A B C D E F G H I J K L M N O P R S T U V W X 

A

ABSOLUTE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
AbstractAccessReferenceMap<K> - Class in org.owasp.esapi.reference
Abstract Implementation of the AccessReferenceMap that is backed by ConcurrentHashMaps to provide a thread-safe implementation of the AccessReferenceMap.
AbstractAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
Instantiates a new access reference map.
AbstractAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
Instantiates a new access reference map with the specified size allotment to reduce Map resizing overhead.
AbstractAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
Deprecated.
This constructor internally calls the abstract method AbstractAccessReferenceMap.getUniqueReference(). Since this is a constructor, any subclass that implements getUniqueReference() has not had it's own constructor run. This leads to strange bugs because subclass internal state is initializaed after calls to getUniqueReference() have already happened. If this constructor is desired in a subclass, consider running AbstractAccessReferenceMap.update(Set) in the subclass constructor instead.
AbstractAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.AbstractAccessReferenceMap
Deprecated.
This constructor internally calls the abstract method AbstractAccessReferenceMap.getUniqueReference(). Since this is a constructor, any subclass that implements getUniqueReference() has not had it's own constructor run. This leads to strange bugs because subclass internal state is initializaed after calls to getUniqueReference() have already happened. If this constructor is desired in a subclass, consider running AbstractAccessReferenceMap.update(Set) in the subclass constructor instead.
AbstractAuthenticator - Class in org.owasp.esapi.reference
A partial implementation of the Authenticator interface.
AbstractAuthenticator() - Constructor for class org.owasp.esapi.reference.AbstractAuthenticator
 
AbstractPrioritizedPropertyLoader - Class in org.owasp.esapi.configuration
 
AbstractPrioritizedPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
 
ACCEPT_LENIENT_DATES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
AccessControlException - Exception in org.owasp.esapi.errors
An AccessControlException should be thrown when a user attempts to access a resource that they are not authorized for.
AccessControlException() - Constructor for exception org.owasp.esapi.errors.AccessControlException
Instantiates a new access control exception.
AccessControlException(String, String) - Constructor for exception org.owasp.esapi.errors.AccessControlException
Creates a new instance of AccessControlException.
AccessControlException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AccessControlException
Instantiates a new access control exception.
AccessController - Interface in org.owasp.esapi
The AccessController interface defines a set of methods that can be used in a wide variety of applications to enforce access control.
accessController() - Static method in class org.owasp.esapi.ESAPI
 
AccessControlRule<P,R> - Interface in org.owasp.esapi
 
AccessReferenceMap<K> - Interface in org.owasp.esapi
The AccessReferenceMap interface is used to map from a set of internal direct object references to a set of indirect references that are safe to disclose publicly.
ACRParameterLoader<T> - Interface in org.owasp.esapi.reference.accesscontrol.policyloader
 
ACRParameterLoaderHelper - Class in org.owasp.esapi.reference.accesscontrol.policyloader
 
ACRParameterLoaderHelper() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
 
ACRPolicyFileLoader - Class in org.owasp.esapi.reference.accesscontrol.policyloader
 
ACRPolicyFileLoader() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
 
Action - Class in org.owasp.esapi.waf.actions
The base class indicating what is to be done after a rule executes.
Action() - Constructor for class org.owasp.esapi.waf.actions.Action
 
actionNecessary - Variable in class org.owasp.esapi.waf.actions.Action
 
actions - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
The list of actions to take if the threshold is met.
addAccessControlRule(String, String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
 
addAfterBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
addAlias(String, Object) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
addAttributes(Map<String, String>) - Method in class org.owasp.esapi.crypto.CryptoToken
Add the specified collection of attributes to the current attributes.
addBeforeBodyRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
addBeforeResponseRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
addBlacklistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
 
addBlacklistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
 
addCookie(Cookie) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addCookie(Cookie) - Method in interface org.owasp.esapi.HTTPUtilities
Calls addCookie with the *current* request.
addCookie(HttpServletResponse, Cookie) - Method in interface org.owasp.esapi.HTTPUtilities
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addCookie(Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls addCookie with the *current* request.
addCookie(HttpServletResponse, Cookie) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addCookie(Cookie) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
addCookie(Cookie, boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
addCookieRule(Rule) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
addCSRFToken(String) - Method in interface org.owasp.esapi.HTTPUtilities
Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
addCSRFToken(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
addDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name.
addDirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
Adds a direct reference to the AccessReferenceMap, then generates and returns an associated indirect reference.
addDirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
Adds a direct reference to the AccessReferenceMap, then generates and returns an associated indirect reference.
addError(String, ValidationException) - Method in class org.owasp.esapi.ValidationErrorList
Adds a new error to list with a unique named context.
addEvent(String, String) - Method in interface org.owasp.esapi.IntrusionDetector
Adds the event to the IntrusionDetector.
addEvent(String, String) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector
Adds the event to the IntrusionDetector.
addException(Exception) - Method in interface org.owasp.esapi.IntrusionDetector
Adds the exception to the IntrusionDetector.
addException(Exception) - Method in class org.owasp.esapi.reference.DefaultIntrusionDetector
Adds the exception to the IntrusionDetector.
addHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls addHeader with the *current* request.
addHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
addHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls addHeader with the *current* request.
addHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value.
AddHeaderRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <add-header> rules.
AddHeaderRule(String, String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AddHeaderRule
 
AddHTTPOnlyFlagRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <add-http-only-flag> rules.
AddHTTPOnlyFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
 
addIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Add an int header to the response after ensuring that there are no encoded or illegal characters in the name and name.
ADDITIONAL_ALLOWED_CIPHER_MODES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
addProperty(Properties, String, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
Adds a new key-value property to the passed Properties object
addRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
Adds a role to this user's account.
addRole(String) - Method in interface org.owasp.esapi.User
Adds a role to this user's account.
addRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser
Adds a set of roles to this user's account.
addRoles(Set<String>) - Method in interface org.owasp.esapi.User
Adds a set of roles to this user's account.
addRule(ValidationRule) - Method in class org.owasp.esapi.reference.DefaultValidator
Add a validation rule to the registry using the "type name" of the rule as the key.
addRule(ValidationRule) - Method in interface org.owasp.esapi.Validator
 
AddSecureFlagRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <add-secure-flag> rules.
AddSecureFlagRule(String, List<Pattern>) - Constructor for class org.owasp.esapi.waf.rules.AddSecureFlagRule
 
addSession(HttpSession) - Method in class org.owasp.esapi.reference.DefaultUser
Adds a session for this User.
addSession(HttpSession) - Method in interface org.owasp.esapi.User
Adds a session for this User.
addWhitelistPattern(String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
 
addWhitelistPattern(Pattern) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
 
ALL - Static variable in interface org.owasp.esapi.Logger
ALL indicates that all messages should be logged.
ALLOW_MIXED_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
ALLOW_MULTIPLE_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
ALLOWED_LOGIN_ATTEMPTS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
allowNull - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
 
ALPHANUMERICS - Static variable in class org.owasp.esapi.EncoderConstants
 
always(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
Log an event regardless of what logging level is enabled.
always(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
Log an event regardless of what logging level is enabled and also record the stack trace associated with the event.
always(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Log an event regardless of what logging level is enabled and also record the stack trace associated with the event.
always(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
Log an event regardless of what logging level is enabled.
always(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
Always log the specified message as a SECURITY_AUDIT event type.
always(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Always log the specified message as a SECURITY_AUDIT event type, along with its associated exception stack trace (if any).
AlwaysFalseACR - Class in org.owasp.esapi.reference.accesscontrol
 
AlwaysFalseACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR
 
AlwaysTrueACR - Class in org.owasp.esapi.reference.accesscontrol
 
AlwaysTrueACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR
 
ANONYMOUS - Static variable in interface org.owasp.esapi.User
The ANONYMOUS user is used to represent an unidentified user.
ANONYMOUS_USER - Static variable in class org.owasp.esapi.crypto.CryptoToken
Represents an anonymous user.
ANSI_MODE - Static variable in class org.owasp.esapi.codecs.MySQLCodec
Target MySQL Server is running in "http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html" ANSI Mode
append(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
append(CharSequence, int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
append(CharSequence) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
AppGuardianConfiguration - Class in org.owasp.esapi.waf.configuration
This class is the object model of the policy file.
AppGuardianConfiguration() - Constructor for class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
APPLICATION_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
APPROVED_EXECUTABLES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
APPROVED_UPLOAD_EXTENSIONS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
arrayCompare(byte[], byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper
A "safe" array comparison that is not vulnerable to side-channel "timing attacks".
arrayToSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil
Converts an array of chars to a Set of Characters.
arrayToUnmodifiableSet(char...) - Static method in class org.owasp.esapi.util.CollectionsUtil
Convert a char array to a unmodifiable Set.
asBytes() - Method in class org.owasp.esapi.crypto.PlainText
Convert the PlainText object to a byte array.
asCipherText() - Method in class org.owasp.esapi.crypto.CipherTextSerializer
Return the actual CipherText object.
asPortableSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherText
Return this CipherText object as a portable (i.e., network byte ordered) serialized byte array.
asSerializedByteArray() - Method in class org.owasp.esapi.crypto.CipherTextSerializer
Return this CipherText object as a specialized, portable serialized byte array.
assertAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController
assertAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.
assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
 
assertAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
assertAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.
assertAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced data.
assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
assertAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced data.
assertAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced file.
assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
assertAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Deprecated. 
assertAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced function.
assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
assertAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced function.
assertAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced service.
assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
assertAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced service.
assertAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced URL.
assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
assertAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced URL.
assertSecureChannel() - Method in interface org.owasp.esapi.HTTPUtilities
Calls assertSecureChannel with the *current* request.
assertSecureChannel(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response.
assertSecureChannel() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls assertSecureChannel with the *current* request.
assertSecureChannel(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response.
assertSecureRequest() - Method in interface org.owasp.esapi.HTTPUtilities
Calls assertSecureRequest with the *current* request.
assertSecureRequest(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
assertSecureRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls assertSecureRequest with the *current* request.
assertSecureRequest(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
assertValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
Check if the input is valid, throw an Exception otherwise
assertValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
Check if the input is valid, throw an Exception otherwise
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Validates the filepath, filename, and content of a file.
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
Validates the filepath, filename, and content of a file.
assertValidFileUpload(String, String, String, File, byte[], int, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
Validates that the parameters in the current request contain all required parameters and only optional ones in addition.
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
ValidationErrorList variant of assertIsValidHTTPRequestParameterSet Uses current HTTPRequest saved in ESAPI Authenticator
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator
Validates that the parameters in the current request contain all required parameters and only optional ones in addition.
assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidHTTPRequestParameterSet with the supplied errorList to capture ValidationExceptions
AuthenticatedRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <authentication-rules> rules.
AuthenticatedRule(String, String, Pattern, List<Object>) - Constructor for class org.owasp.esapi.waf.rules.AuthenticatedRule
 
AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
AuthenticationAccountsException - Exception in org.owasp.esapi.errors
An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationAccountsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
Instantiates a new authentication exception.
AuthenticationAccountsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
Creates a new instance of AuthenticationAccountsException.
AuthenticationAccountsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationAccountsException
Instantiates a new authentication exception.
AuthenticationCredentialsException - Exception in org.owasp.esapi.errors
An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationCredentialsException() - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
Instantiates a new authentication exception.
AuthenticationCredentialsException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
Creates a new instance of AuthenticationCredentialsException.
AuthenticationCredentialsException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationCredentialsException
Instantiates a new authentication exception.
AuthenticationException - Exception in org.owasp.esapi.errors
An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationException() - Constructor for exception org.owasp.esapi.errors.AuthenticationException
Instantiates a new authentication exception.
AuthenticationException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationException
Creates a new instance of AuthenticationException.
AuthenticationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationException
Instantiates a new authentication exception.
AuthenticationHostException - Exception in org.owasp.esapi.errors
An AuthenticationHostException should be thrown when there is a problem with the host involved with authentication, particularly if the host changes unexpectedly.
AuthenticationHostException() - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
Instantiates a new authentication exception.
AuthenticationHostException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
Creates a new instance of AuthenticationHostException.
AuthenticationHostException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationHostException
Instantiates a new authentication exception.
AuthenticationLoginException - Exception in org.owasp.esapi.errors
An AuthenticationException should be thrown when anything goes wrong during login or logout.
AuthenticationLoginException() - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
Instantiates a new authentication exception.
AuthenticationLoginException(String, String) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
Creates a new instance of EnterpriseSecurityException.
AuthenticationLoginException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AuthenticationLoginException
Instantiates a new authentication exception.
Authenticator - Interface in org.owasp.esapi
The Authenticator interface defines a set of methods for generating and handling account credentials and session identifiers.
authenticator() - Static method in class org.owasp.esapi.ESAPI
 
AvailabilityException - Exception in org.owasp.esapi.errors
An AvailabilityException should be thrown when the availability of a limited resource is in jeopardy.
AvailabilityException() - Constructor for exception org.owasp.esapi.errors.AvailabilityException
Instantiates a new availability exception.
AvailabilityException(String, String) - Constructor for exception org.owasp.esapi.errors.AvailabilityException
Creates a new instance of AvailabilityException.
AvailabilityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.AvailabilityException
Instantiates a new AvailabilityException.

B

Base64 - Class in org.owasp.esapi.codecs
Encodes and decodes to and from Base64 notation.
Base64.InputStream - Class in org.owasp.esapi.codecs
A Base64.InputStream will read data from another java.io.InputStream, given in the constructor, and encode/decode to/from Base64 notation on the fly.
Base64.InputStream(InputStream) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream
Constructs a Base64.InputStream in DECODE mode.
Base64.InputStream(InputStream, int) - Constructor for class org.owasp.esapi.codecs.Base64.InputStream
Constructs a Base64.InputStream in either ENCODE or DECODE mode.
Base64.OutputStream - Class in org.owasp.esapi.codecs
A Base64.OutputStream will write data to another java.io.OutputStream, given in the constructor, and encode/decode to/from Base64 notation on the fly.
Base64.OutputStream(OutputStream) - Constructor for class org.owasp.esapi.codecs.Base64.OutputStream
Constructs a Base64.OutputStream in ENCODE mode.
Base64.OutputStream(OutputStream, int) - Constructor for class org.owasp.esapi.codecs.Base64.OutputStream
Constructs a Base64.OutputStream in either ENCODE or DECODE mode.
BaseACR<P,R> - Class in org.owasp.esapi.reference.accesscontrol
 
BaseACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.BaseACR
 
BaseEncodeTag - Class in org.owasp.esapi.tags
Abstract base class for tags that just encode their bodies with Encoder methods.
BaseEncodeTag() - Constructor for class org.owasp.esapi.tags.BaseEncodeTag
 
BaseValidationRule - Class in org.owasp.esapi.reference.validation
A ValidationRule performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
BaseValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.BaseValidationRule
 
BaseValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.BaseValidationRule
 
BeanShellRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <bean-shell-script> rules.
BeanShellRule(String, String, Pattern) - Constructor for class org.owasp.esapi.waf.rules.BeanShellRule
 
blacklistPatterns - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
 
BLOCK - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
BlockAction - Class in org.owasp.esapi.waf.actions
The class that indicates the request processing should be halted and that a blank response should be returned.
BlockAction() - Constructor for class org.owasp.esapi.waf.actions.BlockAction
 
ByteConversionUtil - Class in org.owasp.esapi.util
Conversion to/from byte arrays to/from short, int, long.
ByteConversionUtil() - Constructor for class org.owasp.esapi.util.ByteConversionUtil
 

C

canEqual(Object) - Method in class org.owasp.esapi.crypto.CipherSpec
Needed for correct definition of equals for general classes.
canEqual(Object) - Method in class org.owasp.esapi.crypto.CipherText
Needed for correct definition of equals for general classes.
canEqual(Object) - Method in class org.owasp.esapi.crypto.PlainText
Needed for correct definition of equals for general classes.
CANONICALIZATION_CODECS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
canonicalize(String) - Method in interface org.owasp.esapi.Encoder
This method is equivalent to calling
canonicalize(String, boolean) - Method in interface org.owasp.esapi.Encoder
This method is the equivalent to calling
canonicalize(String, boolean, boolean) - Method in interface org.owasp.esapi.Encoder
Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form.
canonicalize(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
This method is equivalent to calling
canonicalize(String, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
This method is the equivalent to calling
canonicalize(String, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form.
CertificateException - Exception in org.owasp.esapi.errors
A CertificateException should be thrown for any problems that arise during processing of digital certificates.
CertificateException() - Constructor for exception org.owasp.esapi.errors.CertificateException
Instantiates a new certificate exception.
CertificateException(String, String) - Constructor for exception org.owasp.esapi.errors.CertificateException
Creates a new instance of CertificateException.
CertificateException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.CertificateException
Instantiates a new CertificateException.
changePassword(User, String, String, String) - Method in interface org.owasp.esapi.Authenticator
Changes the password for the specified user.
changePassword(String, String, String) - Method in class org.owasp.esapi.reference.DefaultUser
Sets the user's password, performing a verification of the user's old password, the equality of the two new passwords, and the strength of the new password.
changePassword(User, String, String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Changes the password for the specified user.
changePassword(String, String, String) - Method in interface org.owasp.esapi.User
Sets the user's password, performing a verification of the user's old password, the equality of the two new passwords, and the strength of the new password.
changeSessionIdentifier() - Method in interface org.owasp.esapi.HTTPUtilities
Calls changeSessionIdentifier with the *current* request.
changeSessionIdentifier(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
changeSessionIdentifier() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls changeSessionIdentifier with the *current* request.
changeSessionIdentifier(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
CHAR_ALPHANUMERICS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_ALPHANUMERICS - Static variable in class org.owasp.esapi.EncoderConstants
CHAR_LETTERS union CHAR_DIGITS
CHAR_DIGITS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
0-9
CHAR_LETTERS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
CHAR_LOWERS union CHAR_UPPERS
CHAR_LOWERS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
a-b
CHAR_PASSWORD_DIGITS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_PASSWORD_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
2-9
CHAR_PASSWORD_LETTERS - Static variable in interface org.owasp.esapi.Encoder
CHAR_PASSWORD_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
CHAR_PASSWORD_LOWERS union CHAR_PASSWORD_UPPERS
CHAR_PASSWORD_LOWERS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_PASSWORD_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
Password character set, is alphanumerics (without l, i, I, o, O, and 0) selected specials like + (bad for URL encoding, | is like i and 1, etc...)
CHAR_PASSWORD_SPECIALS - Static variable in interface org.owasp.esapi.Encoder
CHAR_PASSWORD_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
CHAR_PASSWORD_UPPERS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_PASSWORD_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
 
CHAR_SPECIALS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
CHAR_UPPERS - Static variable in interface org.owasp.esapi.Encoder
Deprecated.
CHAR_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
A-Z
CHARACTER_ENCODING - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
charArrayToSet(char[]) - Static method in class org.owasp.esapi.reference.validation.BaseValidationRule
Convert an array of characters to a Set<Character> (so duplicates are removed).
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddHeaderRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AddSecureFlagRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.AuthenticatedRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.BeanShellRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.DetectOutboundContentRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.EnforceHTTPSRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.HTTPMethodRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.IPRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.MustMatchRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.PathExtensionRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.ReplaceContentRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.RestrictContentTypeRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.RestrictUserAgentRule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.Rule
 
check(HttpServletRequest, InterceptingHTTPServletResponse, HttpServletResponse) - Method in class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule
 
checkError() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
CIPHER_TRANSFORMATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
CipherSpec - Class in org.owasp.esapi.crypto
Specifies all the relevant configuration data needed in constructing and using a Cipher except for the encryption key.
CipherSpec(String, int, int, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec
CTOR that explicitly sets everything.
CipherSpec(String, int, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec
CTOR that sets everything but IV.
CipherSpec(String, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec
CTOR that sets everything but block size and IV.
CipherSpec(String, int, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec
CTOR that sets everything except block size.
CipherSpec(Cipher) - Constructor for class org.owasp.esapi.crypto.CipherSpec
CTOR that sets everything except for the cipher key size and possibly the IV.
CipherSpec(Cipher, int) - Constructor for class org.owasp.esapi.crypto.CipherSpec
CTOR that sets everything.
CipherSpec(byte[]) - Constructor for class org.owasp.esapi.crypto.CipherSpec
 
