Skip to content
This repository was archived by the owner on Apr 6, 2021. It is now read-only.

Commit f69ff6c

Browse files
author
chrisisbeef
committed
Added Localization, ValidationRules, DefaultValidator
1 parent b0eb43c commit f69ff6c

File tree

10 files changed

+1426
-23
lines changed

10 files changed

+1426
-23
lines changed

dist/esapi-compressed.js

Lines changed: 8 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/esapi.js

Lines changed: 222 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,7 @@ if ( !Exception ) {
160160
};
161161

162162
Exception.prototype.printStackTrace = function( writer ) {
163-
var out = this.constructor.toString() + ": " + this.getMessage() + "|||" + this.getStackTrace().join( "|||" );
163+
var out = this.getMessage() + "|||" + this.getStackTrace().join( "|||" );
164164

165165
if ( this.cause ) {
166166
if ( this.cause.printStackTrace ) {
@@ -194,7 +194,212 @@ if ( !RuntimeException ) {
194194
if ( !IllegalArgumentException ) {
195195
var IllegalArgumentException = {};
196196
IllegalArgumentException.prototype = Exception.prototype;
197-
}/*
197+
}
198+
199+
if ( !DateFormat ) {
200+
// Based on http://jacwright.com/projects/javascript/date_format
201+
var DateFormat = function( sFmt ) {
202+
203+
var fmt = sFmt;
204+
205+
var replaceChars = {
206+
longMonths: [ "January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December" ],
207+
shortMonths: [ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" ],
208+
longDays: [ "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday" ],
209+
shortDays: [ "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" ],
210+
211+
// Day
212+
d: function(date) { return (date.getDate() < 10 ? '0' : '') + date.getDate(); },
213+
D: function(date) { return replaceChars.shortDays[date.getDay()]; },
214+
j: function(date) { return date.getDate(); },
215+
l: function(date) { return replaceChars.longDays[date.getDay()]; },
216+
N: function(date) { return date.getDay() + 1; },
217+
S: function(date) { return (date.getDate() % 10 == 1 && date.getDate() != 11 ? 'st' : (date.getDate() % 10 == 2 && date.getDate() != 12 ? 'nd' : (date.getDate() % 10 == 3 && date.getDate() != 13 ? 'rd' : 'th'))); },
218+
w: function(date) { return date.getDay(); },
219+
z: function(date) { return "Not Yet Supported"; },
220+
// Week
221+
W: function(date) { return "Not Yet Supported"; },
222+
// Month
223+
F: function(date) { return replaceChars.longMonths[date.getMonth()]; },
224+
m: function(date) { return (date.getMonth() < 9 ? '0' : '') + (date.getMonth() + 1); },
225+
M: function(date) { return replaceChars.shortMonths[date.getMonth()]; },
226+
n: function(date) { return date.getMonth() + 1; },
227+
t: function(date) { return "Not Yet Supported"; },
228+
// Year
229+
L: function(date) { return (((date.getFullYear()%4==0)&&(date.getFullYear()%100 != 0)) || (date.getFullYear()%400==0)) ? '1' : '0'; },
230+
o: function(date) { return "Not Supported"; },
231+
Y: function(date) { return date.getFullYear(); },
232+
y: function(date) { return ('' + date.getFullYear()).substr(2); },
233+
// Time
234+
a: function(date) { return date.getHours() < 12 ? 'am' : 'pm'; },
235+
A: function(date) { return date.getHours() < 12 ? 'AM' : 'PM'; },
236+
B: function(date) { return "Not Yet Supported"; },
237+
g: function(date) { return date.getHours() % 12 || 12; },
238+
G: function(date) { return date.getHours(); },
239+
h: function(date) { return ((date.getHours() % 12 || 12) < 10 ? '0' : '') + (date.getHours() % 12 || 12); },
240+
H: function(date) { return (date.getHours() < 10 ? '0' : '') + date.getHours(); },
241+
i: function(date) { return (date.getMinutes() < 10 ? '0' : '') + date.getMinutes(); },
242+
s: function(date) { return (date.getSeconds() < 10 ? '0' : '') + date.getSeconds(); },
243+
// Timezone
244+
e: function(date) { return "Not Yet Supported"; },
245+
I: function(date) { return "Not Supported"; },
246+
O: function(date) { return (-date.getTimezoneOffset() < 0 ? '-' : '+') + (Math.abs(date.getTimezoneOffset() / 60) < 10 ? '0' : '') + (Math.abs(date.getTimezoneOffset() / 60)) + '00'; },
247+
P: function(date) { return (-date.getTimezoneOffset() < 0 ? '-' : '+') + (Math.abs(date.getTimezoneOffset() / 60) < 10 ? '0' : '') + (Math.abs(date.getTimezoneOffset() / 60)) + ':' + (Math.abs(date.getTimezoneOffset() % 60) < 10 ? '0' : '') + (Math.abs(date.getTimezoneOffset() % 60)); },
248+
T: function(date) { var m = date.getMonth(); date.setMonth(0); var result = date.toTimeString().replace(/^.+ \(?([^\)]+)\)?$/, '$1'); date.setMonth(m); return result;},
249+
Z: function(date) { return -date.getTimezoneOffset() * 60; },
250+
// Full Date/Time
251+
c: function(date) { return date.format("Y-m-d") + "T" + date.format("H:i:sP"); },
252+
r: function(date) { return date.toString(); },
253+
U: function(date) { return date.getTime() / 1000; }
254+
