| Package | Description |
|---|---|
| com.neurosys.cluzo.adapters | |
| com.neurosys.cluzo.domain | |
| com.neurosys.cluzo.service |
| Modifier and Type | Method and Description |
|---|---|
Data<String> |
XSSUrlParamSecurityAdapter.preProcess(Data<String> input)
For Absolute URL's we can determine the genuine host name (or pick from config) and sanitize those out from the input.
|
Data<javax.servlet.http.Cookie> |
CookieSanitizerSecurityAdapter.sanitize(Data<javax.servlet.http.Cookie> data)
Returns the same cookie as the input
Note: HTTP Only is controlled at the response header like response.setHeader( "Set-Cookie", "name=value; HttpOnly")
or at a server level in Tomcat 6 flag useHttpOnly=True in context.xml to force this behaviour for applications
For session cookie, we can set in web.xml:
|
Data |
XSSAntiSamySecurityAdapter.sanitize(Data<String> input) |
Data |
XSSUrlParamSecurityAdapter.sanitize(Data<String> input) |
Data<String> |
WhiteBlackExpressionSecurityAdapter.sanitize(Data<String> input) |
Data |
XSSESAPIURLSecurityAdapter.sanitize(Data<String> input)
Deprecated.
|
Data<String> |
CodeSnifferSecurityAdapter.sanitize(Data<String> data) |
| Modifier and Type | Method and Description |
|---|---|
Data<String> |
XSSUrlParamSecurityAdapter.preProcess(Data<String> input)
For Absolute URL's we can determine the genuine host name (or pick from config) and sanitize those out from the input.
|
protected void |
RedundantFileExtSecurityAdapter.processInvalidQuery(Data<String> input) |
protected void |
XSSUrlParamSecurityAdapter.processInvalidQuery(Data<String> input) |
protected void |
WhiteBlackExpressionSecurityAdapter.processInvalidQuery(Data<String> input) |
protected void |
WhiteBlackExpressionSecurityAdapter.processParams(Data<String> input)
If there are param pairs then process them pair wise
|
Data<javax.servlet.http.Cookie> |
CookieSanitizerSecurityAdapter.sanitize(Data<javax.servlet.http.Cookie> data)
Returns the same cookie as the input
Note: HTTP Only is controlled at the response header like response.setHeader( "Set-Cookie", "name=value; HttpOnly")
or at a server level in Tomcat 6 flag useHttpOnly=True in context.xml to force this behaviour for applications
For session cookie, we can set in web.xml:
|
Data |
XSSAntiSamySecurityAdapter.sanitize(Data<String> input) |
Data |
XSSUrlParamSecurityAdapter.sanitize(Data<String> input) |
Data<String> |
WhiteBlackExpressionSecurityAdapter.sanitize(Data<String> input) |
Data |
XSSESAPIURLSecurityAdapter.sanitize(Data<String> input)
Deprecated.
|
Data<String> |
CodeSnifferSecurityAdapter.sanitize(Data<String> data) |
void |
CookieSanitizerSecurityAdapter.validate(Data<javax.servlet.http.Cookie> input) |
void |
RedundantFileExtSecurityAdapter.validate(Data<String> input) |
void |
XSSAntiSamySecurityAdapter.validate(Data<String> input) |
void |
XSSUrlParamSecurityAdapter.validate(Data<String> input) |
void |
WhiteBlackExpressionSecurityAdapter.validate(Data<String> input) |
void |
XSSESAPIURLSecurityAdapter.validate(Data<String> input)
Deprecated.
|
void |
CodeSnifferSecurityAdapter.validate(Data<String> input) |
protected void |
WhiteBlackExpressionSecurityAdapter.validateAgainstBlackRegEx(Data<String> input) |
protected void |
WhiteBlackExpressionSecurityAdapter.validateAgainstWhiteRegEx(Data<String> input) |
| Modifier and Type | Class and Description |
|---|---|
class |
StringData |
| Modifier and Type | Method and Description |
|---|---|
Data<T> |
SecurityAdapter.sanitize(Data<T> data)
Sanitize content, from malicious to harmless.
|
| Modifier and Type | Method and Description |
|---|---|
Data<T> |
SecurityAdapter.sanitize(Data<T> data)
Sanitize content, from malicious to harmless.
|
void |
SecurityAdapter.validate(Data<T> input)
Check if the input is safe or not
When used in a chained or a SecurityContext with other SecurityAdapters then the Adapters throwing
a OperationNotSupportedException will be ignored. |
| Modifier and Type | Method and Description |
|---|---|
Data<T> |
DefaultSecurityContext.sanitize(Data<T> input)
Will sanitize in order of adapters.
|
| Modifier and Type | Method and Description |
|---|---|
Data<T> |
DefaultSecurityContext.sanitize(Data<T> input)
Will sanitize in order of adapters.
|
void |
DefaultSecurityContext.validate(Data<T> data)
All the calls to
this#adapters are mutually exclusive. |
Copyright © 2018. All rights reserved.