ESAPI-C 1.0
The OWASP Enterprise Security API for C

validate.h File Reference

Validation module header. More...

#include <stdlib.h>
#include "utlist.h"
#include "codec.h"

Go to the source code of this file.

Functions

int is_valid (char *, char *, int)
 Returns true if the given regular expression matches the given data.
char * strip_chars (char *, char *)
 Remove all characters from the given input character array that are also found in the given valid characters array.

Detailed Description

Validation module header.

The Validation module defines a set of functions for canonicalizing and validating untrusted input. Implementors should feel free to extend this interface to accommodate their own data formats.

Implementations must adopt a "whitelist" approach to validation where a specific pattern or character set is matched. "Blacklist" approaches that attempt to identify the invalid or disallowed characters are much more likely to allow a bypass with encoding or other tricks.

Since:
January 30, 2011

Definition in file validate.h.


Function Documentation

int is_valid ( char *  ,
char *  ,
int   
)

Returns true if the given regular expression matches the given data.

Parameters:
inputA character array containing the user input data to validate.
typeThe regular expression name that maps to the actual regular expression from "ESAPI.properties".
flagsMay be the bitwise-or of one or more of the following: REG_EXTENDED, REG_ICASE, REG_NOSUB, REG_NEWLINE.
Returns:
0 on successful completion, or nonzero to indicate an error.

Definition at line 60 of file validate.c.

char* strip_chars ( char *  ,
char *   
)

Remove all characters from the given input character array that are also found in the given valid characters array.

Parameters:
inputA character array containing the user input data to validate.
valid_charsA character array containing the characters to strip.

Definition at line 38 of file validate.c.

 All Data Structures Files Functions Variables Typedefs Defines