CipherSpec() - Constructor for class org.owasp.esapi.crypto.CipherSpec
Default CTOR.
CipherText - Class in org.owasp.esapi.crypto
A Serializable interface representing the result of encrypting plaintext and some additional information about the encryption algorithm, the IV (if pertinent), and an optional Message Authentication Code (MAC).
CipherText() - Constructor for class org.owasp.esapi.crypto.CipherText
Default CTOR.
CipherText(CipherSpec) - Constructor for class org.owasp.esapi.crypto.CipherText
Construct from a CipherSpec object.
CipherText(CipherSpec, byte[]) - Constructor for class org.owasp.esapi.crypto.CipherText
Construct from a CipherSpec object and the raw ciphertext.
CIPHERTEXT_USE_MAC - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
CipherTextSerializer - Class in org.owasp.esapi.crypto
Helper class to assist with programming language and platform independent serialization of CipherText objects.
CipherTextSerializer(CipherText) - Constructor for class org.owasp.esapi.crypto.CipherTextSerializer
 
CipherTextSerializer(byte[]) - Constructor for class org.owasp.esapi.crypto.CipherTextSerializer
Given byte array in network byte order (i.e., big-endian order), convert it so that a CipherText can be constructed from it.
cipherTextSerializerVersion - Static variable in class org.owasp.esapi.crypto.CipherTextSerializer
 
cipherTextVersion - Static variable in class org.owasp.esapi.crypto.CipherText
 
clear() - Method in class org.owasp.esapi.codecs.HashTrie
Clear all entries.
clear() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
clear() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
 
clearAttributes() - Method in class org.owasp.esapi.crypto.CryptoToken
Removes all the attributes (if any) associated with this token.
clearCurrent() - Method in interface org.owasp.esapi.Authenticator
Clears the current User.
clearCurrent() - Static method in class org.owasp.esapi.ESAPI
Clears the current User, HttpRequest, and HttpResponse associated with the current thread.
clearCurrent() - Method in interface org.owasp.esapi.HTTPUtilities
Clears the current HttpRequest and HttpResponse associated with the current thread.
clearCurrent() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Clears the current User.
clearCurrent() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Clears the current HttpRequest and HttpResponse associated with the current thread.
ClickjackFilter - Class in org.owasp.esapi.filters
The ClickjackFilter is discussed at http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE.
ClickjackFilter() - Constructor for class org.owasp.esapi.filters.ClickjackFilter
 
clone() - Method in class org.owasp.esapi.reference.DefaultUser
Override clone and make final to prevent duplicate user objects.
close() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
Flushes and closes (I think, in the superclass) the stream.
close() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
close() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
Codec - Class in org.owasp.esapi.codecs
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes, such as HTML entity encoding and percent encoding (aka URL encoding).
Codec() - Constructor for class org.owasp.esapi.codecs.Codec
Default constructor
CollectionsUtil - Class in org.owasp.esapi.util
 
COMBINED_CIPHER_MODES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
commit() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
commit() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
compareTo(AbstractPrioritizedPropertyLoader) - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
 
computeAndStoreMAC(SecretKey) - Method in class org.owasp.esapi.crypto.CipherText
Compute and store the Message Authentication Code (MAC) if the ESAPI property Encryptor.CipherText.useMAC is set to true.
computeDerivedKey(SecretKey, int, String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Deprecated.
UseKeyDerivationFunction instead. This method will be removed as of ESAPI release 2.1 so if you are using this, please change your code.
computeDerivedKey(SecretKey, int, String) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
The method is ESAPI's Key Derivation Function (KDF) that computes a derived key from the keyDerivationKey for either encryption / decryption or for authentication.
ConfigurationException - Exception in org.owasp.esapi.errors
A ConfigurationException should be thrown when a problem arises because of a problem in one of ESAPI's configuration files, such as a missing required property or invalid setting of a property, or missing or unreadable configuration file, etc.
ConfigurationException(Exception) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
 
ConfigurationException(String) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
 
ConfigurationException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
 
ConfigurationException(Throwable) - Constructor for exception org.owasp.esapi.errors.ConfigurationException
 
ConfigurationException - Exception in org.owasp.esapi.waf
The Exception to be thrown when there is an error parsing a policy file.
ConfigurationException(String, String) - Constructor for exception org.owasp.esapi.waf.ConfigurationException
 
ConfigurationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.waf.ConfigurationException
 
ConfigurationParser - Class in org.owasp.esapi.waf.configuration
The class used to turn a policy file's contents into an object model.
ConfigurationParser() - Constructor for class org.owasp.esapi.waf.configuration.ConfigurationParser
 
contains(StringBuilder, char) - Static method in class org.owasp.esapi.StringUtilities
Returns true if the character is contained in the provided StringBuilder.
containsCharacter(char, char[]) - Static method in class org.owasp.esapi.codecs.Codec
Utility to search a char[] for a specific char.
containsHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
containsKey(Object) - Method in class org.owasp.esapi.codecs.HashTrie
containsKey(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
containsValue(Object) - Method in class org.owasp.esapi.codecs.HashTrie
containsValue(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
convertIntToPRF(int) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
 
convertNameToPRF(String) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
 
COOKIE - Static variable in interface org.owasp.esapi.HTTPUtilities
 
copyByteArray(byte[], byte[], int) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Same as System.arraycopy(src, 0, dest, 0, length).
copyByteArray(byte[], byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Same as copyByteArray(src, dest, src.length).
count - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
The count at which this threshold is triggered.
createPropertyLoader(EsapiConfiguration) - Static method in class org.owasp.esapi.configuration.EsapiPropertyLoaderFactory
 
createUser(String, String, String) - Method in interface org.owasp.esapi.Authenticator
Creates a new User with the information provided.
createUser(String, String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Creates a new User with the information provided.
CREDIT_CARD_VALIDATOR_KEY - Static variable in class org.owasp.esapi.reference.validation.CreditCardValidationRule
Key used to pull out encoder in configuration.
CreditCardValidationRule - Class in org.owasp.esapi.reference.validation
A validator performs syntax and possibly semantic validation of Credit Card String from an untrusted source.
CreditCardValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.CreditCardValidationRule
Creates a CreditCardValidator using the rule found in security configuration
CreditCardValidationRule(String, Encoder, StringValidationRule) - Constructor for class org.owasp.esapi.reference.validation.CreditCardValidationRule
 
CryptoDiscoverer - Class in org.owasp.esapi.crypto
 
CryptoDiscoverer() - Constructor for class org.owasp.esapi.crypto.CryptoDiscoverer
 
CryptoHelper - Class in org.owasp.esapi.crypto
Class to provide some convenience methods for encryption, decryption, etc.
CryptoToken - Class in org.owasp.esapi.crypto
Compute a cryptographically secure, encrypted token containing optional name/value pairs.
CryptoToken() - Constructor for class org.owasp.esapi.crypto.CryptoToken
Create a cryptographic token using default secret key from the ESAPI.properties property Encryptor.MasterKey.
CryptoToken(SecretKey) - Constructor for class org.owasp.esapi.crypto.CryptoToken
Create a cryptographic token using specified SecretKey.
CryptoToken(String) - Constructor for class org.owasp.esapi.crypto.CryptoToken
Create using previously encrypted token encrypted with default secret key from ESAPI.properties.
CryptoToken(SecretKey, String) - Constructor for class org.owasp.esapi.crypto.CryptoToken
Create cryptographic token using previously encrypted token that was encrypted with specified secret key.
CSRF_TOKEN_NAME - Static variable in interface org.owasp.esapi.HTTPUtilities
 
CSSCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for backslash encoding used in CSS.
CSSCodec() - Constructor for class org.owasp.esapi.codecs.CSSCodec
 
currentRequest() - Static method in class org.owasp.esapi.ESAPI
Get the current HTTP Servlet Request being processed.
currentResponse() - Static method in class org.owasp.esapi.ESAPI
Get the current HTTP Servlet Response being generated.

D

DateValidationRule - Class in org.owasp.esapi.reference.validation
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
DateValidationRule(String, Encoder, DateFormat) - Constructor for class org.owasp.esapi.reference.validation.DateValidationRule
 
DB2Codec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for DB2 strings.
DB2Codec() - Constructor for class org.owasp.esapi.codecs.DB2Codec
 
DEBUG - Static variable in interface org.owasp.esapi.Logger
DEBUG indicates that DEBUG messages and above should be logged.
debug(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
Log a debug level security event if 'debug' level logging is enabled.
debug(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
Log a debug level security event if 'debug' level logging is enabled and also record the stack trace associated with the event.
debug(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a debug level security event if 'debug' level logging is enabled and also record the stack trace associated with the event.
debug(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a debug level security event if 'debug' level logging is enabled.
debug(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
debug(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
DECODE - Static variable in class org.owasp.esapi.codecs.Base64
Specify decoding.
decode(byte[], int, int, int) - Static method in class org.owasp.esapi.codecs.Base64
Very low-level access to decoding ASCII characters in the form of a byte array.
decode(String) - Static method in class org.owasp.esapi.codecs.Base64
Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
decode(String, int) - Static method in class org.owasp.esapi.codecs.Base64
Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
decode(String) - Method in class org.owasp.esapi.codecs.Codec
Decode a String that was encoded using the encode method in this Class
decode(String) - Static method in class org.owasp.esapi.codecs.Hex
Decode hexadecimal-encoded string and return raw byte array.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.Codec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.CSSCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.DB2Codec
 
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.JavaScriptCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.MySQLCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.OracleCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.PercentCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.UnixCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.VBScriptCodec
Returns the decoded version of the character starting at index, or null if no decoding is possible.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.WindowsCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeCharacter(PushbackString) - Method in class org.owasp.esapi.codecs.XMLEntityCodec
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
decodeFileToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64
Reads infile and decodes it to outfile.
decodeForHTML(String) - Method in interface org.owasp.esapi.Encoder
Decodes HTML entities.
decodeForHTML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Decodes HTML entities.
decodeFromBase64(String) - Method in interface org.owasp.esapi.Encoder
Decode data encoded with BASE-64 encoding.
decodeFromBase64(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Decode data encoded with BASE-64 encoding.
decodeFromFile(String) - Static method in class org.owasp.esapi.codecs.Base64
Convenience method for reading a base64-encoded file and decoding it.
decodeFromURL(String) - Method in interface org.owasp.esapi.Encoder
Decode from URL.
decodeFromURL(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Decode from URL.
decodeToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64
Convenience method for decoding data to a file.
decodeToObject(String) - Static method in class org.owasp.esapi.codecs.Base64
Deprecated.
Because of security issues, this method will be removed from ESAPI in a future release and no substitute is planned. Because as of JDK 8 (in 1Q2016) there is currently no way to restrict which objects ObjectInputStream.readObject() may safely deserialize in the general case. Oracle may decide to address this deficiency in a future Java release, but until they do, there is no simple way for a general class library like ESAPI to address this.
decrypt(CipherText) - Method in interface org.owasp.esapi.Encryptor
Decrypts the provided CipherText using the information from it and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
decrypt(SecretKey, CipherText) - Method in interface org.owasp.esapi.Encryptor
Decrypts the provided CipherText using the information from it and the specified secret key.
decrypt(CipherText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Decrypts the provided CipherText using the information from it and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
decrypt(SecretKey, CipherText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Decrypts the provided CipherText using the information from it and the specified secret key.
decryptHiddenField(String) - Method in interface org.owasp.esapi.HTTPUtilities
Decrypts an encrypted hidden field value and returns the cleartext.
decryptHiddenField(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Decrypts an encrypted hidden field value and returns the cleartext.
decryptQueryString(String) - Method in interface org.owasp.esapi.HTTPUtilities
Takes an encrypted querystring and returns a Map containing the original parameters.
decryptQueryString(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Takes an encrypted querystring and returns a Map containing the original parameters.
decryptStateFromCookie() - Method in interface org.owasp.esapi.HTTPUtilities
Calls decryptStateFromCookie with the *current* request.
decryptStateFromCookie(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
decryptStateFromCookie() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls decryptStateFromCookie with the *current* request.
decryptStateFromCookie(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
DEFAULT_ACCESS_CONTROL_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_AUTHENTICATION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_CHARACTER_ENCODING - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
DEFAULT_CONTENT_TYPE - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
DEFAULT_ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_FAIL_ACTION - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
DEFAULT_HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_MAX_LOG_FILE_SIZE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
The default max log file size is set to 10,000,000 bytes (10 Meg).
DEFAULT_RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DEFAULT_RESOURCE_FILE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
The name of the ESAPI property file
DEFAULT_VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DefaultAccessController - Class in org.owasp.esapi.reference
 
DefaultAction - Class in org.owasp.esapi.waf.actions
The class that indicates the default action as indicated by the policy file should be executed.
DefaultAction() - Constructor for class org.owasp.esapi.waf.actions.DefaultAction
 
DefaultEncoder - Class in org.owasp.esapi.reference
Reference implementation of the Encoder interface.
DefaultEncoder(List<String>) - Constructor for class org.owasp.esapi.reference.DefaultEncoder
 
DefaultEncryptedProperties - Class in org.owasp.esapi.reference.crypto
Reference implementation of the EncryptedProperties interface.
DefaultEncryptedProperties() - Constructor for class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
Instantiates a new encrypted properties.
DefaultExecutor - Class in org.owasp.esapi.reference
Reference implementation of the Executor interface.
DefaultHTTPUtilities - Class in org.owasp.esapi.reference
Reference implementation of the HTTPUtilities interface.
DefaultHTTPUtilities() - Constructor for class org.owasp.esapi.reference.DefaultHTTPUtilities
No arg constructor.
DefaultIntrusionDetector - Class in org.owasp.esapi.reference
Reference implementation of the IntrusionDetector interface.
DefaultIntrusionDetector() - Constructor for class org.owasp.esapi.reference.DefaultIntrusionDetector
 
DefaultMessageUtil - Class in org.owasp.esapi.util
 
DefaultMessageUtil() - Constructor for class org.owasp.esapi.util.DefaultMessageUtil
 
DefaultRandomizer - Class in org.owasp.esapi.reference
Reference implementation of the Randomizer interface.
DefaultSecurityConfiguration - Class in org.owasp.esapi.reference
The reference SecurityConfiguration manages all the settings used by the ESAPI in a single place.
DefaultSecurityConfiguration(Properties) - Constructor for class org.owasp.esapi.reference.DefaultSecurityConfiguration
Instantiates a new configuration with the supplied properties.
DefaultSecurityConfiguration() - Constructor for class org.owasp.esapi.reference.DefaultSecurityConfiguration
Instantiates a new configuration.
DefaultUser - Class in org.owasp.esapi.reference
Reference implementation of the User interface.
DefaultUser(String) - Constructor for class org.owasp.esapi.reference.DefaultUser
Instantiates a new user.
DefaultValidator - Class in org.owasp.esapi.reference
Reference implementation of the Validator interface.
DefaultValidator() - Constructor for class org.owasp.esapi.reference.DefaultValidator
Default constructor uses the ESAPI standard encoder for canonicalization.
DefaultValidator(Encoder) - Constructor for class org.owasp.esapi.reference.DefaultValidator
Construct a new DefaultValidator that will use the specified Encoder for canonicalization.
delegateInstance - Variable in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
 
delegateMethod - Variable in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
 
DelegatingACR - Class in org.owasp.esapi.reference.accesscontrol
 
DelegatingACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.DelegatingACR
 
destroy() - Method in class org.owasp.esapi.filters.ClickjackFilter
destroy() - Method in class org.owasp.esapi.filters.ESAPIFilter
Called by the web container to indicate to a filter that it is being taken out of service.
destroy() - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter
Called by the web container to indicate to a filter that it is being taken out of service.
destroy() - Method in class org.owasp.esapi.filters.SecurityWrapper
 
destroy() - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
 
DetectOutboundContentRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <detect-content> rules.
DetectOutboundContentRule(String, Pattern, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.DetectOutboundContentRule
 
DIGITAL_SIGNATURE_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DIGITAL_SIGNATURE_KEY_LENGTH - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
 
disable() - Method in class org.owasp.esapi.reference.DefaultUser
Disable this user's account.
disable() - Method in interface org.owasp.esapi.User
Disable this user's account.
DISABLE_INTRUSION_DETECTION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
doAfterBody() - Method in class org.owasp.esapi.tags.BaseEncodeTag
After tag body parsing handler.
doesCookieMatch(String) - Method in class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule
 
doesCookieMatch(String) - Method in class org.owasp.esapi.waf.rules.AddSecureFlagRule
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.ClickjackFilter
Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.ESAPIFilter
The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter
Checks to see if the current session has exceeded the allowed number of requests in the specified time period.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.filters.SecurityWrapper
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
This is the where the main interception and rule-checking logic of the WAF resides.
DoNothingAction - Class in org.owasp.esapi.waf.actions
The class that indicates that no further action is necessary.
DoNothingAction() - Constructor for class org.owasp.esapi.waf.actions.DoNothingAction
 
DONT_BREAK_LINES - Static variable in class org.owasp.esapi.codecs.Base64
Don't break lines when encoding (violates strict Base64 specification)
dtoi - Variable in class org.owasp.esapi.reference.AbstractAccessReferenceMap
The Direct to Indirect Map
DynaBeanACRParameter - Class in org.owasp.esapi.reference.accesscontrol
A DynaBean comes from the apache bean utils.
DynaBeanACRParameter() - Constructor for class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
DynaBeanACRParameterLoader - Class in org.owasp.esapi.reference.accesscontrol.policyloader
 
DynaBeanACRParameterLoader() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader
 

E

EchoDynaBeanPolicyParameterACR - Class in org.owasp.esapi.reference.accesscontrol.policyloader
 
EchoDynaBeanPolicyParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR
 
EchoRuntimeParameterACR - Class in org.owasp.esapi.reference.accesscontrol
 
EchoRuntimeParameterACR() - Constructor for class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
 
elements() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
This method has been overridden to throw an UnsupportedOperationException
ELEncodeFunctions - Class in org.owasp.esapi.tags
Static encoder methods for JSP EL expression functions.
enable() - Method in class org.owasp.esapi.reference.DefaultUser
Enable this user's account.
enable() - Method in interface org.owasp.esapi.User
Enable this user's account.
ENABLE_UNSAFE_SERIALIZATION - Static variable in class org.owasp.esapi.codecs.Base64
System property name that must be set to true in order to invoke Base64.decodeToObject().
ENCODE - Static variable in class org.owasp.esapi.codecs.Base64
Specify encoding.
encode(char[], String) - Method in class org.owasp.esapi.codecs.Codec
Encode a String so that it can be safely used in a specific context.
encode(byte[], boolean) - Static method in class org.owasp.esapi.codecs.Hex
Output byte representation as hexadecimal representation.
encode(char[], String) - Method in class org.owasp.esapi.codecs.VBScriptCodec
Encode a String so that it can be safely used in a specific context.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.BaseEncodeTag
Encode tag's content.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
Encode tag's content using Base64.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForCSSTag
Encode tag's content for usage in CSS.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLAttributeTag
Encode tag's content for usage as a HTML attribute.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForHTMLTag
Encode tag's content for usage in HTML.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForJavaScriptTag
Encode tag's content for usage in JavaScript
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForURLTag
Encode tag's content for usage in a URL.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForVBScriptTag
Encode tag's content for usage in VBScript.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLAttributeTag
Encode tag's content for usage as a XML attribute.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXMLTag
Encode tag's content for usage in XML.
encode(String, Encoder) - Method in class org.owasp.esapi.tags.EncodeForXPathTag
Encode tag's content for usage in XPath.
encodeBytes(byte[]) - Static method in class org.owasp.esapi.codecs.Base64
Encodes a byte array into Base64 notation.
encodeBytes(byte[], int) - Static method in class org.owasp.esapi.codecs.Base64
Encodes a byte array into Base64 notation.
encodeBytes(byte[], int, int) - Static method in class org.owasp.esapi.codecs.Base64
Encodes a byte array into Base64 notation.
encodeBytes(byte[], int, int, int) - Static method in class org.owasp.esapi.codecs.Base64
Encodes a byte array into Base64 notation.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.Codec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.CSSCodec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.DB2Codec
 
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.HTMLEntityCodec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.JavaScriptCodec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.MySQLCodec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.OracleCodec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.PercentCodec
Encode a character for URLs
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.UnixCodec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.VBScriptCodec
Returns quote-encoded character
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.WindowsCodec
Default implementation that should be overridden in specific codecs.
encodeCharacter(char[], Character) - Method in class org.owasp.esapi.codecs.XMLEntityCodec
Default implementation that should be overridden in specific codecs.
encodeFileToFile(String, String) - Static method in class org.owasp.esapi.codecs.Base64
Reads infile and encodes it to outfile.
encodeForBase64(byte[], boolean) - Method in interface org.owasp.esapi.Encoder
Encode for Base64.
encodeForBase64(byte[], boolean) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode for Base64.
encodeForBase64(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Base64 encode a string.
encodeForBase64Charset(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Base64 encode a string after converting to bytes using the specified character set.
encodeForBase64CharsetWrap(String, String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Base64 encode a string after converting to bytes using the specified character set and wrapping lines.
EncodeForBase64Tag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body using Base64.
EncodeForBase64Tag() - Constructor for class org.owasp.esapi.tags.EncodeForBase64Tag
 
encodeForBase64Wrap(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Base64 encode a string with line wrapping.
encodeForCSS(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in Cascading Style Sheets (CSS) content.
encodeForCSS(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in Cascading Style Sheets (CSS) content.
encodeForCSS(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in CSS.
EncodeForCSSTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in CSS.
EncodeForCSSTag() - Constructor for class org.owasp.esapi.tags.EncodeForCSSTag
 
encodeForDN(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in an LDAP distinguished name.
encodeForDN(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in an LDAP distinguished name.
encodeForHTML(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in HTML using HTML entity encoding
encodeForHTML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in HTML using HTML entity encoding
encodeForHTML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in HTML.
encodeForHTMLAttribute(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in HTML attributes.
encodeForHTMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in HTML attributes.
encodeForHTMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in a HTML attribute.
EncodeForHTMLAttributeTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in a HTML attribute.
EncodeForHTMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLAttributeTag
 
EncodeForHTMLTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in HTML.
EncodeForHTMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForHTMLTag
 
encodeForJavaScript(String) - Method in interface org.owasp.esapi.Encoder
Encode data for insertion inside a data value or function argument in JavaScript.
encodeForJavaScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for insertion inside a data value or function argument in JavaScript.
encodeForJavaScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in JavaScript.
EncodeForJavaScriptTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in JavaScript.
EncodeForJavaScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForJavaScriptTag
 
encodeForLDAP(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in LDAP queries.
encodeForLDAP(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in LDAP queries.
encodeForOS(Codec, String) - Method in interface org.owasp.esapi.Encoder
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
encodeForOS(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
encodeForSQL(Codec, String) - Method in interface org.owasp.esapi.Encoder
Encode input for use in a SQL query, according to the selected codec (appropriate codecs include the MySQLCodec and OracleCodec).
encodeForSQL(Codec, String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode input for use in a SQL query, according to the selected codec (appropriate codecs include the MySQLCodec and OracleCodec).
encodeForURL(String) - Method in interface org.owasp.esapi.Encoder
Encode for use in a URL.
encodeForURL(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode for use in a URL.
encodeForURL(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in a URL.
EncodeForURLTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in a URL.
EncodeForURLTag() - Constructor for class org.owasp.esapi.tags.EncodeForURLTag
 
encodeForVBScript(String) - Method in interface org.owasp.esapi.Encoder
Encode data for insertion inside a data value in a Visual Basic script.
encodeForVBScript(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for insertion inside a data value in a Visual Basic script.
encodeForVBScript(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in VBScript.
EncodeForVBScriptTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in VBScript.
EncodeForVBScriptTag() - Constructor for class org.owasp.esapi.tags.EncodeForVBScriptTag
 
encodeForXML(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in an XML element.
encodeForXML(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in an XML element.
encodeForXML(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in XML.
encodeForXMLAttribute(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in an XML attribute.
encodeForXMLAttribute(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in an XML attribute.
encodeForXMLAttribute(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in a XML attribute.
EncodeForXMLAttributeTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in a XML attribute.
EncodeForXMLAttributeTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLAttributeTag
 
EncodeForXMLTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in XML.
EncodeForXMLTag() - Constructor for class org.owasp.esapi.tags.EncodeForXMLTag
 
encodeForXPath(String) - Method in interface org.owasp.esapi.Encoder
Encode data for use in an XPath query.
encodeForXPath(String) - Method in class org.owasp.esapi.reference.DefaultEncoder
Encode data for use in an XPath query.
encodeForXPath(String) - Static method in class org.owasp.esapi.tags.ELEncodeFunctions
Encode string for use in XPath.
EncodeForXPathTag - Class in org.owasp.esapi.tags
JSP tag that encode's it's body for use in XPath.
EncodeForXPathTag() - Constructor for class org.owasp.esapi.tags.EncodeForXPathTag
 
encodeFromFile(String) - Static method in class org.owasp.esapi.codecs.Base64
Convenience method for reading a binary file and base64-encoding it.
encodeObject(Serializable) - Static method in class org.owasp.esapi.codecs.Base64
Serializes an object and returns the Base64-encoded version of that serialized object.
encodeObject(Serializable, int) - Static method in class org.owasp.esapi.codecs.Base64
Serializes an object and returns the Base64-encoded version of that serialized object.
Encoder - Interface in org.owasp.esapi
The Encoder interface contains a number of methods for decoding input and encoding output so that it will be safe for a variety of interpreters.
encoder() - Static method in class org.owasp.esapi.ESAPI
 
encoder - Variable in class org.owasp.esapi.reference.validation.BaseValidationRule
 
ENCODER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
EncoderConstants - Class in org.owasp.esapi
Common character classes used for input validation, output encoding, verifying password strength CSRF token generation, generating salts, etc
encodeRedirectUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Deprecated.
in servlet spec 2.1. Use SecurityWrapperResponse.encodeRedirectUrl(String) instead.
encodeRedirectURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected.
encodeToFile(byte[], String) - Static method in class org.owasp.esapi.codecs.Base64
Convenience method for encoding data to a file.
encodeUrl(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Deprecated.
in servlet spec 2.1. Use SecurityWrapperResponse.encodeURL(String) instead.
encodeURL(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected.
EncodingException - Exception in org.owasp.esapi.errors
An EncodingException should be thrown for any problems that occur when encoding or decoding data.
EncodingException() - Constructor for exception org.owasp.esapi.errors.EncodingException
Instantiates a new service exception.
EncodingException(String, String) - Constructor for exception org.owasp.esapi.errors.EncodingException
Creates a new instance of EncodingException.
EncodingException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncodingException
Instantiates a new EncodingException.
encrypt(PlainText) - Method in interface org.owasp.esapi.Encryptor
Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
encrypt(SecretKey, PlainText) - Method in interface org.owasp.esapi.Encryptor
Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation as defined in the ESAPI.properties file and the specified secret key.
encrypt(PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
encrypt(SecretKey, PlainText) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Encrypts the provided plaintext bytes using the cipher transformation specified by the property Encryptor.CipherTransformation as defined in the ESAPI.properties file and the specified secret key.
EncryptedProperties - Interface in org.owasp.esapi
The EncryptedProperties interface represents a properties file where all the data is encrypted before it is added, and decrypted when it retrieved.
EncryptedPropertiesUtils - Class in org.owasp.esapi.reference.crypto
Command line utilities for reading, writing and creating encrypted properties files.
EncryptedPropertiesUtils() - Constructor for class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
 
encryptHiddenField(String) - Method in interface org.owasp.esapi.HTTPUtilities
Encrypts a hidden field value for use in HTML.
encryptHiddenField(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Encrypts a hidden field value for use in HTML.
ENCRYPTION_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
ENCRYPTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
EncryptionException - Exception in org.owasp.esapi.errors
An EncryptionException should be thrown for any problems related to encryption, hashing, or digital signatures.
EncryptionException() - Constructor for exception org.owasp.esapi.errors.EncryptionException
Instantiates a new EncryptionException.
EncryptionException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionException
Creates a new instance of EncryptionException.
EncryptionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionException
Instantiates a new EncryptionException.
EncryptionRuntimeException - Exception in org.owasp.esapi.errors
An EncryptionRuntimeException should be thrown for any problems related to encryption, hashing, or digital signatures.
EncryptionRuntimeException() - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
Instantiates a new EncryptionException.
EncryptionRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
Creates a new instance of EncryptionException.
EncryptionRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EncryptionRuntimeException
Instantiates a new EncryptionException.
Encryptor - Interface in org.owasp.esapi
The Encryptor interface provides a set of methods for performing common encryption, random number, and hashing operations.
encryptor() - Static method in class org.owasp.esapi.ESAPI
 
encryptQueryString(String) - Method in interface org.owasp.esapi.HTTPUtilities
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
encryptQueryString(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
encryptStateInCookie(Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities
Calls encryptStateInCookie with the *current* response.
encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in interface org.owasp.esapi.HTTPUtilities
Stores a Map of data in an encrypted cookie.
encryptStateInCookie(HttpServletResponse, Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Stores a Map of data in an encrypted cookie.
encryptStateInCookie(Map<String, String>) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls encryptStateInCookie with the *current* response.
EnforceHTTPSRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <enforce-https> rules.
EnforceHTTPSRule(String, Pattern, List<Object>, String) - Constructor for class org.owasp.esapi.waf.rules.EnforceHTTPSRule
 
EnterpriseSecurityException - Exception in org.owasp.esapi.errors
EnterpriseSecurityException is the base class for all security related exceptions.
EnterpriseSecurityException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
Instantiates a new enterprise security exception.
EnterpriseSecurityException(String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
Instantiates a new enterprise security exception with a user message.
EnterpriseSecurityException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
Instantiates a new enterprise security exception with a user message and cause.
EnterpriseSecurityException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
Creates a new instance of EnterpriseSecurityException.
EnterpriseSecurityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityException
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
EnterpriseSecurityRuntimeException - Exception in org.owasp.esapi.errors
EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions.
EnterpriseSecurityRuntimeException() - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
Instantiates a new enterprise security runtime exception.
EnterpriseSecurityRuntimeException(String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
Instantiates a new enterprise security runtime exception with a user message.
EnterpriseSecurityRuntimeException(String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
Instantiates a new enterprise security runtime exception with a user message and cause.
EnterpriseSecurityRuntimeException(String, String) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
Creates a new instance of EnterpriseSecurityException.
EnterpriseSecurityRuntimeException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
entrySet() - Method in class org.owasp.esapi.codecs.HashTrie
entrySet() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
entrySet() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
 
entrySet() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
This method has been overridden to throw an UnsupportedOperationException
equals(Object) - Method in class org.owasp.esapi.codecs.HashTrie
equals(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
equals(Object) - Method in class org.owasp.esapi.crypto.CipherSpec
equals(Object) - Method in class org.owasp.esapi.crypto.CipherText
equals(Object) - Method in class org.owasp.esapi.crypto.PlainText
equals(Object, Object) - Static method in class org.owasp.esapi.util.NullSafe
Object.equals(Object) that safely handles nulls.
ERROR - Static variable in interface org.owasp.esapi.Logger
ERROR indicates that ERROR messages and above should be logged.
error(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
Log an error level security event if 'error' level logging is enabled.
error(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
Log an error level security event if 'error' level logging is enabled and also record the stack trace associated with the event.
error(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Log an error level security event if 'error' level logging is enabled and also record the stack trace associated with the event.
error(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
Log an error level security event if 'error' level logging is enabled.
error(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
error(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
ERROR_LEVEL - Static variable in class org.owasp.esapi.reference.JavaLogFactory.JavaLoggerLevel
Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly by java.util.Logger already.
errors() - Method in class org.owasp.esapi.ValidationErrorList
Returns list of ValidationException, or empty list of no errors exist.
ESAPI - Class in org.owasp.esapi
ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
ESAPI_STATE - Static variable in interface org.owasp.esapi.HTTPUtilities
 
EsapiConfiguration - Enum in org.owasp.esapi.configuration.consts
Enum used for initialization of esapi configuration files.
EsapiConfigurationType - Enum in org.owasp.esapi.configuration.consts
Supported esapi configuration file types.
ESAPIFilter - Class in org.owasp.esapi.filters
 
ESAPIFilter() - Constructor for class org.owasp.esapi.filters.ESAPIFilter
 
EsapiPropertyLoader - Interface in org.owasp.esapi.configuration
Generic interface for loading security configuration properties.
EsapiPropertyLoaderFactory - Class in org.owasp.esapi.configuration
Factory class that takes care of initialization of proper instance of EsapiPropertyLoader based on EsapiPropertiesStore
EsapiPropertyLoaderFactory() - Constructor for class org.owasp.esapi.configuration.EsapiPropertyLoaderFactory
 
EsapiPropertyManager - Class in org.owasp.esapi.configuration
Manager used for loading security configuration properties.
EsapiPropertyManager() - Constructor for class org.owasp.esapi.configuration.EsapiPropertyManager
 
ESAPIWebApplicationFirewallFilter - Class in org.owasp.esapi.waf
This is the main class for the ESAPI Web Application Firewall (WAF).
ESAPIWebApplicationFirewallFilter() - Constructor for class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
 
EVENT_FAILURE - Static variable in interface org.owasp.esapi.Logger
A non-security type of log event that has failed.
EVENT_SUCCESS - Static variable in interface org.owasp.esapi.Logger
A non-security type of log event that has succeeded.
EVENT_UNSPECIFIED - Static variable in interface org.owasp.esapi.Logger
A non-security type of log event that is unspecified.
ExecuteResult - Class in org.owasp.esapi
The ExecuteResult class encapsulates the pieces of data that can be returned from a process executed by the Executor interface.
ExecuteResult(int, String, String) - Constructor for class org.owasp.esapi.ExecuteResult
Constructs an ExecuteResult from the given values.
executeSystemCommand(File, List) - Method in interface org.owasp.esapi.Executor
Invokes the specified executable with default workdir and codec and not logging parameters.
executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in interface org.owasp.esapi.Executor
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
executeSystemCommand(File, List) - Method in class org.owasp.esapi.reference.DefaultExecutor
Invokes the specified executable with default workdir and codec and not logging parameters.
executeSystemCommand(File, List, File, Codec, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultExecutor
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
executor() - Static method in class org.owasp.esapi.ESAPI
 
Executor - Interface in org.owasp.esapi
The Executor interface is used to run an OS command with reduced security risk.
EXECUTOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
ExecutorException - Exception in org.owasp.esapi.errors
An ExecutorException should be thrown for any problems that arise during the execution of a system executable.
ExecutorException() - Constructor for exception org.owasp.esapi.errors.ExecutorException
Instantiates a new ExecutorException.
ExecutorException(String, String) - Constructor for exception org.owasp.esapi.errors.ExecutorException
Creates a new instance of ExecutorException.
ExecutorException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ExecutorException
Instantiates a new ExecutorException.
exists(String) - Method in interface org.owasp.esapi.Authenticator
Determine if the account exists.
exists(String) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Determine if the account exists.
ExperimentalAccessController - Class in org.owasp.esapi.reference.accesscontrol
 
ExperimentalAccessController(Map) - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
 
ExperimentalAccessController() - Constructor for class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
 

F

failed - Variable in class org.owasp.esapi.waf.actions.Action
 
failedRule() - Method in class org.owasp.esapi.waf.actions.Action
 
failedRule() - Method in class org.owasp.esapi.waf.actions.BlockAction
 
failedRule() - Method in class org.owasp.esapi.waf.actions.DefaultAction
 
failedRule() - Method in class org.owasp.esapi.waf.actions.DoNothingAction
 
FATAL - Static variable in interface org.owasp.esapi.Logger
FATAL indicates that only FATAL messages should be logged.
fatal(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
Log a fatal event if 'fatal' level logging is enabled.
fatal(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
Log a fatal level security event if 'fatal' level logging is enabled and also record the stack trace associated with the event.
fatal(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a fatal level security event if 'fatal' level logging is enabled and also record the stack trace associated with the event.
fatal(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a fatal event if 'fatal' level logging is enabled.
fatal(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
fatal(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
FileBasedACRs - Class in org.owasp.esapi.reference.accesscontrol
This class exists for backwards compatibility with the AccessController 1.0 reference implementation.
FileBasedACRs() - Constructor for class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
 
FileBasedAuthenticator - Class in org.owasp.esapi.reference
Reference implementation of the Authenticator interface.
filename - Variable in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
 
FIXED_IV - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
flush() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
flush() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
flush() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
flushBase64() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
Method added by PHIL.
flushBuffer() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
FORCE_HTTPONLYCOOKIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
FORCE_HTTPONLYSESSION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
FORCE_SECURECOOKIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
FORCE_SECURESESSION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
format(Locale, String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
format(String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
fromHex(String) - Static method in class org.owasp.esapi.codecs.Hex
Decode hexadecimal-encoded string and return raw byte array.
fromInt(int) - Static method in class org.owasp.esapi.util.ByteConversionUtil
Returns a byte array containing 4 network byte-ordered bytes representing the given int.
fromLong(long) - Static method in class org.owasp.esapi.util.ByteConversionUtil
Returns a byte array containing 8 network byte-ordered bytes representing the given long.
fromPortableSerializedBytes(byte[]) - Static method in class org.owasp.esapi.crypto.CipherText
Create a CipherText object from what is supposed to be a portable serialized byte array, given in network byte order, that represents a valid, previously serialized CipherText object using CipherText.asPortableSerializedByteArray().
fromShort(short) - Static method in class org.owasp.esapi.util.ByteConversionUtil
Returns a byte array containing 2 network byte ordered bytes representing the given short.

G

GeneralAttackSignatureRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <general-attack-signature> rules, which are not currently implemented.
GeneralAttackSignatureRule(String, Pattern) - Constructor for class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule
 
generateSecretKey(String, int) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Generate a random secret key appropriate to the specified cipher algorithm and key size.
generateStrongPassword() - Method in interface org.owasp.esapi.Authenticator
Generate a strong password.
generateStrongPassword(User, String) - Method in interface org.owasp.esapi.Authenticator
Generate strong password that takes into account the user's information and old password.
generateStrongPassword() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Generate a strong password.
generateStrongPassword(User, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Generate strong password that takes into account the user's information and old password.
get(Object) - Method in class org.owasp.esapi.codecs.HashTrie
Get the value for a key.
get(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
get(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
get(String) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
Follows the contract for java.util.Map;
getAccessControlImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Access Control implementation.
getAccessControlImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getAccessControlRules() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
 
getAccountId() - Method in class org.owasp.esapi.reference.DefaultUser
Gets this user's account id number.
getAccountId() - Method in interface org.owasp.esapi.User
Gets this user's account id number.
getAccountName() - Method in class org.owasp.esapi.reference.DefaultUser
Gets this user's account name.
getAccountName() - Method in interface org.owasp.esapi.User
Gets this user's account name.
getAdditionalAllowedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Return List of strings of additional cipher modes that are permitted (i.e., in addition to those returned by SecurityConfiguration.getCombinedCipherModes()) to be used for encryption and decryption operations.
getAdditionalAllowedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration
Return List of strings of additional cipher modes that are permitted (i.e., in addition to those returned by SecurityConfiguration.getCombinedCipherModes()) to be used for encryption and decryption operations.
getAfterBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
getAlgName() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
 
getAllowableContentRoot() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
 
getAllowedExecutables() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the allowed executables to run with the Executor.
getAllowedExecutables() - Method in interface org.owasp.esapi.SecurityConfiguration
Gets the allowed executables to run with the Executor.
getAllowedFileExtensions() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the allowed file extensions for files that are uploaded to this application.
getAllowedFileExtensions() - Method in interface org.owasp.esapi.SecurityConfiguration
Gets the allowed file extensions for files that are uploaded to this application.
getAllowedFileUploadSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the maximum allowed file upload size.
getAllowedFileUploadSize() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getAllowedLoginAttempts() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the number of login attempts allowed before the user's account is locked.
getAllowedLoginAttempts() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getAllowMixedEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Return true if mixed encoding is allowed
getAllowMixedEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getAllowMultipleEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Return true if multiple encoding is allowed
getAllowMultipleEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the application name, used for logging
getApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getAttribute(String) - Method in class org.owasp.esapi.crypto.CryptoToken
Retrieve the attribute with the specified name.
getAttribute(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getAttributeNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getAttributes() - Method in class org.owasp.esapi.crypto.CryptoToken
Retrieve a Map that is a clone of all the attributes.
getAuthenticationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Authentication implementation.
getAuthenticationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getAuthType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getBase64EncodedRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText
Return a base64-encoded representation of the raw ciphertext alone.
getBeforeBodyRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
getBeforeResponseRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
getBigDecimal(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getBigInteger(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getBits() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
 
getBlockSize() - Method in class org.owasp.esapi.crypto.CipherSpec
Retrieve the block size, in bytes.
getBlockSize() - Method in class org.owasp.esapi.crypto.CipherText
Retrieve the block size (in bytes!) of the cipher used for encryption.
getBoolean(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getBooleanProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
Get any Boolean type property from security configuration.
getBooleanProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Get any Boolean type property from security configuration.
getBufferSize() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
getByte(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getByteArrayProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
Get any byte array type property from security configuration.
getByteArrayProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Get any byte array type property from security configuration.
getChar(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getCharacterEncoding() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
getCharacterEncoding() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the character encoding scheme supported by this application.
getCharacterEncoding() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherSpec
Retrieve the cipher algorithm.
getCipherAlgorithm() - Method in class org.owasp.esapi.crypto.CipherText
Obtain the name of the cipher algorithm used for encrypting the plaintext.
getCipherMode() - Method in class org.owasp.esapi.crypto.CipherSpec
Retrieve the cipher mode.
getCipherMode() - Method in class org.owasp.esapi.crypto.CipherText
Get the name of the cipher mode used to encrypt some plaintext.
getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherSpec
Get the cipher transformation.
getCipherTransformation() - Method in class org.owasp.esapi.crypto.CipherText
Obtain the String representing the cipher transformation used to encrypt the plaintext.
getCipherTransformation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Retrieve the cipher transformation.
getCipherTransformation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getClass(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
Convert a single fully qualified class name into a Class object
getCombinedCipherModes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Return a List of strings of combined cipher modes that support both confidentiality and authenticity.
getCombinedCipherModes() - Method in interface org.owasp.esapi.SecurityConfiguration
Return a List of strings of combined cipher modes that support both confidentiality and authenticity.
getConfigName() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
 
