ESAPI-C 1.0
The OWASP Enterprise Security API for C
|
Validation module header. More...
Go to the source code of this file.
Functions | |
int | is_valid (char *, char *, int) |
Returns true if the given regular expression matches the given data. | |
char * | strip_chars (char *, char *) |
Remove all characters from the given input character array that are also found in the given valid characters array. |
Validation module header.
The Validation module defines a set of functions for canonicalizing and validating untrusted input. Implementors should feel free to extend this interface to accommodate their own data formats.
Implementations must adopt a "whitelist" approach to validation where a specific pattern or character set is matched. "Blacklist" approaches that attempt to identify the invalid or disallowed characters are much more likely to allow a bypass with encoding or other tricks.
Definition in file validate.h.
int is_valid | ( | char * | , |
char * | , | ||
int | |||
) |
Returns true if the given regular expression matches the given data.
input | A character array containing the user input data to validate. |
type | The regular expression name that maps to the actual regular expression from "ESAPI.properties". |
flags | May be the bitwise-or of one or more of the following: REG_EXTENDED, REG_ICASE, REG_NOSUB, REG_NEWLINE. |
Definition at line 60 of file validate.c.
char* strip_chars | ( | char * | , |
char * | |||
) |
Remove all characters from the given input character array that are also found in the given valid characters array.
input | A character array containing the user input data to validate. |
valid_chars | A character array containing the characters to strip. |
Definition at line 38 of file validate.c.