};
255+
256+
257+
return {
258+
format: function(oDate) {
259+
var out = '';
260+
for(var i=0;i<fmt.length;i++) {
261+
var c = fmt.charAt(i);
262+
if ( replaceChars[c] ) {
263+
out += replaceChars[c].call(oDate);
264+
} else {
265+
out += c;
266+
}
267+
}
268+
return out;
269+
}
270+
};
271+
};
272+
273+
DateFormat.getDateInstance = function() {
274+
return new DateFormat("M/d/y h:i a");
275+
};
276+
}
277+
278+
if ( !StringFormatter ) {
279+
var StringFormatter = {
280+
init : function () {
281+
282+
if (typeof arguments == "undefined") { return null; }
283+
if (arguments.length < 1) { return null; }
284+
if (typeof arguments[0] != "string") { return null; }
285+
if (typeof RegExp == "undefined") { return null; }
286+
287+
var string = arguments[0];
288+
var exp = new RegExp(/(%([%]|(\-)?(\+|\x20)?(0)?(\d+)?(\.(\d)?)?([bcdfosxX])))/g);
289+
var matches = new Array();
290+
var strings = new Array();
291+
var convCount = 0;
292+
var stringPosStart = 0;
293+
var stringPosEnd = 0;
294+
var matchPosEnd = 0;
295+
var newString = '';
296+
var match = null;
297+
298+
while (match = exp.exec(string)) {
299+
if (match[9]) { convCount += 1; }
300+
301+
stringPosStart = matchPosEnd;
302+
stringPosEnd = exp.lastIndex - match[0].length;
303+
strings[strings.length] = string.substring(stringPosStart, stringPosEnd);
304+
305+
matchPosEnd = exp.lastIndex;
306+
matches[matches.length] = {
307+
match: match[0],
308+
left: match[3] ? true : false,
309+
sign: match[4] || '',
310+
pad: match[5] || ' ',
311+
min: match[6] || 0,
312+
precision: match[8],
313+
code: match[9] || '%',
314+
negative: parseInt(arguments[convCount]) < 0 ? true : false,
315+
argument: String(arguments[convCount])
316+
};
317+
}
318+
strings[strings.length] = string.substring(matchPosEnd);
319+
320+
if (matches.length == 0) { return string; }
321+
if ((arguments.length - 1) < convCount) { return null; }
322+
323+
var code = null;
324+
var match = null;
325+
var i = null;
326+
327+
for (i=0; i<matches.length; i++) {
328+
329+
if (matches[i].code == '%') { substitution = '%' }
330+
else if (matches[i].code == 'b') {
331+
matches[i].argument = String(Math.abs(parseInt(matches[i].argument)).toString(2));
332+
substitution = StringFormatter.convert(matches[i], true);
333+
}
334+
else if (matches[i].code == 'c') {
335+
matches[i].argument = String(String.fromCharCode(parseInt(Math.abs(parseInt(matches[i].argument)))));
336+
substitution = StringFormatter.convert(matches[i], true);
337+
}
338+
else if (matches[i].code == 'd') {
339+
matches[i].argument = String(Math.abs(parseInt(matches[i].argument)));
340+
substitution = StringFormatter.convert(matches[i]);
341+
}
342+
else if (matches[i].code == 'f') {
343+
matches[i].argument = String(Math.abs(parseFloat(matches[i].argument)).toFixed(matches[i].precision ? matches[i].precision : 6));
344+
substitution = StringFormatter.convert(matches[i]);
345+
}
346+
else if (matches[i].code == 'o') {
347+
matches[i].argument = String(Math.abs(parseInt(matches[i].argument)).toString(8));
348+
substitution = StringFormatter.convert(matches[i]);
349+
}
350+
else if (matches[i].code == 's') {
351+
matches[i].argument = matches[i].argument.substring(0, matches[i].precision ? matches[i].precision : matches[i].argument.length)
352+
substitution = StringFormatter.convert(matches[i], true);
353+
}
354+
else if (matches[i].code == 'x') {
355+
matches[i].argument = String(Math.abs(parseInt(matches[i].argument)).toString(16));
356+
substitution = StringFormatter.convert(matches[i]);
357+
}
358+
else if (matches[i].code == 'X') {
359+
matches[i].argument = String(Math.abs(parseInt(matches[i].argument)).toString(16));
360+
substitution = StringFormatter.convert(matches[i]).toUpperCase();
361+
}
362+
else {
363+
substitution = matches[i].match;
364+
}
365+
366+
newString += strings[i];
367+
newString += substitution;
368+
369+
}
370+
newString += strings[i];
371+
372+
return newString;
373+
374+
},
375+
376+
convert : function(match, nosign){
377+
if (nosign) {
378+
match.sign = '';
379+
} else {
380+
match.sign = match.negative ? '-' : match.sign;
381+
}
382+
var l = match.min - match.argument.length + 1 - match.sign.length;
383+
var pad = new Array(l < 0 ? 0 : l).join(match.pad);
384+
if (!match.left) {
385+
if (match.pad == "0" || nosign) {
386+
return match.sign + pad + match.argument;
387+
} else {
388+
return pad + match.sign + match.argument;
389+
}
390+
} else {
391+
if (match.pad == "0" || nosign) {
392+
return match.sign + match.argument + pad.replace(/0/g, ' ');
393+
} else {
394+
return match.sign + match.argument + pad;
395+
}
396+
}
397+
}
398+
};
399+
400+
String.format = StringFormatter.init;
401+
}
402+
/*
198403
* OWASP Enterprise Security API (ESAPI)
199404
*
200405
* This file is part of the Open Web Application Security Project (OWASP)
@@ -220,7 +425,7 @@ var $ESAPI_Properties = {
220425
},
221426