getConfiguration() - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
 
getContentLength() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getContentType() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
getContentType() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
getContext() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
Return the optional 'context' that typically contains information related to the keying material, such as the identities of the message sender and recipient.
getContext() - Method in exception org.owasp.esapi.errors.ValidationException
Returns the UI reference that caused this ValidationException
getContextPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the context path from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getCookie(String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls getCookie with the *current* response.
getCookie(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized value of the named cookie after "global" validation against the general type defined in ESAPI.properties.
getCookie(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized value of the named cookie after "global" validation against the general type defined in ESAPI.properties.
getCookie(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls getCookie with the *current* response.
getCookieRules() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
getCookies() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the array of Cookies from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getCSRFToken() - Method in interface org.owasp.esapi.HTTPUtilities
Returns the current user's CSRF token.
getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Returns the current user's CSRF token.
getCSRFToken() - Method in class org.owasp.esapi.reference.DefaultUser
Gets the CSRF token for this user's current sessions.
getCSRFToken() - Method in interface org.owasp.esapi.User
Gets the CSRF token for this user's current sessions.
getCurrentRequest() - Method in interface org.owasp.esapi.HTTPUtilities
Retrieves the current HttpServletRequest
getCurrentRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Retrieves the current HttpServletRequest
getCurrentResponse() - Method in interface org.owasp.esapi.HTTPUtilities
Retrieves the current HttpServletResponse
getCurrentResponse() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Retrieves the current HttpServletResponse
getCurrentUser() - Method in interface org.owasp.esapi.Authenticator
Returns the currently logged in User.
getCurrentUser() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Returns the currently logged in User.
getDate(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getDateHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getDefaultCanonicalizationCodecs() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the List of Codecs to use when canonicalizing data
getDefaultCanonicalizationCodecs() - Method in interface org.owasp.esapi.SecurityConfiguration
Returns the List of Codecs to use when canonicalizing data
getDefaultErrorPage() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
getDefaultResponseCode() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
getDictionaryParameter(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
 
getDictionaryParameterNames() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
 
getDigitalSignatureAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
getDigitalSignatureAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getDigitalSignatureKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the digital signature key length used by ESAPI to generate and verify signatures.
getDigitalSignatureKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getDirectReference(K) - Method in interface org.owasp.esapi.AccessReferenceMap
Get the original direct object reference from an indirect reference.
getDirectReference(K) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
Get the original direct object reference from an indirect reference.
getDisableIntrusionDetection() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Allows for complete disabling of all intrusion detection mechanisms
getDisableIntrusionDetection() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getDouble(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getEncodedIVCipherText() - Method in class org.owasp.esapi.crypto.CipherText
Return the ciphertext as a base64-encoded String.
getEncoder() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
 
getEncoderImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Encoder implementation.
getEncoderImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getEncoding() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
Get the encoding used to convert the content to bytes for encoding.
getEncryptionAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the encryption algorithm used by ESAPI to protect data.
getEncryptionAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getEncryptionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Encryption implementation.
getEncryptionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getEncryptionKeyLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getEncryptionKeyLength() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getEncryptionTimestamp() - Method in class org.owasp.esapi.crypto.CipherText
Get stored time stamp representing when data was encrypted.
getError(String) - Method in class org.owasp.esapi.ValidationErrorList
Retrieves ValidationException for given context if one exists.
getErrors() - Method in class org.owasp.esapi.ExecuteResult
 
getESAPILevel() - Method in interface org.owasp.esapi.Logger
Retrieve the current ESAPI logging level for this logger.
getESAPILevel() - Method in class org.owasp.esapi.reference.Log4JLogger
Retrieve the current ESAPI logging level for this logger.
getESAPIProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getESAPIProperty(String, String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getESAPIProperty(String, boolean) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getESAPIProperty(String, int) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getESAPIProperty(String, List<String>) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns a List representing the parsed, comma-separated property.
getESAPIPropertyEncoded(String, byte[]) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getEventMap() - Method in class org.owasp.esapi.reference.DefaultUser
 
getEventMap() - Method in interface org.owasp.esapi.User
Returns the hashmap used to store security events for this user.
getExecutorImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI OS Execution implementation.
getExecutorImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getExitValue() - Method in class org.owasp.esapi.ExecuteResult
 
getExpiration() - Method in class org.owasp.esapi.crypto.CryptoToken
Return the expiration time in milliseconds since epoch time (midnight, January 1, 1970 UTC).
getExpirationDate() - Method in class org.owasp.esapi.crypto.CryptoToken
Return the expiration time as a Date.
getExpirationTime() - Method in class org.owasp.esapi.reference.DefaultUser
Returns the date that this user's account will expire.
getExpirationTime() - Method in interface org.owasp.esapi.User
Returns the date that this user's account will expire.
getFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser
Returns the number of failed login attempts since the last successful login for an account.
getFailedLoginCount() - Method in interface org.owasp.esapi.User
Returns the number of failed login attempts since the last successful login for an account.
getFileUploads() - Method in interface org.owasp.esapi.HTTPUtilities
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File) - Method in interface org.owasp.esapi.HTTPUtilities
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File, List) - Method in interface org.owasp.esapi.HTTPUtilities
Extract uploaded files from a multipart HTTP requests.
getFileUploads() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
getFileUploads(HttpServletRequest, File, List) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Extract uploaded files from a multipart HTTP requests.
getFixedIV() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
If a "fixed" (i.e., static) Initialization Vector (IV) is to be used, this will return the IV value as a hex-encoded string.
getFixedIV() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Short term: use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead. Longer term: There will be a more general method in JavaEncryptor to explicitly set an IV. This whole concept of a single fixed IV has always been a kludge at best, as a concession to those who have used a single fixed IV in the past. It's time to put it to death as it was never intended for production in the first place.
getFloat(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getForceHttpOnlyCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns true if new cookies are required to have HttpOnly flag set.
getForceHttpOnlyCookies() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getForceHttpOnlySession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns true if session cookies are required to have HttpOnly flag set.
getForceHttpOnlySession() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getForceSecureCookies() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns true if new cookies are required to have Secure flag set.
getForceSecureCookies() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getForceSecureSession() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns true if session cookies are required to have Secure flag set.
getForceSecureSession() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getHashAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the hashing algorithm used by ESAPI to hash data.
getHashAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getHashIterations() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the hash iterations used by ESAPI to hash data.
getHashIterations() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the named header from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getHeader(String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls getHeader with the *current* request.
getHeader(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized value of the named header after "global" validation against the general type defined in ESAPI.properties.
getHeader(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized value of the named header after "global" validation against the general type defined in ESAPI.properties.
getHeader(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls getHeader with the *current* request.
getHeaderNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the enumeration of header names from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getHeaders(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the enumeration of headers from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getHexForNonAlphanumeric(char) - Static method in class org.owasp.esapi.codecs.Codec
Lookup the hex value of any character that is not alphanumeric.
getHttpSessionIdName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.
getHttpSessionIdName() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getHTTPUtilitiesImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
getHTTPUtilitiesImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getIndirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
Get a safe indirect reference to use in place of a potentially sensitive direct object reference.
getIndirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
Get a safe indirect reference to use in place of a potentially sensitive direct object reference.
getInputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getInputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
 
getInstance() - Static method in class org.owasp.esapi.reference.crypto.JavaEncryptor
 
getInstance() - Static method in class org.owasp.esapi.reference.DefaultAccessController
 
getInstance() - Static method in class org.owasp.esapi.reference.DefaultEncoder
 
getInstance() - Static method in class org.owasp.esapi.reference.DefaultExecutor
 
getInstance() - Static method in class org.owasp.esapi.reference.DefaultHTTPUtilities
 
getInstance() - Static method in class org.owasp.esapi.reference.DefaultRandomizer
 
getInstance() - Static method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getInstance() - Static method in class org.owasp.esapi.reference.DefaultValidator
 
getInstance() - Static method in class org.owasp.esapi.reference.FileBasedAuthenticator
 
getInstance() - Static method in class org.owasp.esapi.reference.JavaLogFactory
 
getInstance() - Static method in class org.owasp.esapi.reference.Log4JLogFactory
 
getInstance(String) - Static method in class org.owasp.esapi.reference.Log4JLogger
This method overrides Category.getInstance(java.lang.String) by supplying its own factory type as a parameter.
getInstance(Class) - Static method in class org.owasp.esapi.reference.Log4JLogger
This method overrides Category.getInstance(java.lang.String) by supplying its own factory type as a parameter.
getInt(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getInterceptingServletOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
getIntHeader(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getIntProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
Get any int type property from security configuration.
getIntProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Get any int type property from security configuration.
getIntrusionDetectionImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
getIntrusionDetectionImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getIV() - Method in class org.owasp.esapi.crypto.CipherSpec
Retrieve the initialization vector (IV).
getIV() - Method in class org.owasp.esapi.crypto.CipherText
Return the initialization vector (IV) used to encrypt the plaintext if applicable.
getIVType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Get a string indicating how to compute an Initialization Vector (IV).
getIVType() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getKDF_PRF() - Method in class org.owasp.esapi.crypto.CipherText
 
getKDFInfo() - Method in class org.owasp.esapi.crypto.CipherText
Based on the KDF version and the selected MAC algorithm for the KDF PRF, calculate the 32-bit quantity representing these.
getKDFPseudoRandomFunction() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).
getKDFPseudoRandomFunction() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getKDFVersion() - Method in class org.owasp.esapi.crypto.CipherText
 
getKeySize() - Method in class org.owasp.esapi.crypto.CipherSpec
Retrieve the key size, in bits.
getKeySize() - Method in class org.owasp.esapi.crypto.CipherText
Retrieve the key size used with the cipher algorithm that was used to encrypt data to produce this ciphertext.
getLastFailedLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser
Returns the date of the last failed login time for a user.
getLastFailedLoginTime() - Method in interface org.owasp.esapi.User
Returns the date of the last failed login time for a user.
getLastHostAddress() - Method in class org.owasp.esapi.reference.DefaultUser
Returns the last host address used by the user.
getLastHostAddress() - Method in interface org.owasp.esapi.User
Returns the last host address used by the user.
getLastLoginTime() - Method in class org.owasp.esapi.reference.DefaultUser
Returns the date of the last successful login time for a user.
getLastLoginTime() - Method in interface org.owasp.esapi.User
Returns the date of the last successful login time for a user.
getLastPasswordChangeTime() - Method in class org.owasp.esapi.reference.DefaultUser
Gets the date of user's last password change.
getLastPasswordChangeTime() - Method in interface org.owasp.esapi.User
Gets the date of user's last password change.
getLenientDatesAccepted() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Determines whether ESAPI will accept "lenient" dates when attempt to parse dates.
getLenientDatesAccepted() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLevenshteinDistance(String, String) - Static method in class org.owasp.esapi.StringUtilities
Calculate the Edit Distance between 2 Strings as a measure of similarity.
getLocalAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getLocale() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
getLocale() - Method in class org.owasp.esapi.reference.DefaultUser
 
getLocale() - Method in interface org.owasp.esapi.User
 
getLocales() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getLocalName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getLocalPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getLogApplicationName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns whether ESAPI should log the application name.
getLogApplicationName() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLogDirectory() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
Deprecated.
getLogEncodingRequired() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns whether HTML entity encoding should be applied to log entries.
getLogEncodingRequired() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLogFileName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Get the name of the log file specified in the ESAPI configuration properties file.
getLogFileName() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getLogger(Class) - Static method in class org.owasp.esapi.ESAPI
 
getLogger(String) - Static method in class org.owasp.esapi.ESAPI
 
getLogger(String) - Method in interface org.owasp.esapi.LogFactory
Gets the logger associated with the specified module name.
getLogger(Class) - Method in interface org.owasp.esapi.LogFactory
Gets the logger associated with the specified class.
getLogger(Class) - Method in class org.owasp.esapi.reference.JavaLogFactory
Gets the logger associated with the specified class.
getLogger(String) - Method in class org.owasp.esapi.reference.JavaLogFactory
Gets the logger associated with the specified module name.
getLogger(Class) - Method in class org.owasp.esapi.reference.Log4JLogFactory
Gets the logger associated with the specified class.
getLogger(String) - Method in class org.owasp.esapi.reference.Log4JLogFactory
Gets the logger associated with the specified module name.
getLogger(String) - Static method in class org.owasp.esapi.reference.Log4JLogger
This method overrides Logger.getLogger(java.lang.String) by supplying its own factory type as a parameter.
getLogger(Class) - Static method in class org.owasp.esapi.reference.Log4JLogger
This method overrides Logger.getLogger(java.lang.String) by supplying its own factory type as a parameter.
getLogImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Logging implementation.
getLogImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getLogLevel() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the current log level.
getLogLevel() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getLogLevel() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
Deprecated.
getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException
Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
getLogMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
getLogMessage() - Method in exception org.owasp.esapi.errors.IntrusionException
Returns a String that is safe to display in logs, but probably not to users
getLogServerIP() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns whether ESAPI should log the server IP.
getLogServerIP() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
getLong(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.HashTrie
Get the key value entry who's key is the longest prefix match.
getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.HashTrie
Get the key value entry who's key is the longest prefix match.
getLongestMatch(CharSequence) - Method in interface org.owasp.esapi.codecs.Trie
 
getLongestMatch(PushbackReader) - Method in interface org.owasp.esapi.codecs.Trie
 
getLongestMatch(CharSequence) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
getLongestMatch(PushbackReader) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
getMasterKey() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the master key.
getMasterKey() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
getMasterSalt() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.
getMasterSalt() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
getMaxCardLength() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
 
getMaxHttpHeaderSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the maximum allowable HTTP header size.
getMaxHttpHeaderSize() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getMaxKeyLength() - Method in class org.owasp.esapi.codecs.HashTrie
Get the maximum key length.
getMaxKeyLength() - Method in interface org.owasp.esapi.codecs.Trie
 
getMaxKeyLength() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
getMaxLogFileSize() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Get the maximum size of a single log file from the ESAPI configuration properties file.
getMaxLogFileSize() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getMaxOldPasswordHashes() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the maximum number of old password hashes that should be retained.
getMaxOldPasswordHashes() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getMessage(String, Object[]) - Method in class org.owasp.esapi.util.DefaultMessageUtil
 
getMethod() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getName() - Method in class org.owasp.esapi.reference.DefaultUser
getName() - Method in class org.owasp.esapi.waf.internal.Parameter
 
getObject(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getOutput() - Method in class org.owasp.esapi.ExecuteResult
 
getOutputStream() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
getOutputStream() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherSpec
Retrieve the cipher padding scheme.
getPaddingScheme() - Method in class org.owasp.esapi.crypto.CipherText
Get the name of the padding scheme used to encrypt some plaintext.
getParameter(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String, boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String, boolean, int) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String, boolean, int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the named parameter from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameter(String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls getParameter with the *current* request.
getParameter(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized value of the named parameter after "global" validation against the general type defined in ESAPI.properties.
getParameter(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized value of the named parameter after "global" validation against the general type defined in ESAPI.properties.
getParameter(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls getParameter with the *current* request.
getParameterMap() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the parameter map from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameterNames() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the enumeration of parameter names from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getParameters(String[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
Convert an array of fully qualified class names into an array of Class objects
getParameters(XMLConfiguration, int) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoader
 
getParameters(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader
 
getParameterValue(XMLConfiguration, int, int, String) - Static method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper
 
getParameterValues(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the array of matching parameter values from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getPasswordParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the name of the password parameter used during user authentication.
getPasswordParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getPathInfo() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the path info from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getPathTranslated() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getPolicyParameter(XMLConfiguration, int) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
 
getPolicyParameters() - Method in interface org.owasp.esapi.AccessControlRule
 
getPolicyParameters() - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR
 
getPreferredJCEProvider() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Retrieve the preferred JCE provider for ESAPI and your application.
getPreferredJCEProvider() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getPRFAlgName() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
Return the name of the algorithm for the Pseudo Random Function (PRF) that is being used.
getPriority() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
 
getProperty(String) - Method in interface org.owasp.esapi.EncryptedProperties
Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
getProperty(String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
getProperty(String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
Gets the property value from the encrypted store, decrypts it, and returns the plaintext value to the caller.
getProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
getProtocol() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getQueryString() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the query string from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getQuota(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the intrusion detection quota for the specified event.
getQuota(String) - Method in interface org.owasp.esapi.SecurityConfiguration
Gets the intrusion detection quota for the specified event.
getRandomAlgorithm() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the random number generation algorithm used to generate random numbers where needed.
getRandomAlgorithm() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getRandomBoolean() - Method in interface org.owasp.esapi.Randomizer
Returns a random boolean.
getRandomBoolean() - Method in class org.owasp.esapi.reference.DefaultRandomizer
Returns a random boolean.
getRandomBytes(int) - Method in interface org.owasp.esapi.Randomizer
Generates a specified number of random bytes.
getRandomBytes(int) - Method in class org.owasp.esapi.reference.DefaultRandomizer
Generates a specified number of random bytes.
getRandomFilename(String) - Method in interface org.owasp.esapi.Randomizer
Returns an unguessable random filename with the specified extension.
getRandomFilename(String) - Method in class org.owasp.esapi.reference.DefaultRandomizer
Returns an unguessable random filename with the specified extension.
getRandomGUID() - Method in interface org.owasp.esapi.Randomizer
Generates a random GUID.
getRandomGUID() - Method in class org.owasp.esapi.reference.DefaultRandomizer
Generates a random GUID.
getRandomInteger(int, int) - Method in interface org.owasp.esapi.Randomizer
Gets the random integer.
getRandomInteger(int, int) - Method in class org.owasp.esapi.reference.DefaultRandomizer
Gets the random integer.
getRandomizerImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Randomizer implementation.
getRandomizerImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getRandomLong() - Method in interface org.owasp.esapi.Randomizer
Gets the random long.
getRandomLong() - Method in class org.owasp.esapi.reference.DefaultRandomizer
Gets the random long.
getRandomReal(float, float) - Method in interface org.owasp.esapi.Randomizer
Gets the random real.
getRandomReal(float, float) - Method in class org.owasp.esapi.reference.DefaultRandomizer
Gets the random real.
getRandomString(int, char[]) - Method in interface org.owasp.esapi.Randomizer
Gets a random string of a desired length and character set.
getRandomString(int, char[]) - Method in class org.owasp.esapi.reference.DefaultRandomizer
Gets a random string of a desired length and character set.
getRawCipherText() - Method in class org.owasp.esapi.crypto.CipherText
Get the raw ciphertext byte array resulting from encrypting some plaintext.
getRawCipherTextByteLength() - Method in class org.owasp.esapi.crypto.CipherText
Get number of bytes in raw ciphertext.
getReader() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getReader() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
 
getRealPath(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Deprecated.
in servlet spec 2.1. Use ServletContext.getRealPath(String) instead.
getRedirectURL() - Method in class org.owasp.esapi.waf.actions.RedirectAction
 
getRelativeTimeStamp(long) - Method in interface org.owasp.esapi.Encryptor
Gets an absolute timestamp representing an offset from the current time to be used by other functions in the library.
getRelativeTimeStamp(long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Gets an absolute timestamp representing an offset from the current time to be used by other functions in the library.
getRememberTokenDuration() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the length of the time to live window for remember me tokens (in milliseconds).
getRememberTokenDuration() - Method in interface org.owasp.esapi.SecurityConfiguration
Gets the length of the time to live window for remember me tokens (in milliseconds).
getRemoteAddr() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getRemoteHost() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getRemotePort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
getRemoteUser() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the name of the ESAPI user associated with this getHttpServletRequest().
getRequestAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities
Gets a typed attribute from the HttpServletRequest associated with the caller thread.
getRequestAttribute(HttpServletRequest, String) - Method in interface org.owasp.esapi.HTTPUtilities
Gets a typed attribute from the HttpServletRequest associated with the passed in request.
getRequestAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Gets a typed attribute from the HttpServletRequest associated with the caller thread.
getRequestAttribute(HttpServletRequest, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Gets a typed attribute from the HttpServletRequest associated with the passed in request.
getRequestDispatcher(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Checks to make sure the path to forward to is within the WEB-INF directory and then returns the dispatcher.
getRequestedSessionId() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the URI from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getRequestURI() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the URI from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getRequestURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the URL from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getResourceFile(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets a file from the resource directory
getResourceFile(String) - Method in interface org.owasp.esapi.SecurityConfiguration
Gets a file from the resource directory
getResourceStream(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
getResourceStream(String) - Method in interface org.owasp.esapi.SecurityConfiguration
Gets an InputStream to a file in the resource directory
getResponseBytes() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
getResponseContentType() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the content type for responses used when setSafeContentType() is called.
getResponseContentType() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getRoles() - Method in class org.owasp.esapi.reference.DefaultUser
Gets the roles assigned to a particular account.
getRoles() - Method in interface org.owasp.esapi.User
Gets the roles assigned to a particular account.
getRule(String) - Method in class org.owasp.esapi.reference.DefaultValidator
Get a validation rule from the registry with the "type name" of the rule as the key.
getRule(String) - Method in interface org.owasp.esapi.Validator
 
