[Esapi-user] sanitiseAlpha20, sanitiseDate, sanitiseNo

Yiannis Pavlosoglou yiannis at owasp.org
Mon Aug 9 08:32:26 EDT 2010


Hi all,

Without wanting to steal Kevin's previous thread, on what ESAPI can do
going forward, I have been getting some feedback on a thread posted
not too long ago. The feedback comes from folks in the trenches, so to
speak i.e. "Yiannis, I need 50 lines of code that drop what should not
be there". The original thread:

http://www.webappsec.org/lists/websecurity/archive/2010-05/msg00003.html

The above has a .NET & Java methods implemented. Now, I am a newcomer
to ESAPI, in that I have only used specific subcomponents of it (e.g.
preventing oracle sql injection) so what I am about to request is
probably already somewhere in the APIs.

Is it trivial enough to put together a set of no more than a handful
strict, static methods of the type seen in the post above and flag
them as that, i.e. sanitisation routines, for people that would like
to simply not worry about logging, etc. but all-in-all just dropping
characters they are not expecting as input?

My apologies in advance if they are already in place; perhaps document
them and group them in something straight-forward of the type
org.owasp.security.simple?

This idea evolves around simplifying the process of calling esapi,
perhaps putting together an esapi-light that I would be more than
happy to help code, need be.

Thank you and.. keep up the good work!

Yiannis


More information about the Esapi-user mailing list