[Esapi-user] Help Regarding ESAPI

ashish kumar gautam gautamashishkumar at gmail.com
Tue Jun 14 06:03:55 EDT 2011


Dear Sir

I am using ESAPI for validating file name, file size and file content.
I am able to validate the file name and size
I am not able to validate file content.

isValidFileContent() method does not validate a content of the file, it
validates the size of a file. Whereas i want to validate the content of
file i.e. I want to fix the content of the file.


I am not satisfy about the method isValidFileContent() because of  its not
validate the content of the file, it validate only file size.

So Please kindly explain How to validate the content of the file


public boolean isValidFileContent(String context, byte[] input, int maxBytes
, boolean allowNull) throws IntrusionException {
     try {
              getValidFileContent( context, input, maxBytes, allowNull);
              return true;
          } catch( Exception e ) {              return false;
          }}

public byte[] getValidFileContent(String context, byte[] input, int maxBytes
, boolean allowNull) throws ValidationException, IntrusionException {
                if (isEmpty(input)) {
                        if (allowNull) return null;
                        throw new ValidationException( context + ": Input
required", "Input required: context=" + context + ", input=" + input,context
);
                }

                long esapiMaxBytes = ESAPI.securityConfiguration().
getAllowedFileUploadSize();
                if (input.length > esapiMaxBytes ) throw new
ValidationException( context + ": Invalid file content can not exceed
" +esapiMaxBytes
+ " bytes", "Exceeded ESAPI max length", context );
                if (input.length > maxBytes ) throw new
ValidationException(context
+ ": Invalid file content can not exceed " + maxBytes + " bytes", "Exceeded
maxBytes ( " + input.length + ")", context );

                return input;
        } }



send me response as soon as possible  Thanks Ashish Kumar Gautam NIC Delhi
India
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110614/16533cf0/attachment.html 


More information about the Esapi-user mailing list