getSafe(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
Try to call get valid, then call sanitize, finally return a default value
getSafe(String, String) - Method in interface org.owasp.esapi.ValidationRule
Try to call get valid, then call sanitize, finally return a default value
getScheme() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the scheme from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getScreenName() - Method in class org.owasp.esapi.reference.DefaultUser
Gets the screen name (alias) for the current user.
getScreenName() - Method in interface org.owasp.esapi.User
Gets the screen name (alias) for the current user.
getSeparateMAC() - Method in class org.owasp.esapi.crypto.CipherText
Return the separately calculated Message Authentication Code (MAC) that is computed via the computeAndStoreMAC(SecretKey authKey) method.
getSerialVersionUID() - Static method in class org.owasp.esapi.crypto.CipherText
Deprecated.
Use CipherText.cipherTextVersion instead. Will disappear as of ESAPI 2.1.
getServerName() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the server name (host header) from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getServerPort() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the server port (after the : in the host header) from the HttpServletRequest after parsing and checking the range 0-65536.
getServletPath() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the server path from the HttpServletRequest after canonicalizing and filtering out any dangerous characters.
getSession() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns a session, creating it if necessary, and sets the HttpOnly flag on the Session ID cookie.
getSession(boolean) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns a session, creating it if necessary, and sets the HttpOnly flag on the Session ID cookie.
getSessionAbsoluteTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the absolute timeout length for sessions (in milliseconds).
getSessionAbsoluteTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getSessionAttribute(String) - Method in interface org.owasp.esapi.HTTPUtilities
Gets a typed attribute from the session associated with the calling thread.
getSessionAttribute(HttpSession, String) - Method in interface org.owasp.esapi.HTTPUtilities
Gets a typed attribute from the passed in session.
getSessionAttribute(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Gets a typed attribute from the session associated with the calling thread.
getSessionAttribute(HttpSession, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Gets a typed attribute from the passed in session.
getSessionCookieName() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
getSessionIdleTimeoutLength() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the idle timeout length for sessions (in milliseconds).
getSessionIdleTimeoutLength() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
getSessions() - Method in class org.owasp.esapi.reference.DefaultUser
Returns the list of sessions associated with this User.
getSessions() - Method in interface org.owasp.esapi.User
Returns the list of sessions associated with this User.
getString(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getString(String, String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
getStringArray(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
getStringProp(String) - Method in interface org.owasp.esapi.configuration.EsapiPropertyLoader
Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.configuration.EsapiPropertyManager
Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
Get any property from security configuration.
getStringProp(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Get any property from security configuration.
getStringValidatorRule() - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
 
getTime(String) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
Convenience method to avoid common casts.
getTimeStamp() - Method in interface org.owasp.esapi.Encryptor
Gets a timestamp representing the current date and time to be used by other functions in the library.
getTimeStamp() - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Gets a timestamp representing the current date and time to be used by other functions in the library.
getToken(SecretKey) - Method in class org.owasp.esapi.crypto.CryptoToken
Return the new encrypted token as a base64-encoded string, encrypted with the specified SecretKey which may be a different key than what the token was originally encrypted with.
getToken() - Method in class org.owasp.esapi.crypto.CryptoToken
Return the new encrypted token as a base64-encoded string, encrypted with the specified SecretKey with which this object was constructed.
getTypeName() - Method in enum org.owasp.esapi.configuration.consts.EsapiConfigurationType
 
getTypeName() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
Programmatically supplied name for the validator
getTypeName() - Method in interface org.owasp.esapi.ValidationRule
Programmatically supplied name for the validator
getUniqueReference() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
getUniqueReference() - Method in class org.owasp.esapi.reference.IntegerAccessReferenceMap
TODO Javadoc Note: this is final as redefinition by subclasses can lead to use before initialization issues as #RandomAccessReferenceMap(Set) and #RandomAccessReferenceMap(Set,int) both call it internally.
getUniqueReference() - Method in class org.owasp.esapi.reference.RandomAccessReferenceMap
Returns a Unique Reference Key to be associated with a new directReference being inserted into the AccessReferenceMap.
getUploadDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Retrieves the upload directory as specified in the ESAPI.properties file.
getUploadDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
Retrieves the upload directory as specified in the ESAPI.properties file.
getUploadTempDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
getUploadTempDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
getUser(long) - Method in interface org.owasp.esapi.Authenticator
Returns the User matching the provided accountId.
getUser(String) - Method in interface org.owasp.esapi.Authenticator
Returns the User matching the provided accountName.
getUser(long) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Returns the User matching the provided accountId.
getUser(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Returns the User matching the provided accountName.
getUserAccountName() - Method in class org.owasp.esapi.crypto.CryptoToken
Retrieve the user account name associated with this CryptoToken object.
getUserFromRememberToken() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Returns the user if a matching remember token is found, or null if the token is missing, token is corrupt, token is expired, account name does not match and existing account, or hashed password does not match user's hashed password.
getUserFromSession() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Gets the user from session.
getUserInfo() - Method in class org.owasp.esapi.reference.Log4JLogger
 
getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityException
Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
getUserMessage() - Method in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
getUserMessage() - Method in exception org.owasp.esapi.errors.IntrusionException
Returns a String containing a message that is safe to display to users
getUsernameParameterName() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Gets the name of the username parameter used during user authentication.
getUsernameParameterName() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getUserNames() - Method in interface org.owasp.esapi.Authenticator
Gets a collection containing all the existing user names.
getUserNames() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Gets a collection containing all the existing user names.
getUserPrincipal() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns the ESAPI User associated with this getHttpServletRequest().
getValid(String, String, ValidationErrorList) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
Get a validated value, add the errors to an existing error list
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule
Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule
 
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule
Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
Parse the input, throw exceptions if validation fails
getValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
Parse the input, throw exceptions if validation fails
getValid(String, String, ValidationErrorList) - Method in interface org.owasp.esapi.ValidationRule
Get a validated value, add the errors to an existing error list
getValidationImplementation() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Returns the fully qualified classname of the ESAPI Validation implementation.
getValidationImplementation() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
getValidationPattern(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getValidationPattern returns a single pattern based upon key
getValidationPattern(String) - Method in interface org.owasp.esapi.SecurityConfiguration
Returns the validation pattern for a particular type
getValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a canonicalized and validated credit card number as a String.
getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions
getValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator
Returns a canonicalized and validated credit card number as a String.
getValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions
getValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a valid date as a Date.
getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidDate with the supplied errorList to capture ValidationExceptions
getValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator
Returns a valid date as a Date.
getValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidDate with the supplied errorList to capture ValidationExceptions
getValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions
getValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator
Returns a canonicalized and validated directory path as a String, provided that the input maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
getValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions
getValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a validated real number as a double.
getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidDouble with the supplied errorList to capture ValidationExceptions
getValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator
Returns a validated real number as a double.
getValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidDouble with the supplied errorList to capture ValidationExceptions
getValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns validated file content as a byte array.
getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileContent with the supplied errorList to capture ValidationExceptions
getValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
Returns validated file content as a byte array.
getValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidFileContent with the supplied errorList to capture ValidationExceptions
getValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a canonicalized and validated file name as a String.
getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileName with the supplied errorList to capture ValidationExceptions
getValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
Returns a canonicalized and validated file name as a String.
getValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidFileName with the supplied errorList to capture ValidationExceptions
getValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Validates data received from the browser and returns a safe version.
getValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Validates data received from the browser and returns a safe version.
getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Validates data received from the browser and returns a safe version.
getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Validates data received from the browser and returns a safe version.
getValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
Returns canonicalized and validated input as a String.
getValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator
Returns validated input as a String with optional canonicalization.
getValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidInput with the supplied errorList to capture ValidationExceptions
getValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidInput with the supplied errorList to capture ValidationExceptions
getValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a validated integer.
getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidInteger with the supplied errorList to capture ValidationExceptions
getValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator
Returns a validated integer.
getValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidInteger with the supplied errorList to capture ValidationExceptions
getValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns the list item that exactly matches the canonicalized input.
getValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
ValidationErrorList variant of getValidListItem
getValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator
Returns the list item that exactly matches the canonicalized input.
getValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidListItem with the supplied errorList to capture ValidationExceptions
getValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a validated number as a double within the range of minValue to maxValue.
getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
getValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator
Returns a validated number as a double within the range of minValue to maxValue.
getValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
getValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns canonicalized and validated printable characters as a byte array.
getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
ValidationErrorList variant of getValidPrintable
getValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns canonicalized and validated printable characters as a String.
getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
ValidationErrorList variant of getValidPrintable
getValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator
Returns canonicalized and validated printable characters as a byte array.
getValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
getValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
Returns canonicalized and validated printable characters as a String.
getValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
getValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns a canonicalized and validated redirect location as a String.
getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
ValidationErrorList variant of getValidRedirectLocation
getValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator
Returns a canonicalized and validated redirect location as a String.
getValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidRedirectLocation with the supplied errorList to capture ValidationExceptions
getValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
getValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
getValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
getValue() - Method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
 
getValue() - Method in class org.owasp.esapi.waf.internal.Parameter
 
getVersion() - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
Return the version used for backward compatibility.
getWorkingDirectory() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
getWorkingDirectory returns the default directory where processes will be executed by the Executor.
getWorkingDirectory() - Method in interface org.owasp.esapi.SecurityConfiguration
Returns the default working directory for executing native processes with Runtime.exec().
getWrap() - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
Get whether line wrapping at 64 characters is performed.
getWrapped() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
getWriter() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
getWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
GZIP - Static variable in class org.owasp.esapi.codecs.Base64
Specify that data should be gzip-compressed.

H

hash(String, String) - Method in interface org.owasp.esapi.Encryptor
Returns a string representation of the hash of the provided plaintext and salt.
hash(String, String, int) - Method in interface org.owasp.esapi.Encryptor
Returns a string representation of the hash of the provided plaintext and salt.
hash(String, String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Returns a string representation of the hash of the provided plaintext and salt.
hash(String, String, int) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Returns a string representation of the hash of the provided plaintext and salt.
HASH_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
HASH_ITERATIONS - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
hashCode() - Method in class org.owasp.esapi.codecs.HashTrie
hashCode() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
hashCode() - Method in class org.owasp.esapi.crypto.CipherSpec
hashCode() - Method in class org.owasp.esapi.crypto.CipherText
hashCode() - Method in class org.owasp.esapi.crypto.PlainText
Same as this.toString().hashCode().
hashCode(Object) - Static method in class org.owasp.esapi.util.NullSafe
Object.hashCode() of an object.
hashPassword(String, String) - Method in interface org.owasp.esapi.Authenticator
Returns a string representation of the hashed password, using the accountName as the salt.
hashPassword(String, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Returns a string representation of the hashed password, using the accountName as the salt.
HashTrie<T> - Class in org.owasp.esapi.codecs
Trie implementation for CharSequence keys.
HashTrie() - Constructor for class org.owasp.esapi.codecs.HashTrie
 
hasNext() - Method in class org.owasp.esapi.codecs.PushbackString
 
HEADER - Static variable in interface org.owasp.esapi.HTTPUtilities
 
Hex - Class in org.owasp.esapi.codecs
Encode and decode to/from hexadecimal strings to byte arrays.
Hex() - Constructor for class org.owasp.esapi.codecs.Hex
 
HTMLEntityCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for HTML entity encoding.
HTMLEntityCodec() - Constructor for class org.owasp.esapi.codecs.HTMLEntityCodec
 
HTMLValidationRule - Class in org.owasp.esapi.reference.validation
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
HTMLValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule
 
HTMLValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule
 
HTMLValidationRule(String, Encoder, String) - Constructor for class org.owasp.esapi.reference.validation.HTMLValidationRule
 
HTTP_SESSION_ID_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
HTTP_UTILITIES_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
HTTPMethodRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <restrict-method> rules.
HTTPMethodRule(String, Pattern, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.HTTPMethodRule
 
httpUtilities() - Static method in class org.owasp.esapi.ESAPI
 
HTTPUtilities - Interface in org.owasp.esapi
The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests, responses, sessions, cookies, headers, and logging.

I

id - Variable in class org.owasp.esapi.waf.rules.Rule
 
IDLE_TIMEOUT_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
incrementFailedLoginCount() - Method in class org.owasp.esapi.reference.DefaultUser
Increment failed login count.
incrementFailedLoginCount() - Method in interface org.owasp.esapi.User
Increment failed login count.
index() - Method in class org.owasp.esapi.codecs.PushbackString
Get the current index of the PushbackString.
INFO - Static variable in interface org.owasp.esapi.Logger
INFO indicates that INFO messages and above should be logged.
info(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
Log an info level security event if 'info' level logging is enabled.
info(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
Log an info level security event if 'info' level logging is enabled and also record the stack trace associated with the event.
info(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
Log an info level security event if 'info' level logging is enabled.
info(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Log an info level security event if 'info' level logging is enabled and also record the stack trace associated with the event.
info(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
info(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
init(FilterConfig) - Method in class org.owasp.esapi.filters.ClickjackFilter
Initialize "mode" parameter from web.xml.
init(FilterConfig) - Method in class org.owasp.esapi.filters.ESAPIFilter
Called by the web container to indicate to a filter that it is being placed into service.
init(FilterConfig) - Method in class org.owasp.esapi.filters.RequestRateThrottleFilter
Called by the web container to indicate to a filter that it is being placed into service.
init(FilterConfig) - Method in class org.owasp.esapi.filters.SecurityWrapper
 
init(FilterConfig) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected.
initialize(String) - Static method in class org.owasp.esapi.ESAPI
 
initialize() - Method in class org.owasp.esapi.util.DefaultMessageUtil
 
initProperties() - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
Initializes properties object and fills it with data from configuration file.
insertProviderAt(String, int) - Static method in class org.owasp.esapi.crypto.SecurityProviderLoader
This methods adds a provider to the SecurityManager either by some generic name or by the class name.
IntegerAccessReferenceMap - Class in org.owasp.esapi.reference
Reference implementation of the AccessReferenceMap interface.
IntegerAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
TODO Javadoc
IntegerAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
TODO Javadoc
IntegerAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
TODO Javadoc
IntegerAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.IntegerAccessReferenceMap
TODO Javadoc
IntegerValidationRule - Class in org.owasp.esapi.reference.validation
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
IntegerValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule
 
IntegerValidationRule(String, Encoder, int, int) - Constructor for class org.owasp.esapi.reference.validation.IntegerValidationRule
 
IntegrityException - Exception in org.owasp.esapi.errors
An IntegrityException should be thrown when a problem with the integrity of data has been detected.
IntegrityException() - Constructor for exception org.owasp.esapi.errors.IntegrityException
Instantiates a new availability exception.
IntegrityException(String, String) - Constructor for exception org.owasp.esapi.errors.IntegrityException
Creates a new instance of IntegrityException.
IntegrityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntegrityException
Instantiates a new IntegrityException.
InterceptingHTTPServletRequest - Class in org.owasp.esapi.waf.internal
The wrapper for the HttpServletRequest object which will be passed to the application being protected by the WAF.
InterceptingHTTPServletRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest
 
InterceptingHTTPServletResponse - Class in org.owasp.esapi.waf.internal
The wrapper for the HttpServletResponse object which will be passed to the application being protected by the WAF.
InterceptingHTTPServletResponse(HttpServletResponse, boolean, List<Rule>) - Constructor for class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
InterceptingPrintWriter - Class in org.owasp.esapi.waf.internal
The PrintWriter needed to buffer outbound data generated by the application being protected by the WAF.
InterceptingPrintWriter(Writer) - Constructor for class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
InterceptingServletOutputStream - Class in org.owasp.esapi.waf.internal
This class was inspired by ModSecurity for Java by Ivan Ristic.
InterceptingServletOutputStream(ServletOutputStream, boolean) - Constructor for class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
interval - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
The time frame within which 'count' number of actions has to be detected in order to trigger this threshold.
INTRUSION_DETECTION_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
intrusionDetector() - Static method in class org.owasp.esapi.ESAPI
 
IntrusionDetector - Interface in org.owasp.esapi
The IntrusionDetector interface is intended to track security relevant events and identify attack behavior.
IntrusionException - Exception in org.owasp.esapi.errors
An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack in progress.
IntrusionException(String, String) - Constructor for exception org.owasp.esapi.errors.IntrusionException
Creates a new instance of IntrusionException.
IntrusionException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.IntrusionException
Instantiates a new intrusion exception.
IPRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <detect-source-ip> rules.
IPRule(String, Pattern, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule
 
IPRule(String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.IPRule
 
isActionNecessary() - Method in class org.owasp.esapi.waf.actions.Action
 
isActionNecessary() - Method in class org.owasp.esapi.waf.actions.BlockAction
 
isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DefaultAction
 
isActionNecessary() - Method in class org.owasp.esapi.waf.actions.DoNothingAction
 
isAllowedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Return true if specified cipher mode is one that may be used for encryption / decryption operations via Encryptor.
isAllowNull() - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
 
isAnonymous() - Method in class org.owasp.esapi.reference.DefaultUser
Checks if user is anonymous.
isAnonymous() - Method in interface org.owasp.esapi.User
Checks if user is anonymous.
isAuthorized(Object, Object) - Method in interface org.owasp.esapi.AccessController
isAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.
isAuthorized(R) - Method in interface org.owasp.esapi.AccessControlRule
 
isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR
 
isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR
 
isAuthorized(Object[]) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
Delegates to the method specified in setPolicyParameters
isAuthorized(Boolean) - Method in class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
Returns true iff runtimeParameter is a Boolean true.
isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
 
isAuthorized(Object) - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR
Returns true if runtimeParameter is a Boolean true.
isAuthorized(Object, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
isAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file.
isAuthorizedForData(String, Object) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced data, represented as an Object.
isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
TODO Javadoc
isAuthorizedForData(String, Object) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced data, represented as an Object.
isAuthorizedForFile(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced file.
isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
TODO Javadoc
isAuthorizedForFile(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced file.
isAuthorizedForFunction(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced function.
isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
TODO Javadoc
isAuthorizedForFunction(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced function.
isAuthorizedForService(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced service.
isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
TODO Javadoc
isAuthorizedForService(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced service.
isAuthorizedForURL(String) - Method in interface org.owasp.esapi.AccessController
Checks if the current user is authorized to access the referenced URL.
isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
Deprecated. 
isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.accesscontrol.FileBasedACRs
Check if URL is authorized.
isAuthorizedForURL(String) - Method in class org.owasp.esapi.reference.DefaultAccessController
Checks if the current user is authorized to access the referenced URL.
isCipherTextMACvalid(SecretKey, CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper
If a Message Authentication Code (MAC) is required for the specified CipherText object, then attempt to validate the MAC that should be embedded within the CipherText object by using a derived key based on the specified SecretKey.
isCombinedCipherMode(String) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Return true if specified cipher mode is one of those specified in the ESAPI.properties file that supports both confidentiality and authenticity (i.e., a "combined cipher mode" as NIST refers to it).
isCommitted() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
isDebugEnabled() - Method in interface org.owasp.esapi.Logger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isDebugEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isEmpty() - Method in class org.owasp.esapi.codecs.HashTrie
isEmpty() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
isEmpty(String) - Static method in class org.owasp.esapi.StringUtilities
Returns true if String is empty ("") or null.
isEmpty() - Method in class org.owasp.esapi.ValidationErrorList
Returns true if no error are present.
isEnabled() - Method in class org.owasp.esapi.reference.DefaultUser
Checks if this user's account is currently enabled.
isEnabled() - Method in interface org.owasp.esapi.User
Checks if this user's account is currently enabled.
isErrorEnabled() - Method in interface org.owasp.esapi.Logger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isErrorEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isExpired() - Method in class org.owasp.esapi.crypto.CryptoToken
Check if token has expired yet.
isExpired() - Method in class org.owasp.esapi.reference.DefaultUser
Checks if this user's account is expired.
isExpired() - Method in interface org.owasp.esapi.User
Checks if this user's account is expired.
isFatalEnabled() - Method in interface org.owasp.esapi.Logger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isFatalEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isHexDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString
Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
isInfoEnabled() - Method in interface org.owasp.esapi.Logger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isInfoEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isInList(Map, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
 
