESAPI.properties配置属性说明
- 四、在resource文件夹下添加Validator.properties配置文件
一、导入jar包
<!-- https://mvnrepository.com/artifact/org.owasp.esapi/esapi -->
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.1.1</version>
</dependency>
二、在resource文件夹下添加ESAPI.properties配置文件
ESAPI.printProperties=true
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
ESAPI.Logger=org.owasp.esapi.logging.slf4j.SLF4JLogFactory
Logger.LogApplicationName=true
Logger.LogEncodingRequired=false //如果选择为true,打印出来的日志,比如{}这种特殊符号会被encode
Logger.UserInfo=true
Logger.ClientInfo=true
Logger.LogServerIP=false
Logger.ApplicationName=【你的项目名字】
HttpUtilities.ApprovedUploadExtensions=.csv,.xls,.xlsx,.zip
三、ESAPI.properties配置属性说明
原文档github地址: https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
四、在resource文件夹下添加Validator.properties配置文件
原文档github地址: https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/validation.properties
# The ESAPI validator does many security checks on input, such as canonicalization
# and whitelist validation. Note that all of these validation rules are applied *after*
# canonicalization. Double-encoded characters (even with different encodings involved,
# are never allowed.
#
# To use:
#
# First set up a pattern below. You can choose any name you want, prefixed by the word
# "Validation." For example:
# Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{
2,4}$
#
# Then you can validate in your code against the pattern like this:
# ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
# Where maxLength and allowNull are set for you needs, respectively.
#
# But note, when you use boolean variants of validation functions, you lose critical
# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and
# and use the returned user input which is in canonical form. Consider the following:
#
# try {
# someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
#
Validator.SafeString=^[.\\p{
Alnum}\\p{
Space}]{
0,1024}$
Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{
2,4}$
Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){
3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&;%\\$#_]*)?$
Validator.CreditCard=^(\\d{
4}[- ]?){
3}\\d{
4}$
Validator.SSN=^(?!000)([0-6]\\d{
2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{
4}$
今天的分享到此就结束了,感谢您的阅读,如果确实帮到您,您可以动动手指转发给其他人。
上一篇
已是最后文章
下一篇
已是最新文章
相关推荐
最新文章