222427
validation: {
223-
Implementation: 'org.owasp.esapi.validators.DefaultValidator',
428+
Implementation: 'org.owasp.esapi.reference.validation.DefaultValidator',
224429
AccountName: '^[a-zA-Z0-9]{3,20}$',
225430
SafeString: '[a-zA-Z0-9\\-_+]*',
226431
Email: '^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$',
@@ -250,12 +455,21 @@ org.owasp.esapi = {
250455

251456
},
252457

458+
EncoderConstants: {
459+
CHAR_LOWERS: [ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' ],
460+
CHAR_UPPERS: [ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' ],
461+
CHAR_DIGITS: [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' ],
462+
CHAR_SPECIALS: [ '!', '$', '*', '+', '-', '.', '=', '?', '@', '^', '_', '|', '~' ],
463+
CHAR_LETTERS: [ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' ],
464+
CHAR_ALNUM: [ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' ]
465+
},
466+
253467
EnterpriseSecurityException: function(sUserMessage, sLogMessage, oException) {
254468
var _logMessage = sLogMessage;
255469
var _super = new Exception(sUserMessage, oException);
256470

257471
return {
258-
getMessage: _super.getMessage(),
472+
getMessage: _super.getMessage,
259473
getUserMessage: _super.getMessage,
260474
getLogMessage: function() {
261475
return _logMessage;
@@ -463,7 +677,7 @@ org.owasp.esapi = {
463677
properties: _properties,
464678

465679
encoder: function() {
466-
$require(_properties.encoder.Implementation);
680+
eval('$require('+_properties.encoder.Implementation+');');
467681
if (!_encoder) {
468682
eval('_encoder = new ' + _properties.encoder.Implementation + '();');
469683
}
@@ -483,8 +697,8 @@ org.owasp.esapi = {
483697
},
484698

485699
validator: function() {
486-
$require(_properties.validation.Implementation);
487-
if (_validator == null) {
700+
eval('$require('+_properties.validation.Implementation+');');
701+
if (!_validator) {
488702
eval('_validator = new ' + _properties.validation.Implementation + '();');
489703
}
490704
return _validator;
@@ -1734,7 +1948,7 @@ org.owasp.esapi.reference.logging = {
17341948
logger = new Log4JSLogger(key);
17351949

17361950
if ( Log4js.config && Log4js.config[moduleName] ) {
1737-
logger.setLevel( Log4js.config[moduleName].level?Log4js.config[moduleName].level:eval($ESAPI.properties.logging.Level));
1951+
eval("logger.setLevel( Log4js.config[moduleName].level?Log4js.config[moduleName].level:"+$ESAPI.properties.logging.Level+");");
17381952
if ( Log4js.config[moduleName].appenders ) {
17391953
Log4js.config[moduleName].appenders.each(function(e){
17401954
logger.addAppender(e);

0 commit comments

Comments
 (0)