isInList(Collection, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
 
isInList(Enumeration, String) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
 
isInRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
Checks if this user's account is assigned a particular role.
isInRole(String) - Method in interface org.owasp.esapi.User
Checks if this user's account is assigned a particular role.
isLocked() - Method in class org.owasp.esapi.reference.DefaultUser
Checks if this user's account is locked.
isLocked() - Method in interface org.owasp.esapi.User
Checks if this user's account is locked.
isLoggedIn() - Method in class org.owasp.esapi.reference.DefaultUser
Tests to see if the user is currently logged in.
isLoggedIn() - Method in interface org.owasp.esapi.User
Tests to see if the user is currently logged in.
isMACRequired(CipherText) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Check to see if a Message Authentication Code (MAC) is required for a given CipherText object and the current ESAPI.property settings.
isOctalDigit(Character) - Static method in class org.owasp.esapi.codecs.PushbackString
Returns true if the parameter character is an octal digit 0 through 7.
isRequestedSessionIdFromCookie() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
isRequestedSessionIdFromUrl() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Deprecated.
isRequestedSessionIdFromURL() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
isRequestedSessionIdValid() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
isSecure() - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
isSessionAbsoluteTimeout() - Method in class org.owasp.esapi.reference.DefaultUser
Tests to see if this user's session has exceeded the absolute time out based on ESAPI's configuration settings.
isSessionAbsoluteTimeout() - Method in interface org.owasp.esapi.User
Tests to see if this user's session has exceeded the absolute time out based on ESAPI's configuration settings.
isSessionTimeout() - Method in class org.owasp.esapi.reference.DefaultUser
Tests to see if the user's session has timed out from inactivity based on ESAPI's configuration settings.
isSessionTimeout() - Method in interface org.owasp.esapi.User
Tests to see if the user's session has timed out from inactivity based on ESAPI's configuration settings.
isSuccess() - Method in class org.owasp.esapi.Logger.EventType
 
isTraceEnabled() - Method in interface org.owasp.esapi.Logger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isTraceEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isUserInRole(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Returns true if the ESAPI User associated with this request has the specified role.
isUsingHttpOnlyFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
isUsingSecureFlagOnSessionCookie() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
isUsingWriter() - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
isValid(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
isValid(String, String) - Method in interface org.owasp.esapi.ValidationRule
 
isValidCreditCard(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidCreditCard and returns true if no exceptions are thrown.
isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidCreditCard and returns true if no exceptions are thrown.
isValidCreditCard(String, String, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidCreditCard and returns true if no exceptions are thrown.
isValidCreditCard(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidCreditCard and returns true if no exceptions are thrown.
isValidDate(String, String, DateFormat, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls isValidDate and returns true if no exceptions are thrown.
isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls isValidDate and returns true if no exceptions are thrown.
isValidDate(String, String, DateFormat, boolean) - Method in interface org.owasp.esapi.Validator
Calls isValidDate and returns true if no exceptions are thrown.
isValidDate(String, String, DateFormat, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls isValidDate and returns true if no exceptions are thrown.
isValidDirectoryPath(String, String, File, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
isValidDirectoryPath(String, String, File, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
isValidDirectoryPath(String, String, File, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidDirectoryPath and returns true if no exceptions are thrown.
isValidDouble(String, String, double, double, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidDouble and returns true if no exceptions are thrown.
isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidDouble and returns true if no exceptions are thrown.
isValidDouble(String, String, double, double, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidDouble and returns true if no exceptions are thrown.
isValidDouble(String, String, double, double, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidDouble and returns true if no exceptions are thrown.
isValidFileContent(String, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileContent and returns true if no exceptions are thrown.
isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileContent and returns true if no exceptions are thrown.
isValidFileContent(String, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidFileContent and returns true if no exceptions are thrown.
isValidFileContent(String, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidFileContent and returns true if no exceptions are thrown.
isValidFileName(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileName with the default list of allowedExtensions
isValidFileName(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileName with the default list of allowedExtensions
isValidFileName(String, String, List<String>, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileName and returns true if no exceptions are thrown.
isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileName and returns true if no exceptions are thrown.
isValidFileName(String, String, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidFileName with the default list of allowedExtensions
isValidFileName(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidFileName with the default list of allowedExtensions
isValidFileName(String, String, List<String>, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidFileName and returns true if no exceptions are thrown.
isValidFileName(String, String, List<String>, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidFileName and returns true if no exceptions are thrown.
isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileUpload and returns true if no exceptions are thrown.
isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidFileUpload and returns true if no exceptions are thrown.
isValidFileUpload(String, String, String, File, byte[], int, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidFileUpload and returns true if no exceptions are thrown.
isValidFileUpload(String, String, String, File, byte[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidFileUpload and returns true if no exceptions are thrown.
isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>) - Method in interface org.owasp.esapi.Validator
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
isValidHTTPRequestParameterSet(String, HttpServletRequest, Set<String>, Set<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
isValidInput(String, String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns true if data received from browser is valid.
isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
 
isValidInput(String, String, String, int, boolean, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
 
isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
 
isValidInput(String, String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
Calls isValidInput and returns true if no exceptions are thrown.
isValidInput(String, String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls isValidInput and returns true if no exceptions are thrown.
isValidInput(String, String, String, int, boolean, boolean) - Method in interface org.owasp.esapi.Validator
Calls isValidInput and returns true if no exceptions are thrown.
isValidInput(String, String, String, int, boolean, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls isValidInput and returns true if no exceptions are thrown.
isValidInteger(String, String, int, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidInteger and returns true if no exceptions are thrown.
isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidInteger and returns true if no exceptions are thrown.
isValidInteger(String, String, int, int, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidInteger and returns true if no exceptions are thrown.
isValidInteger(String, String, int, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidInteger and returns true if no exceptions are thrown.
isValidKDFVersion(int, boolean, boolean) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Is this particular KDF version number one that is sane? For that, we just make sure it is inbounds of the valid range which is:
isValidListItem(String, String, List<String>) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidListItem and returns true if no exceptions are thrown.
isValidListItem(String, String, List<String>, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidListItem and returns true if no exceptions are thrown.
isValidListItem(String, String, List<String>) - Method in interface org.owasp.esapi.Validator
Calls getValidListItem and returns true if no exceptions are thrown.
isValidListItem(String, String, List<String>, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidListItem and returns true if no exceptions are thrown.
isValidNumber(String, String, long, long, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidNumber and returns true if no exceptions are thrown.
isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidNumber and returns true if no exceptions are thrown.
isValidNumber(String, String, long, long, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidNumber and returns true if no exceptions are thrown.
isValidNumber(String, String, long, long, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidNumber and returns true if no exceptions are thrown.
isValidPRF(String) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
Check if specified algorithm name is a valid PRF that can be used.
isValidPrintable(String, char[], int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidPrintable(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidPrintable(String, char[], int, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidPrintable(String, char[], int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidPrintable(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidPrintable(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidPrintable and returns true if no exceptions are thrown.
isValidRedirectLocation(String, String, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns true if input is a valid redirect location.
isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Returns true if input is a valid redirect location.
isValidRedirectLocation(String, String, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidRedirectLocation and returns true if no exceptions are thrown.
isValidRedirectLocation(String, String, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidRedirectLocation and returns true if no exceptions are thrown.
isValidSafeHTML(String, String, int, boolean) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidSafeHTML and returns true if no exceptions are thrown.
isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in class org.owasp.esapi.reference.DefaultValidator
Calls getValidSafeHTML and returns true if no exceptions are thrown.
isValidSafeHTML(String, String, int, boolean) - Method in interface org.owasp.esapi.Validator
Calls getValidSafeHTML and returns true if no exceptions are thrown.
isValidSafeHTML(String, String, int, boolean, ValidationErrorList) - Method in interface org.owasp.esapi.Validator
Calls getValidSafeHTML and returns true if no exceptions are thrown.
isWarningEnabled() - Method in interface org.owasp.esapi.Logger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
isWarningEnabled() - Method in class org.owasp.esapi.reference.Log4JLogger
Allows the caller to determine if messages logged at this level will be discarded, to avoid performing expensive processing.
iterator() - Method in interface org.owasp.esapi.AccessReferenceMap
Get an iterator through the direct object references.
iterator() - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
Get an iterator through the direct object references.
itod - Variable in class org.owasp.esapi.reference.AbstractAccessReferenceMap
The Indirect to Direct Map
IV_TYPE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 

J

JavaEncryptor - Class in org.owasp.esapi.reference.crypto
Reference implementation of the Encryptor interface.
JavaLogFactory - Class in org.owasp.esapi.reference
Reference implementation of the LogFactory and Logger interfaces.
JavaLogFactory() - Constructor for class org.owasp.esapi.reference.JavaLogFactory
Null argument constructor for this implementation of the LogFactory interface needed for dynamic configuration.
JavaLogFactory.JavaLoggerLevel - Class in org.owasp.esapi.reference
A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
JavaLogFactory.JavaLoggerLevel(String, int) - Constructor for class org.owasp.esapi.reference.JavaLogFactory.JavaLoggerLevel
Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of the defined level and its numeric value.
JAVASCRIPT_REDIRECT - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
JAVASCRIPT_TARGET_TOKEN - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
JavaScriptCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for backslash encoding in JavaScript.
JavaScriptCodec() - Constructor for class org.owasp.esapi.codecs.JavaScriptCodec
 

K

KDF_PRF_ALG - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
kdfVersion - Static variable in class org.owasp.esapi.crypto.KeyDerivationFunction
 
KEY_LENGTH - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
KeyDerivationFunction - Class in org.owasp.esapi.crypto
This class implements a Key Derivation Function (KDF) and supporting methods.
KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS) - Constructor for class org.owasp.esapi.crypto.KeyDerivationFunction
Construct a KeyDerivationFunction.
KeyDerivationFunction() - Constructor for class org.owasp.esapi.crypto.KeyDerivationFunction
Construct a KeyDerivationFunction based on the ESAPI.property property, Encryptor.KDF.PRF.
KeyDerivationFunction.PRF_ALGORITHMS - Enum in org.owasp.esapi.crypto
 
keySet() - Method in class org.owasp.esapi.codecs.HashTrie
keySet() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
keySet() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
 
keySet() - Method in interface org.owasp.esapi.EncryptedProperties
Returns a Set view of properties.
keySet() - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
Returns a Set view of properties.
killAllCookies() - Method in interface org.owasp.esapi.HTTPUtilities
Calls killAllCookies with the *current* request and response.
killAllCookies(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
Kill all cookies received in the last request from the browser.
killAllCookies() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls killAllCookies with the *current* request and response.
killAllCookies(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Kill all cookies received in the last request from the browser.
killCookie(String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls killCookie with the *current* request and response.
killCookie(HttpServletRequest, HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
Kills the specified cookie by setting a new cookie that expires immediately.
killCookie(HttpServletRequest, HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Kills the specified cookie by setting a new cookie that expires immediately.
killCookie(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls killCookie with the *current* request and response.

L

length() - Method in class org.owasp.esapi.crypto.PlainText
Return the length of the UTF-8 encoded byte array representing this object.
LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
 
list(PrintStream) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
This method has been overridden to throw an UnsupportedOperationException
list(PrintWriter) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
This method has been overridden to throw an UnsupportedOperationException
load(InputStream) - Method in interface org.owasp.esapi.EncryptedProperties
Reads a property list (key and element pairs) from the input stream.
load() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
 
load(InputStream) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
Reads a property list (key and element pairs) from the input stream.
load(InputStream) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
Reads a property list (key and element pairs) from the input stream.
load(Reader) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
For JDK 1.5 compatibility, this method has been overridden convert the Reader into an InputStream and call the superclass constructor.
loadConfiguration() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Load configuration.
loaders - Variable in class org.owasp.esapi.configuration.EsapiPropertyManager
 
loadESAPIPreferredJCEProvider() - Static method in class org.owasp.esapi.crypto.SecurityProviderLoader
Load the preferred JCE provider for ESAPI based on the ESAPI.properties property Encryptor.PreferredJCEProvider.
loadProperties(String, Boolean) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
Loads a Properties file from a filename.
loadPropertiesFromFile(File) - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
Method that loads the data from configuration file to properties object.
loadPropertiesFromFile(File) - Method in class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
Methods loads configuration from .properties file.
loadPropertiesFromFile(File) - Method in class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
Methods loads configuration from .xml file.
loadUsersIfNecessary() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Load users if they haven't been loaded in a while.
loadUsersImmediately() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
 
lock() - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
This makes the map itself read only, but the mutability of objects that this map contains is not affected.
lock() - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
This makes the map itself read only, but the mutability of objects that this map contains is not affected.
lock() - Method in class org.owasp.esapi.reference.DefaultUser
Lock this user's account.
lock() - Method in interface org.owasp.esapi.User
Lock this user's account.
log() - Static method in class org.owasp.esapi.ESAPI
 
LOG - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
log(HttpServletRequest, String) - Method in class org.owasp.esapi.waf.rules.Rule
 
Log4JLogFactory - Class in org.owasp.esapi.reference
Reference implementation of the LogFactory interface.
Log4JLogFactory() - Constructor for class org.owasp.esapi.reference.Log4JLogFactory
 
Log4JLogger - Class in org.owasp.esapi.reference
Reference implementation of the Logger interface.
Log4JLogger(String) - Constructor for class org.owasp.esapi.reference.Log4JLogger
 
Log4JLoggerFactory - Class in org.owasp.esapi.reference
Implementation of the LoggerFactory interface.
Log4JLoggerFactory() - Constructor for class org.owasp.esapi.reference.Log4JLoggerFactory
This constructor must be public so it can be accessed from within log4j
LOG_APPLICATION_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
LOG_DIRECTORY - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
LOG_ENCODING_REQUIRED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
LOG_FILE_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
LOG_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
LOG_LEVEL - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
LOG_LEVEL - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
LOG_SERVER_IP - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
LogFactory - Interface in org.owasp.esapi
The LogFactory interface is intended to allow substitution of various logging packages, while providing a common interface to access them.
logger - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityException
The logger.
logger - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
The logger.
logger - Variable in exception org.owasp.esapi.errors.IntrusionException
The logger.
Logger - Interface in org.owasp.esapi
The Logger interface defines a set of methods that can be used to log security events.
logger - Variable in class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController
 
logger - Variable in class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader
 
logger - Variable in class org.owasp.esapi.reference.DefaultAccessController
 
logger - Static variable in class org.owasp.esapi.waf.rules.Rule
 
Logger.EventType - Class in org.owasp.esapi
Defines the type of log event that is being generated.
Logger.EventType(String, Boolean) - Constructor for class org.owasp.esapi.Logger.EventType
 
logHTTPRequest() - Method in interface org.owasp.esapi.HTTPUtilities
Calls logHTTPRequest with the *current* request and logger.
logHTTPRequest(HttpServletRequest, Logger) - Method in interface org.owasp.esapi.HTTPUtilities
Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.
logHTTPRequest(HttpServletRequest, Logger, List) - Method in interface org.owasp.esapi.HTTPUtilities
Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.
logHTTPRequest() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls logHTTPRequest with the *current* request and logger.
logHTTPRequest(HttpServletRequest, Logger) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Format the Source IP address, URL, URL parameters, and all form parameters into a string suitable for the log file.
logHTTPRequest(HttpServletRequest, Logger, List) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Formats an HTTP request into a log suitable string.
login() - Method in interface org.owasp.esapi.Authenticator
Calls login with the *current* request and response.
login(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.Authenticator
This method should be called for every HTTP request, to login the current user either from the session of HTTP request.
login() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Calls login with the *current* request and response.
login(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
This method should be called for every HTTP request, to login the current user either from the session of HTTP request.
loginWithPassword(String) - Method in class org.owasp.esapi.reference.DefaultUser
Login with password.
loginWithPassword(String) - Method in interface org.owasp.esapi.User
Login with password.
logMessage - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityException
 
logMessage - Variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
 
logMessage - Variable in exception org.owasp.esapi.errors.IntrusionException
 
logout() - Method in interface org.owasp.esapi.Authenticator
Logs out the current user.
logout() - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Logs out the current user.
logout() - Method in class org.owasp.esapi.reference.DefaultUser
Logout this user.
logout() - Method in interface org.owasp.esapi.User
Logout this user.
LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
 

M

main(String[]) - Static method in class org.owasp.esapi.codecs.Base64
Encodes or decodes two files from the command line; feel free to delete this method (in fact you probably should) if you're embedding this code into a larger program.
main(String...) - Static method in class org.owasp.esapi.crypto.CryptoDiscoverer
 
main(String[]) - Static method in class org.owasp.esapi.crypto.KeyDerivationFunction
Print list of ESAPI supported pseudo-random functions for KDF and KDF version information.
main(String[]) - Static method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
Deprecated.
Use EncryptedPropertiesUtils instead, which allows creating, reading, and writing encrypted properties.
main(String[]) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
Loads encrypted or plaintext properties file based on the location passed in args then prompts the user to input key-value pairs.
main(String[]) - Static method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Generates a new strongly random secret key and salt that can be copy and pasted in the ESAPI.properties file.
main(String[]) - Static method in class org.owasp.esapi.reference.FileBasedAuthenticator
Fail safe main program to add or update an account in an emergency.
make(String, String) - Static method in class org.owasp.esapi.util.ObjFactory
Create an object based on the className parameter.
makeNewLoggerInstance(String) - Method in class org.owasp.esapi.reference.Log4JLoggerFactory
Overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
mark() - Method in class org.owasp.esapi.codecs.PushbackString
 
MASTER_KEY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
MASTER_SALT - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
MAX_COOKIE_LEN - Static variable in interface org.owasp.esapi.HTTPUtilities
 
MAX_COOKIE_PAIRS - Static variable in interface org.owasp.esapi.HTTPUtilities
 
MAX_FILE_NAME_LENGTH - Variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Deprecated.
It is not clear whether this is intended to be the max file name length for the basename(1) of a file or the max full path name length of a canonical full path name. Since it is not used anywhere in the ESAPI code it is being deprecated and scheduled to be removed in release 2.1.
MAX_HTTP_HEADER_SIZE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
MAX_LOG_FILE_SIZE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
MAX_OLD_PASSWORD_HASHES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
MAX_REDIRECT_LOCATION - Variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
MAX_UPLOAD_FILE_BYTES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
maxLength - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
 
minLength - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
 
MustMatchRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <must-match> rules.
MustMatchRule(String, Pattern, String, int, String) - Constructor for class org.owasp.esapi.waf.rules.MustMatchRule
 
MYSQL_MODE - Static variable in class org.owasp.esapi.codecs.MySQLCodec
Target MySQL Server is running in Standard MySQL (Default) mode.
MySQLCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for MySQL strings.
MySQLCodec(int) - Constructor for class org.owasp.esapi.codecs.MySQLCodec
Deprecated. 
MySQLCodec(MySQLCodec.Mode) - Constructor for class org.owasp.esapi.codecs.MySQLCodec
Instantiate the MySQL Codec with the given SQL MySQLCodec.Mode.
MySQLCodec.Mode - Enum in org.owasp.esapi.codecs
Specifies the SQL Mode the target MySQL Server is running with.

N

name() - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
 
name - Variable in class org.owasp.esapi.SecurityConfiguration.Threshold
The name of this threshold.
next() - Method in class org.owasp.esapi.codecs.PushbackString
 
nextHex() - Method in class org.owasp.esapi.codecs.PushbackString
 
nextOctal() - Method in class org.owasp.esapi.codecs.PushbackString
 
NO_OPTIONS - Static variable in class org.owasp.esapi.codecs.Base64
No options specified.
notNullOrEmpty(String, boolean) - Static method in class org.owasp.esapi.StringUtilities
Check to ensure that a String is not null or empty (after optional trimming of leading and trailing whitespace).
NullSafe - Class in org.owasp.esapi.util
 
NumberValidationRule - Class in org.owasp.esapi.reference.validation
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
NumberValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.NumberValidationRule
 
NumberValidationRule(String, Encoder, double, double) - Constructor for class org.owasp.esapi.reference.validation.NumberValidationRule
 

O

ObjFactory - Class in org.owasp.esapi.util
A generic object factory to create an object of class T.
OFF - Static variable in interface org.owasp.esapi.Logger
OFF indicates that no messages should be logged.
OPERATOR_CONTAINS - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
OPERATOR_EQ - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
OPERATOR_EXISTS - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
OPERATOR_IN_LIST - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
OracleCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for Oracle strings.
OracleCodec() - Constructor for class org.owasp.esapi.codecs.OracleCodec
 
ORDERED - Static variable in class org.owasp.esapi.codecs.Base64
Encode using the special "ordered" dialect of Base64 described here: http://www.faqs.org/qa/rfcc-1940.html.
org.owasp.esapi - package org.owasp.esapi
The ESAPI interfaces and Exception classes model the most important security functions to enterprise web applications.
org.owasp.esapi.codecs - package org.owasp.esapi.codecs
This package contains codecs for application layer encoding/escaping schemes that can be used for both canonicalization and output encoding.
org.owasp.esapi.configuration - package org.owasp.esapi.configuration
 
org.owasp.esapi.configuration.consts - package org.owasp.esapi.configuration.consts
 
org.owasp.esapi.crypto - package org.owasp.esapi.crypto
This package contains ESAPI cryptography-related classes used throughout ESAPI.
org.owasp.esapi.errors - package org.owasp.esapi.errors
A set of exception classes designed to model the error conditions that frequently arise in enterprise web applications and web services.
org.owasp.esapi.filters - package org.owasp.esapi.filters
This package contains several filters that demonstrate ways of using the ESAPI security controls in front of your application.
org.owasp.esapi.reference - package org.owasp.esapi.reference
This package contains reference implementations of the ESAPI interfaces.
org.owasp.esapi.reference.accesscontrol - package org.owasp.esapi.reference.accesscontrol
 
org.owasp.esapi.reference.accesscontrol.policyloader - package org.owasp.esapi.reference.accesscontrol.policyloader
 
org.owasp.esapi.reference.crypto - package org.owasp.esapi.reference.crypto
This package contains the reference implementation for some of the ESAPI cryptography-related classes used throughout ESAPI.
org.owasp.esapi.reference.validation - package org.owasp.esapi.reference.validation
This package contains data format-specific validation rule functions.
org.owasp.esapi.tags - package org.owasp.esapi.tags
This package contains sample JSP tags that demonstrate how to use the ESAPI functions to protect an application from within a JSP page.
org.owasp.esapi.util - package org.owasp.esapi.util
This package contains ESAPI utility classes used throughout the reference implementation of ESAPI but may also be directly useful.
org.owasp.esapi.waf - package org.owasp.esapi.waf
This package contains the ESAPI Web Application Firewall (WAF).
org.owasp.esapi.waf.actions - package org.owasp.esapi.waf.actions
This package contains the Action objects that are executed after a Rule subclass executes.
org.owasp.esapi.waf.configuration - package org.owasp.esapi.waf.configuration
This package contains the both the configuration object model and the utility class to create that object model from an existing policy file.
org.owasp.esapi.waf.internal - package org.owasp.esapi.waf.internal
This package contains all HTTP-related classes used internally by the WAF for the implementation of its rules.
org.owasp.esapi.waf.rules - package org.owasp.esapi.waf.rules
This package contains all of the Rule subclasses that correspond to policy file entries.
originalVersion - Static variable in class org.owasp.esapi.crypto.KeyDerivationFunction
Used to support backward compatibility.
override(SecurityConfiguration) - Static method in class org.owasp.esapi.ESAPI
Overrides the current security configuration with a new implementation.
overwrite(byte[], byte) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Overwrite a byte array with a specified byte.
overwrite(byte[]) - Static method in class org.owasp.esapi.crypto.CryptoHelper
Overwrite a byte array with the byte containing '*'.
overwrite() - Method in class org.owasp.esapi.crypto.PlainText
First overwrite the bytes of plaintext with the character '*'.
overwritePlainText() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Indicates whether the PlainText objects may be overwritten after they have been encrypted.
overwritePlainText() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.

P

PARAMETER - Static variable in interface org.owasp.esapi.HTTPUtilities
 
Parameter - Class in org.owasp.esapi.waf.internal
A simple object to represent a name=value HTTP parameter.
Parameter(String, String, boolean) - Constructor for class org.owasp.esapi.waf.internal.Parameter
 
PASSWORD_DIGITS - Static variable in class org.owasp.esapi.EncoderConstants
 
PASSWORD_LETTERS - Static variable in class org.owasp.esapi.EncoderConstants
 
PASSWORD_LOWERS - Static variable in class org.owasp.esapi.EncoderConstants
 
PASSWORD_PARAMETER_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
PASSWORD_SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
 
PASSWORD_UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
 
PathExtensionRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <restrict-extension> rules.
PathExtensionRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.PathExtensionRule
 
peek() - Method in class org.owasp.esapi.codecs.PushbackString
Return the next character without affecting the current index.
peek(char) - Method in class org.owasp.esapi.codecs.PushbackString
Test to see if the next character is a particular value without affecting the current index.
PercentCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for percent encoding (aka URL encoding).
PercentCodec() - Constructor for class org.owasp.esapi.codecs.PercentCodec
 
PlainText - Class in org.owasp.esapi.crypto
A class representing plaintext (versus ciphertext) as related to cryptographic systems.
PlainText(String) - Constructor for class org.owasp.esapi.crypto.PlainText
Construct a PlainText object from a String.
PlainText(byte[]) - Constructor for class org.owasp.esapi.crypto.PlainText
Construct a PlainText object from a byte array.
PLAINTEXT_OVERWRITE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
PolicyDTO - Class in org.owasp.esapi.reference.accesscontrol.policyloader
The point of the loaders is to create this
PolicyDTO() - Constructor for class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
 
policyParameters - Variable in class org.owasp.esapi.reference.accesscontrol.BaseACR
 
PolicyParameters - Interface in org.owasp.esapi.reference.accesscontrol.policyloader
 
policyProperties - Variable in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
PREFERRED_JCE_PROVIDER - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
PreparedString - Class in org.owasp.esapi
A parameterized string that uses escaping to make untrusted data safe before combining it with a command or query intended for use in an interpreter.
PreparedString(String, Codec) - Constructor for class org.owasp.esapi.PreparedString
Create a PreparedString with the supplied template and Codec.
PreparedString(String, char, Codec) - Constructor for class org.owasp.esapi.PreparedString
Create a PreparedString with the supplied template, parameter placeholder character, and Codec.
print(boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(double) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(float) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(long) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(Object) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
print(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
PRINT_PROPERTIES_WHEN_LOADED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
printf(Locale, String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
printf(String, Object...) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(boolean) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(char) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(double) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(float) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(long) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(Object) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
println(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
priority() - Method in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
Get priority of this property loader.
properties - Variable in class org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
 
pushback(Character) - Method in class org.owasp.esapi.codecs.PushbackString
 
PushbackString - Class in org.owasp.esapi.codecs
The pushback string is used by Codecs to allow them to push decoded characters back onto a string for further decoding.
PushbackString(String) - Constructor for class org.owasp.esapi.codecs.PushbackString
 
put(CharSequence, T) - Method in class org.owasp.esapi.codecs.HashTrie
Add mapping.
put(CharSequence, T) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
put(CharSequence, T) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
 
put(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
put(String, Object) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
This is a convenience method for developers that prefer to think of this as a map instead of being bean-like.
put(Object, Object) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
This method has been overridden to only accept Strings for key and value, and to encrypt those Strings before storing them.
putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.HashTrie
putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
putAll(Map<? extends CharSequence, ? extends T>) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
 

R

RANDOM_ALGORITHM - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
RandomAccessReferenceMap - Class in org.owasp.esapi.reference
Reference implementation of the AccessReferenceMap interface.
RandomAccessReferenceMap(int) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
 
RandomAccessReferenceMap() - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
This AccessReferenceMap implementation uses short random strings to create a layer of indirection.
RandomAccessReferenceMap(Set<Object>) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
 
RandomAccessReferenceMap(Set<Object>, int) - Constructor for class org.owasp.esapi.reference.RandomAccessReferenceMap
 
randomizer() - Static method in class org.owasp.esapi.ESAPI
 
Randomizer - Interface in org.owasp.esapi
The Randomizer interface defines a set of methods for creating cryptographically random numbers and strings.
RANDOMIZER_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
read() - Method in class org.owasp.esapi.codecs.Base64.InputStream
Reads enough of the input stream to convert to/from Base64 and returns the next byte.
read(byte[], int, int) - Method in class org.owasp.esapi.codecs.Base64.InputStream
Calls Base64.InputStream.read() repeatedly until the end of stream is reached or len bytes are read.
readConfigurationFile(InputStream, String) - Static method in class org.owasp.esapi.waf.configuration.ConfigurationParser
 
REDIRECT - Static variable in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
RedirectAction - Class in org.owasp.esapi.waf.actions
The class that indicates the user should be redirected to another location.
RedirectAction() - Constructor for class org.owasp.esapi.waf.actions.RedirectAction
 
ReferenceEncryptedProperties - Class in org.owasp.esapi.reference.crypto
Reference implementation of the EncryptedProperties interface.
ReferenceEncryptedProperties() - Constructor for class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
Instantiates a new encrypted properties.
ReferenceEncryptedProperties(Properties) - Constructor for class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
 
remainder() - Method in class org.owasp.esapi.codecs.PushbackString
 
REMEMBER_TOKEN_COOKIE_NAME - Static variable in interface org.owasp.esapi.HTTPUtilities
 
REMEMBER_TOKEN_DURATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
remove(Object) - Method in class org.owasp.esapi.codecs.HashTrie
Remove a entry.
remove(Object) - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
remove(CharSequence) - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
 
removeAttribute(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
removeDirectReference(T) - Method in interface org.owasp.esapi.AccessReferenceMap
Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
removeDirectReference(T) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
removeRole(String) - Method in class org.owasp.esapi.reference.DefaultUser
Removes a role from this user's account.
removeRole(String) - Method in interface org.owasp.esapi.User
Removes a role from this user's account.
removeSession(HttpSession) - Method in class org.owasp.esapi.reference.DefaultUser
Removes a session for this User.
removeSession(HttpSession) - Method in interface org.owasp.esapi.User
Removes a session for this User.
removeUser(String) - Method in interface org.owasp.esapi.Authenticator
Removes the account of the specified accountName.
removeUser(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Removes the account of the specified accountName.
ReplaceContentRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <dynamic-insertion> rules.
ReplaceContentRule(String, Pattern, String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.ReplaceContentRule
 
replaceLinearWhiteSpace(String) - Static method in class org.owasp.esapi.StringUtilities
 
replaceNull(String, String) - Static method in class org.owasp.esapi.StringUtilities
Returns the replace value if the value of test is null, "null", or ""
RequestRateThrottleFilter - Class in org.owasp.esapi.filters
A simple servlet filter that limits the request rate to a certain threshold of requests per second.
RequestRateThrottleFilter() - Constructor for class org.owasp.esapi.filters.RequestRateThrottleFilter
 
requiresIV() - Method in class org.owasp.esapi.crypto.CipherSpec
Return true if the cipher mode requires an IV.
requiresIV() - Method in class org.owasp.esapi.crypto.CipherText
Return true if the cipher mode used requires an IV.
reset() - Method in class org.owasp.esapi.codecs.PushbackString
 
reset() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
reset() - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
resetBuffer() - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
resetCSRFToken() - Method in class org.owasp.esapi.reference.DefaultUser
Returns a token to be used as a prevention against CSRF attacks.
resetCSRFToken() - Method in interface org.owasp.esapi.User
Returns a token to be used as a prevention against CSRF attacks.
RESPONSE_CONTENT_TYPE - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
RestrictContentTypeRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <dynamic-insertion> rules.
RestrictContentTypeRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.RestrictContentTypeRule
 
RestrictUserAgentRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <restrict-user-agent> rules.
RestrictUserAgentRule(String, Pattern, Pattern) - Constructor for class org.owasp.esapi.waf.rules.RestrictUserAgentRule
 
resumeEncoding() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
Resumes encoding of the stream.
Rule - Class in org.owasp.esapi.waf.rules
This is the base class for the WAF rules.
Rule() - Constructor for class org.owasp.esapi.waf.rules.Rule
 
RuleUtil - Class in org.owasp.esapi.waf.rules
This is a small utility class for use by Rule subclasses.
RuleUtil() - Constructor for class org.owasp.esapi.waf.rules.RuleUtil
 

S

SafeFile - Class in org.owasp.esapi
Extension to java.io.File to prevent against null byte injections and other unforeseen problems resulting from unprintable characters causing problems in path lookups.
SafeFile(String) - Constructor for class org.owasp.esapi.SafeFile
 
SafeFile(String, String) - Constructor for class org.owasp.esapi.SafeFile
 
SafeFile(File, String) - Constructor for class org.owasp.esapi.SafeFile
 
SafeFile(URI) - Constructor for class org.owasp.esapi.SafeFile
 
safeReadLine(InputStream, int) - Method in class org.owasp.esapi.reference.DefaultValidator
Reads from an input stream until end-of-line or a maximum number of characters.
safeReadLine(InputStream, int) - Method in interface org.owasp.esapi.Validator
Reads from an input stream until end-of-line or a maximum number of characters.
sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.HTMLValidationRule
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.IntegerValidationRule
 
sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.NumberValidationRule
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
sanitize(String, String) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
saveUsers() - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Saves the user database to the file system.
saveUsers(PrintWriter) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Save users.
seal(String, long) - Method in interface org.owasp.esapi.Encryptor
Creates a seal that binds a set of data and includes an expiration timestamp.
seal(String, long) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Creates a seal that binds a set of data and includes an expiration timestamp.
SECURITY_AUDIT - Static variable in interface org.owasp.esapi.Logger
A security type of log event that is associated with an audit trail of some type, but the log event is not specifically something that has either succeeded or failed or that is irrelevant in the case of this logged message.
SECURITY_FAILURE - Static variable in interface org.owasp.esapi.Logger
A security type of log event that has failed.
SECURITY_SUCCESS - Static variable in interface org.owasp.esapi.Logger
A security type of log event that has succeeded.
securityConfiguration() - Static method in class org.owasp.esapi.ESAPI
 
SecurityConfiguration - Interface in org.owasp.esapi
The SecurityConfiguration interface stores all configuration information that directs the behavior of the ESAPI implementation.
SecurityConfiguration.Threshold - Class in org.owasp.esapi
Models a simple threshold as a count and an interval, along with a set of actions to take if the threshold is exceeded.
SecurityConfiguration.Threshold(String, int, long, List<String>) - Constructor for class org.owasp.esapi.SecurityConfiguration.Threshold
Constructs a threshold that is composed of its name, its threshold count, the time window for the threshold, and the actions to take if the threshold is triggered.
SecurityProviderLoader - Class in org.owasp.esapi.crypto
This class provides a generic static method that loads a java.security.Provider either by some generic name (i.e., Provider.getName()) or by a fully-qualified class name.
SecurityProviderLoader() - Constructor for class org.owasp.esapi.crypto.SecurityProviderLoader
 
SecurityWrapper - Class in org.owasp.esapi.filters
This filter wraps the incoming request and outgoing response and overrides many methods with safer versions.
SecurityWrapper() - Constructor for class org.owasp.esapi.filters.SecurityWrapper
 
SecurityWrapperRequest - Class in org.owasp.esapi.filters
This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible.
SecurityWrapperRequest(HttpServletRequest) - Constructor for class org.owasp.esapi.filters.SecurityWrapperRequest
Construct a safe request that overrides the default request methods with safer versions.
SecurityWrapperResponse - Class in org.owasp.esapi.filters
This response wrapper simply overrides unsafe methods in the HttpServletResponse API with safe versions.
SecurityWrapperResponse(HttpServletResponse) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse
Construct a safe response that overrides the default response methods with safer versions.
SecurityWrapperResponse(HttpServletResponse, String) - Constructor for class org.owasp.esapi.filters.SecurityWrapperResponse
 
sendError(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Override the error code with a 200 in order to confound attackers using automated scanners.
sendError(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Override the error code with a 200 in order to confound attackers using automated scanners.
sendForward(String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls sendForward with the *current* request and response.
sendForward(HttpServletRequest, HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
This method performs a forward to any resource located inside the WEB-INF directory.
sendForward(HttpServletRequest, HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
This method performs a forward to any resource located inside the WEB-INF directory.
sendForward(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls sendForward with the *current* request and response.
sendRedirect(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
This method generates a redirect response that can only be used to redirect the browser to safe locations, as configured in the ESAPI security configuration.
sendRedirect(String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls sendRedirect with the *current* response.
sendRedirect(HttpServletResponse, String) - Method in interface org.owasp.esapi.HTTPUtilities
This method performs a forward to any resource located inside the WEB-INF directory.
sendRedirect(HttpServletResponse, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
This method performs a forward to any resource located inside the WEB-INF directory.
sendRedirect(String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls sendRedirect with the *current* response.
serialVersionUID - Static variable in exception org.owasp.esapi.errors.ConfigurationException
 
serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityException
 
serialVersionUID - Static variable in exception org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
 
serialVersionUID - Static variable in exception org.owasp.esapi.errors.ValidationException
 
serialVersionUID - Static variable in class org.owasp.esapi.reference.JavaLogFactory.JavaLoggerLevel
 
set(int, String) - Method in class org.owasp.esapi.PreparedString
Set the parameter at index with supplied value using the default Codec to escape.
set(int, String, Codec) - Method in class org.owasp.esapi.PreparedString
Set the parameter at index with supplied value using the supplied Codec to escape.
set(String, Object) - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
set(String, Object) - Method in interface org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters
This works just like a Map, except it will throw an exception if lock() has been called.
setAccountName(String) - Method in class org.owasp.esapi.reference.DefaultUser
Sets this user's account name.
setAccountName(String) - Method in interface org.owasp.esapi.User
Sets this user's account name.
setActionNecessary(boolean) - Method in class org.owasp.esapi.waf.actions.Action
 
setAllowableContentRoot(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
 
setAllowNull(boolean) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
Whether or not a valid valid can be null.
setAllowNull(boolean) - Method in interface org.owasp.esapi.ValidationRule
Whether or not a valid valid can be null.
setApplyHTTPOnlyFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
setApplySecureFlagToSessionCookie(boolean) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
setAttribute(String, String) - Method in class org.owasp.esapi.crypto.CryptoToken
Set a name/value pair as an attribute.
setAttribute(String, Object) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Same as HttpServletRequest, no security changes required.
setBlockSize(int) - Method in class org.owasp.esapi.crypto.CipherSpec
Set the block size for this CipherSpec.
setBufferSize(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperRequest
Sets the character encoding scheme to the ESAPI configured encoding scheme.
setCharacterEncoding(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Sets the character encoding to the ESAPI configured encoding.
setCiphertext(byte[]) - Method in class org.owasp.esapi.crypto.CipherText
Set the raw ciphertext.
setCipherTransformation(String) - Method in class org.owasp.esapi.crypto.CipherSpec
Set the cipher transformation for this CipherSpec.
setCipherTransformation(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Set the cipher transformation.
setCipherTransformation(String) - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
To be replaced by new class in ESAPI 2.1, but here if you need it until then. Details of replacement forthcoming to ESAPI-Dev list. Most likely to be replaced by a new public CTOR for JavaEncryptor that takes a list of properties to override.
setConfiguration(String, String) - Method in class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
This function is used in testing to dynamically alter the configuration.
setContentLength(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
setContentType(String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
setContentType() - Method in interface org.owasp.esapi.HTTPUtilities
Calls setContentType with the *current* request and response.
setContentType(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
Set the content type character encoding header on every HttpServletResponse in order to limit the ways in which the input data can be represented.
setContentType() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls setContentType with the *current* request and response.
setContentType(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Set the content type character encoding header on every HttpServletResponse in order to limit the ways in which the input data can be represented.
setContentType(String) - Method in class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
 
setContext(String) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
Set the 'context' as specified by NIST Special Publication 800-108.
setContext(String) - Method in exception org.owasp.esapi.errors.ValidationException
Set's the UI reference that caused this ValidationException
setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout ESAPI (and elsewhere)
setCurrentHTTP(HttpServletRequest, HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout ESAPI (and elsewhere)
setCurrentUser(User) - Method in interface org.owasp.esapi.Authenticator
Sets the currently logged in User.
setCurrentUser(User) - Method in class org.owasp.esapi.reference.AbstractAuthenticator
Sets the currently logged in User.
setDateFormat(DateFormat) - Method in class org.owasp.esapi.reference.validation.DateValidationRule
 
setDateHeader(String, long) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Add a date header to the response after ensuring that there are no encoded or illegal characters in the name.
setDefaultErrorPage(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
setDefaultResponseCode(int) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
setEncoder(Encoder) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
setEncoder(Encoder) - Method in interface org.owasp.esapi.ValidationRule
 
setEncoding(String) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
Set the encoding used to convert the content to bytes for encoding.
setError() - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
setExpiration(int) - Method in class org.owasp.esapi.crypto.CryptoToken
Set expiration time to expire in 'interval' seconds (NOT milliseconds).
setExpiration(Date) - Method in class org.owasp.esapi.crypto.CryptoToken
Set expiration time for a specific date/time.
setExpirationTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
Sets the date and time when this user's account will expire.
setExpirationTime(Date) - Method in interface org.owasp.esapi.User
Sets the date and time when this user's account will expire.
setFailed(boolean) - Method in class org.owasp.esapi.waf.actions.Action
 
setHeader(String, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.
setHeader(String, String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls setHeader with the *current* response.
setHeader(HttpServletResponse, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.
setHeader(HttpServletResponse, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value.
setHeader(String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls setHeader with the *current* response.
setId(String) - Method in class org.owasp.esapi.waf.rules.Rule
 
setIntHeader(String, int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Add an int header to the response after ensuring that there are no encoded or illegal characters in the name.
setIV(byte[]) - Method in class org.owasp.esapi.crypto.CipherSpec
Set the initialization vector (IV).
setIVandCiphertext(byte[], byte[]) - Method in class org.owasp.esapi.crypto.CipherText
Set the IV and raw ciphertext.
setKDF_PRF(int) - Method in class org.owasp.esapi.crypto.CipherText
 
setKDFVersion(int) - Method in class org.owasp.esapi.crypto.CipherText
 
setKeySize(int) - Method in class org.owasp.esapi.crypto.CipherSpec
Set the key size for this CipherSpec.
setLastFailedLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
Set the time of the last failed login for this user.
setLastFailedLoginTime(Date) - Method in interface org.owasp.esapi.User
Set the time of the last failed login for this user.
setLastHostAddress(String) - Method in class org.owasp.esapi.reference.DefaultUser
Set the last remote host address used by this user.
setLastHostAddress(String) - Method in interface org.owasp.esapi.User
Set the last remote host address used by this user.
setLastLoginTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
Set the time of the last successful login for this user.
setLastLoginTime(Date) - Method in interface org.owasp.esapi.User
Set the time of the last successful login for this user.
setLastPasswordChangeTime(Date) - Method in class org.owasp.esapi.reference.DefaultUser
Set the time of the last password change for this user.
setLastPasswordChangeTime(Date) - Method in interface org.owasp.esapi.User
Set the time of the last password change for this user.
setLevel(int) - Method in interface org.owasp.esapi.Logger
Dynamically set the ESAPI logging severity level.
setLevel(int) - Method in class org.owasp.esapi.reference.Log4JLogger
Dynamically set the ESAPI logging severity level.
setLocale(Locale) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Same as HttpServletResponse, no security changes required.
setLocale(Locale) - Method in class org.owasp.esapi.reference.DefaultUser
 
setLocale(Locale) - Method in interface org.owasp.esapi.User
 
setLogDirectory(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
Deprecated.
setLogLevel(Level) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
Deprecated.
setMaxCardLength(int) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
 
setMaximumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
 
setMinimumLength(int) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
 
setName(String) - Method in class org.owasp.esapi.waf.internal.Parameter
 
setNoCacheHeaders() - Method in interface org.owasp.esapi.HTTPUtilities
Calls setNoCacheHeaders with the *current* response.
setNoCacheHeaders(HttpServletResponse) - Method in interface org.owasp.esapi.HTTPUtilities
Set headers to protect sensitive information against being cached in the browser.
setNoCacheHeaders() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls setNoCacheHeaders with the *current* response.
setNoCacheHeaders(HttpServletResponse) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Set headers to protect sensitive information against being cached in the browser.
setPolicyParameters(P) - Method in interface org.owasp.esapi.AccessControlRule
 
setPolicyParameters(P) - Method in class org.owasp.esapi.reference.accesscontrol.BaseACR
 
setPolicyParameters(DynaBeanACRParameter) - Method in class org.owasp.esapi.reference.accesscontrol.DelegatingACR
 
setProperty(String, String) - Method in interface org.owasp.esapi.EncryptedProperties
Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.
setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.
setProperty(String, String) - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
Encrypts the plaintext property value and stores the ciphertext value in the encrypted store.
setRedirectURL(String) - Method in class org.owasp.esapi.waf.actions.RedirectAction
 
setRememberToken(String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
Calls setNoCacheHeaders with the *current* response.
setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in interface org.owasp.esapi.HTTPUtilities
Set a cookie containing the current User's remember me token for automatic authentication.
setRememberToken(HttpServletRequest, HttpServletResponse, String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Set a cookie containing the current User's remember me token for automatic authentication.
setRememberToken(String, int, String, String) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls setNoCacheHeaders with the *current* response.
setResourceDirectory(String) - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Sets the ESAPI resource directory.
setResourceDirectory(String) - Method in interface org.owasp.esapi.SecurityConfiguration
Sets the ESAPI resource directory.
setResponseBytes(byte[]) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
setRoles(Set<String>) - Method in class org.owasp.esapi.reference.DefaultUser
Sets the roles for this account.
setRoles(Set<String>) - Method in interface org.owasp.esapi.User
Sets the roles for this account.
setScreenName(String) - Method in class org.owasp.esapi.reference.DefaultUser
Sets the screen name (username alias) for this user.
setScreenName(String) - Method in interface org.owasp.esapi.User
Sets the screen name (username alias) for this user.
setSessionCookieName(String) - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
setStatus(int) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Override the status code with a 200 in order to confound attackers using automated scanners.
setStatus(int, String) - Method in class org.owasp.esapi.filters.SecurityWrapperResponse
Deprecated.
In Servlet spec 2.1.
setStringValidatorRule(StringValidationRule) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
 
setTypeName(String) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
setTypeName(String) - Method in interface org.owasp.esapi.ValidationRule
 
setUserAccountName(String) - Method in class org.owasp.esapi.crypto.CryptoToken
Set the user account name associated with this cryptographic token object.
setValidateInputAndCanonical(boolean) - Method in class org.owasp.esapi.reference.validation.StringValidationRule
Set the flag which determines whether the in input itself is checked as well as the canonical form of the input.
setValue(String) - Method in class org.owasp.esapi.waf.internal.Parameter
 
setVersion(int) - Method in class org.owasp.esapi.crypto.KeyDerivationFunction
Set version so backward compatibility can be supported.
setWrap(boolean) - Method in class org.owasp.esapi.tags.EncodeForBase64Tag
Set whether line wrapping at 64 characters is performed.
shouldPrintProperties() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
sign(String) - Method in interface org.owasp.esapi.Encryptor
Create a digital signature for the provided data and return it in a string.
sign(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Create a digital signature for the provided data and return it in a string.
SimpleVirtualPatchRule - Class in org.owasp.esapi.waf.rules
This is the Rule subclass executed for <virtual-patch> rules.
SimpleVirtualPatchRule(String, Pattern, String, Pattern, String) - Constructor for class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule
 
size() - Method in class org.owasp.esapi.codecs.HashTrie
Get the number of entries.
size() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
size() - Method in class org.owasp.esapi.ValidationErrorList
Returns the numbers of errors present.
SPECIALS - Static variable in class org.owasp.esapi.EncoderConstants
 
StandardEsapiPropertyLoader - Class in org.owasp.esapi.configuration
Loader capable of loading single security configuration property from standard java properties configuration file.
StandardEsapiPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.StandardEsapiPropertyLoader
 
store(OutputStream, String) - Method in interface org.owasp.esapi.EncryptedProperties
Writes this property list (key and element pairs) in this Properties table to the output stream in a format suitable for loading into a Properties table using the load method.
store(OutputStream, String) - Method in class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
Writes this property list (key and element pairs) in this Properties table to the output stream in a format suitable for loading into a Properties table using the load method.
storeProperties(String, Properties, String) - Static method in class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils
Stores a Properties object to a file.
StringUtilities - Class in org.owasp.esapi
String utilities used in various filters.
StringUtilities() - Constructor for class org.owasp.esapi.StringUtilities
 
StringValidationRule - Class in org.owasp.esapi.reference.validation
A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
StringValidationRule(String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
 
StringValidationRule(String, Encoder) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
 
StringValidationRule(String, Encoder, String) - Constructor for class org.owasp.esapi.reference.validation.StringValidationRule
 
stripControls(String) - Static method in class org.owasp.esapi.StringUtilities
Removes all unprintable characters from a string and replaces with a space.
strToChars(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
Convert a String to a char array
strToSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
Convert a String to a set of characters.
strToUnmodifiableSet(String) - Static method in class org.owasp.esapi.util.CollectionsUtil
Convert a String to a unmodifiable set of characters.
suspendEncoding() - Method in class org.owasp.esapi.codecs.Base64.OutputStream
Suspends encoding of the stream.

T

testValue(String, String, int) - Static method in class org.owasp.esapi.waf.rules.RuleUtil
 
toHex(char) - Static method in class org.owasp.esapi.codecs.Codec
 
toHex(byte[], boolean) - Static method in class org.owasp.esapi.codecs.Hex
Output byte representation as hexadecimal representation.
toInt(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil
Converts a given byte array to an int.
toLong(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil
Converts a given byte array to a long.
toOctal(char) - Static method in class org.owasp.esapi.codecs.Codec
 
toShort(byte[]) - Static method in class org.owasp.esapi.util.ByteConversionUtil
Converts a given byte array to an short.
toString() - Method in class org.owasp.esapi.codecs.HashTrie
toString() - Method in class org.owasp.esapi.crypto.CipherSpec
Override Object.toString() to provide something more useful.
toString() - Method in class org.owasp.esapi.crypto.CipherText
More useful toString() method.
toString() - Method in class org.owasp.esapi.crypto.PlainText
Convert the PlainText object to a UTF-8 encoded String.
toString() - Method in class org.owasp.esapi.ExecuteResult
 
toString() - Method in class org.owasp.esapi.Logger.EventType
Convert the EventType to a string.
toString() - Method in class org.owasp.esapi.PreparedString
Render the PreparedString by combining the template with properly escaped parameters.
toString() - Method in class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter
 
toString() - Method in class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO
 
toString() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
This method has been overridden to not print out the keys and values stored in this properties file.
toString() - Method in class org.owasp.esapi.reference.DefaultUser
toString(Object) - Static method in class org.owasp.esapi.util.NullSafe
Object.toString() of an object.
toString() - Method in class org.owasp.esapi.waf.configuration.AppGuardianConfiguration
 
toString() - Method in class org.owasp.esapi.waf.rules.Rule
 
TRACE - Static variable in interface org.owasp.esapi.Logger
TRACE indicates that TRACE messages and above should be logged.
trace(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
Log a trace level security event if 'trace' level logging is enabled.
trace(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
Log a trace level security event if 'trace' level logging is enabled and also record the stack trace associated with the event.
trace(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a trace level security event if 'trace' level logging is enabled and also record the stack trace associated with the event.
trace(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a trace level security event if 'trace' level logging is enabled.
trace(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
trace(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Trie<T> - Interface in org.owasp.esapi.codecs
 
Trie.TrieProxy<T> - Class in org.owasp.esapi.codecs
 
Trie.Unmodifiable<T> - Class in org.owasp.esapi.codecs
 
Trie.Util - Class in org.owasp.esapi.codecs
 

U

union(char[]...) - Static method in class org.owasp.esapi.StringUtilities
Union multiple character arrays.
UnixCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for '\' encoding from Unix command shell.
UnixCodec() - Constructor for class org.owasp.esapi.codecs.UnixCodec
 
unlock() - Method in class org.owasp.esapi.reference.DefaultUser
Unlock this user's account.
unlock() - Method in interface org.owasp.esapi.User
Unlock this user's account.
unseal(String) - Method in interface org.owasp.esapi.Encryptor
Unseals data (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or decryption error.
unseal(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Unseals data (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or decryption error.
update(Set) - Method in interface org.owasp.esapi.AccessReferenceMap
Updates the access reference map with a new set of direct references, maintaining any existing indirect references associated with items that are in the new list.
update(Set) - Method in class org.owasp.esapi.reference.AbstractAccessReferenceMap
Updates the access reference map with a new set of direct references, maintaining any existing indirect references associated with items that are in the new list.
updateToken(int) - Method in class org.owasp.esapi.crypto.CryptoToken
Update the (current) expiration time by adding the specified number of seconds to it and then re-encrypting with the current SecretKey that was used to construct this object.
UPLOAD_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
UPLOAD_TEMP_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
UPPERS - Static variable in class org.owasp.esapi.EncoderConstants
 
URL_SAFE - Static variable in class org.owasp.esapi.codecs.Base64
Encode using Base64-like encoding that is URL- and Filename-safe as described in Section 4 of RFC3548: http://www.faqs.org/rfcs/rfc3548.html.
useMACforCipherText() - Method in class org.owasp.esapi.reference.DefaultSecurityConfiguration
Determines whether the CipherText should be used with a Message Authentication Code (MAC).
useMACforCipherText() - Method in interface org.owasp.esapi.SecurityConfiguration
Deprecated.
Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
USER - Static variable in class org.owasp.esapi.reference.AbstractAuthenticator
Key for user in session
User - Interface in org.owasp.esapi
The User interface represents an application user or user account.
USERNAME_PARAMETER_NAME - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 

V

validateInputAndCanonical - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
 
validateMAC(SecretKey) - Method in class org.owasp.esapi.crypto.CipherText
Validate the message authentication code (MAC) associated with the ciphertext.
VALIDATION_PROPERTIES - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
VALIDATION_PROPERTIES_MULTIVALUED - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
ValidationAvailabilityException - Exception in org.owasp.esapi.errors
 
ValidationAvailabilityException() - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException
Instantiates a new validation exception.
ValidationAvailabilityException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException
Create a new ValidationException
ValidationAvailabilityException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationAvailabilityException
Create a new ValidationException
ValidationErrorList - Class in org.owasp.esapi
The ValidationErrorList class defines a well-formed collection of ValidationExceptions so that groups of validation functions can be called in a non-blocking fashion.
ValidationErrorList() - Constructor for class org.owasp.esapi.ValidationErrorList
 
ValidationException - Exception in org.owasp.esapi.errors
A ValidationException should be thrown to indicate that the data provided by the user or from some other external source does not match the validation rules that have been specified for that data.
ValidationException() - Constructor for exception org.owasp.esapi.errors.ValidationException
Instantiates a new validation exception.
ValidationException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationException
Creates a new instance of ValidationException.
ValidationException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationException
Instantiates a new ValidationException.
ValidationException(String, String, String) - Constructor for exception org.owasp.esapi.errors.ValidationException
Creates a new instance of ValidationException.
ValidationException(String, String, Throwable, String) - Constructor for exception org.owasp.esapi.errors.ValidationException
Instantiates a new ValidationException.
ValidationRule - Interface in org.owasp.esapi
 
ValidationUploadException - Exception in org.owasp.esapi.errors
 
ValidationUploadException() - Constructor for exception org.owasp.esapi.errors.ValidationUploadException
Instantiates a new validation exception.
ValidationUploadException(String, String) - Constructor for exception org.owasp.esapi.errors.ValidationUploadException
Create a new ValidationException
ValidationUploadException(String, String, Throwable) - Constructor for exception org.owasp.esapi.errors.ValidationUploadException
Create a new ValidationException
validator() - Static method in class org.owasp.esapi.ESAPI
 
Validator - Interface in org.owasp.esapi
The Validator interface defines a set of methods for canonicalizing and validating untrusted input.
VALIDATOR_IMPLEMENTATION - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
validCreditCardFormat(String) - Method in class org.owasp.esapi.reference.validation.CreditCardValidationRule
Performs additional validation on the card nummber.
valueOf(String) - Static method in enum org.owasp.esapi.codecs.MySQLCodec.Mode
Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfigurationType
Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
Returns the enum constant of this type with the specified name.
values() - Method in class org.owasp.esapi.codecs.HashTrie
values() - Static method in enum org.owasp.esapi.codecs.MySQLCodec.Mode
Returns an array containing the constants of this enum type, in the order they are declared.
values() - Method in class org.owasp.esapi.codecs.Trie.TrieProxy
 
values() - Method in class org.owasp.esapi.codecs.Trie.Unmodifiable
 
values() - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfiguration
Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum org.owasp.esapi.configuration.consts.EsapiConfigurationType
Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum org.owasp.esapi.crypto.KeyDerivationFunction.PRF_ALGORITHMS
Returns an array containing the constants of this enum type, in the order they are declared.
values() - Method in class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
This method has been overridden to throw an UnsupportedOperationException
VBScriptCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for 'quote' encoding from VBScript.
VBScriptCodec() - Constructor for class org.owasp.esapi.codecs.VBScriptCodec
 
verifyAccountNameStrength(String) - Method in interface org.owasp.esapi.Authenticator
Ensures that the account name passes site-specific complexity requirements, like minimum length.
verifyAccountNameStrength(String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Ensures that the account name passes site-specific complexity requirements, like minimum length.
verifyCSRFToken() - Method in interface org.owasp.esapi.HTTPUtilities
Calls verifyCSRFToken with the *current* request.
verifyCSRFToken(HttpServletRequest) - Method in interface org.owasp.esapi.HTTPUtilities
Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and throws an IntrusionException if it is missing.
verifyCSRFToken() - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Calls verifyCSRFToken with the *current* request.
verifyCSRFToken(HttpServletRequest) - Method in class org.owasp.esapi.reference.DefaultHTTPUtilities
Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and throws an IntrusionException if it is missing.
verifyPassword(User, String) - Method in interface org.owasp.esapi.Authenticator
Verify that the supplied password matches the password for this user.
verifyPassword(String) - Method in class org.owasp.esapi.reference.DefaultUser
Verify that the supplied password matches the password for this user.
verifyPassword(User, String) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Verify that the supplied password matches the password for this user.
verifyPassword(String) - Method in interface org.owasp.esapi.User
Verify that the supplied password matches the password for this user.
verifyPasswordStrength(String, String, User) - Method in interface org.owasp.esapi.Authenticator
Ensures that the password meets site-specific complexity requirements, like length or number of character sets.
verifyPasswordStrength(String, String, User) - Method in class org.owasp.esapi.reference.FileBasedAuthenticator
Ensures that the password meets site-specific complexity requirements, like length or number of character sets.
verifySeal(String) - Method in interface org.owasp.esapi.Encryptor
Verifies a seal (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or data mismatch.
verifySeal(String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Verifies a seal (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or data mismatch.
verifySignature(String, String) - Method in interface org.owasp.esapi.Encryptor
Verifies a digital signature (created with the sign method) and returns the boolean result.
verifySignature(String, String) - Method in class org.owasp.esapi.reference.crypto.JavaEncryptor
Verifies a digital signature (created with the sign method) and returns the boolean result.

W

warn(Object) - Method in class org.owasp.esapi.reference.Log4JLogger
warn(Object, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
WARNING - Static variable in interface org.owasp.esapi.Logger
WARNING indicates that WARNING messages and above should be logged.
warning(Logger.EventType, String) - Method in interface org.owasp.esapi.Logger
Log a warning level security event if 'warning' level logging is enabled.
warning(Logger.EventType, String, Throwable) - Method in interface org.owasp.esapi.Logger
Log a warning level security event if 'warning' level logging is enabled and also record the stack trace associated with the event.
warning(Logger.EventType, String, Throwable) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a warning level security event if 'warning' level logging is enabled and also record the stack trace associated with the event.
warning(Logger.EventType, String) - Method in class org.owasp.esapi.reference.Log4JLogger
Log a warning level security event if 'warning' level logging is enabled.
whitelist(String, char[]) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
String the input of all chars contained in the list
whitelist(String, Set<Character>) - Method in class org.owasp.esapi.reference.validation.BaseValidationRule
Removes characters that aren't in the whitelist from the input String.
whitelist(String, char[]) - Method in interface org.owasp.esapi.ValidationRule
String the input of all chars contained in the list
whitelist(String, Set<Character>) - Method in interface org.owasp.esapi.ValidationRule
String the input of all chars contained in the list
whitelistPatterns - Variable in class org.owasp.esapi.reference.validation.StringValidationRule
 
WindowsCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for '^' encoding from Windows command shell.
WindowsCodec() - Constructor for class org.owasp.esapi.codecs.WindowsCodec
 
WORKING_DIRECTORY - Static variable in class org.owasp.esapi.reference.DefaultSecurityConfiguration
 
write(int) - Method in class org.owasp.esapi.codecs.Base64.OutputStream
Writes the byte to the output stream after converting to/from Base64 notation.
write(byte[], int, int) - Method in class org.owasp.esapi.codecs.Base64.OutputStream
Calls Base64.OutputStream.write(int) repeatedly until len bytes are written.
write(char[], int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
write(char[]) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
write(int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
write(String, int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
write(String) - Method in class org.owasp.esapi.waf.internal.InterceptingPrintWriter
 
write(int) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
write(byte[]) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 
write(byte[], int, int) - Method in class org.owasp.esapi.waf.internal.InterceptingServletOutputStream
 

X

XMLEntityCodec - Class in org.owasp.esapi.codecs
Implementation of the Codec interface for XML entity encoding.
XMLEntityCodec() - Constructor for class org.owasp.esapi.codecs.XMLEntityCodec
 
XmlEsapiPropertyLoader - Class in org.owasp.esapi.configuration
Loader capable of loading single security configuration property from xml configuration file.
XmlEsapiPropertyLoader(String, int) - Constructor for class org.owasp.esapi.configuration.XmlEsapiPropertyLoader
 
A B C D E F G H I J K L M N O P R S T U V W X 

Copyright © 2016 The Open Web Application Security Project (OWASP). All rights reserved.