All Classes Interface Summary Class Summary Enum Summary Exception Summary
Class |
Description |
AbstractAccessReferenceMap<K> |
Abstract Implementation of the AccessReferenceMap.
|
AbstractAuthenticator |
A partial implementation of the Authenticator interface.
|
AbstractCharacterCodec |
This abstract Impl is broken off from the original Codec class and
provides the Character parsing logic that has been with ESAPI from the beginning.
|
AbstractCodec<T> |
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
such as HTML entity encoding and percent encoding (aka URL encoding).
|
AbstractIntegerCodec |
This class is intended to be an alternative Abstract Implementation for parsing encoding
data by focusing on int as opposed to Character .
|
AbstractPrioritizedPropertyLoader |
Abstrace class that supports two "levels" of priorities for ESAPI properties.
|
AbstractPushbackSequence<T> |
This Abstract class provides the generic logic for using a PushbackSequence
in regards to iterating strings.
|
AccessControlException |
An AccessControlException should be thrown when a user attempts to access a
resource that they are not authorized for.
|
AccessController |
The AccessController interface defines a set of methods that can be used in a wide variety of applications to
enforce access control.
|
AccessControlRule<P,R> |
|
AccessReferenceMap<K> |
The AccessReferenceMap interface is used to map from a set of internal
direct object references to a set of indirect references that are safe to
disclose publicly.
|
ACRParameterLoader<T> |
|
ACRParameterLoaderHelper |
|
ACRPolicyFileLoader |
|
Action |
The base class indicating what is to be done after a rule executes.
|
AddHeaderRule |
This is the Rule subclass executed for <add-header> rules.
|
AddHTTPOnlyFlagRule |
This is the Rule subclass executed for <add-http-only-flag> rules.
|
AddSecureFlagRule |
This is the Rule subclass executed for <add-secure-flag> rules.
|
AlwaysFalseACR |
|
AlwaysTrueACR |
|
AppGuardianConfiguration |
This class is the object model of the policy file.
|
AuthenticatedRule |
This is the Rule subclass executed for <authentication-rules> rules.
|
AuthenticationAccountsException |
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
|
AuthenticationCredentialsException |
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
|
AuthenticationException |
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
|
AuthenticationHostException |
An AuthenticationHostException should be thrown when there is a problem with
the host involved with authentication, particularly if the host changes unexpectedly.
|
AuthenticationLoginException |
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
|
Authenticator |
The Authenticator interface defines a set of methods for generating and
handling account credentials and session identifiers.
|
AvailabilityException |
An AvailabilityException should be thrown when the availability of a limited
resource is in jeopardy.
|
Base64 |
Encodes and decodes to and from Base64 notation.
|
Base64.InputStream |
A Base64.InputStream will read data from another
java.io.InputStream, given in the constructor,
and encode/decode to/from Base64 notation on the fly.
|
Base64.OutputStream |
A Base64.OutputStream will write data to another
java.io.OutputStream, given in the constructor,
and encode/decode to/from Base64 notation on the fly.
|
BaseACR<P,R> |
|
BaseEncodeTag |
Abstract base class for tags that just encode their bodies with Encoder methods.
|
BaseValidationRule |
A ValidationRule performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
|
BeanShellRule |
This is the Rule subclass executed for <bean-shell-script> rules.
|
BlockAction |
The class that indicates the request processing should be halted and that a blank response
should be returned.
|
ByteConversionUtil |
Conversion to/from byte arrays to/from short, int, long.
|
CertificateException |
A CertificateException should be thrown for any problems that arise during
processing of digital certificates.
|
CipherSpec |
Specifies all the relevant configuration data needed in constructing and
using a Cipher except for the encryption key.
|
CipherText |
A Serializable interface representing the result of encrypting
plaintext and some additional information about the encryption algorithm,
the IV (if pertinent), and an optional Message Authentication Code (MAC).
|
CipherTextSerializer |
Helper class to assist with programming language and platform independent
serialization of CipherText objects.
|
ClickjackFilter |
The ClickjackFilter is discussed at
|
ClientInfoSupplier |
Supplier which can provide a String representing the client-side connection
information.
|
Codec<T> |
The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
such as HTML entity encoding and percent encoding (aka URL encoding).
|
CodecLogScrubber |
Implementation of a LogScrubber which passes strings through a delegate codec
with specific character immunity sets.
|
CollectionsUtil |
|
CompositeLogScrubber |
LogScrubber implementation which performs iterative delegate to an ordered
List of LogScrubbers.
|
ConfigurationException |
A ConfigurationException should be thrown when a problem arises because of
a problem in one of ESAPI's configuration files, such as a missing required
property or invalid setting of a property, or missing or unreadable
configuration file, etc.
|
ConfigurationException |
The Exception to be thrown when there is an error parsing a policy file.
|
ConfigurationParser |
The class used to turn a policy file's contents into an object model.
|
CreditCardValidationRule |
A validator performs syntax and possibly semantic validation of Credit Card
String from an untrusted source.
|
CryptoDiscoverer |
|
CryptoHelper |
Class to provide some convenience methods for encryption, decryption, etc.
|
CryptoToken |
Compute a cryptographically secure, encrypted token containing
optional name/value pairs.
|
CSSCodec |
Implementation of the Codec interface for backslash encoding used in CSS.
|
DateValidationRule |
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
|
DB2Codec |
Implementation of the Codec interface for DB2 strings.
|
DefaultAccessController |
|
DefaultAction |
The class that indicates the default action as indicated by the policy file
should be executed.
|
DefaultEncoder |
Reference implementation of the Encoder interface.
|
DefaultEncoder.UriSegment |
|
DefaultEncryptedProperties |
Reference implementation of the EncryptedProperties interface.
|
DefaultExecutor |
Reference implementation of the Executor interface.
|
DefaultHTTPUtilities |
Reference implementation of the HTTPUtilities interface.
|
DefaultIntrusionDetector |
Reference implementation of the IntrusionDetector interface.
|
DefaultMessageUtil |
|
DefaultRandomizer |
Reference implementation of the Randomizer interface.
|
DefaultSecurityConfiguration |
The reference SecurityConfiguration manages all the settings used by the ESAPI in a single place.
|
DefaultSecurityConfiguration.DefaultSearchPath |
|
DefaultUser |
Reference implementation of the User interface.
|
DefaultValidator |
Reference implementation of the Validator interface.
|
DelegatingACR |
|
DetectOutboundContentRule |
This is the Rule subclass executed for <detect-content> rules.
|
DoNothingAction |
The class that indicates that no further action is necessary.
|
DynaBeanACRParameter |
A DynaBean comes from the apache bean utils.
|
DynaBeanACRParameterLoader |
|
EchoDynaBeanPolicyParameterACR |
|
EchoRuntimeParameterACR |
|
ELEncodeFunctions |
Static encoder methods for JSP EL expression functions.
|
EncodeForBase64Tag |
JSP tag that encode's it's body using Base64.
|
EncodeForCSSTag |
JSP tag that encode's it's body for use in CSS.
|
EncodeForHTMLAttributeTag |
JSP tag that encode's it's body for use in a HTML attribute.
|
EncodeForHTMLTag |
JSP tag that encode's it's body for use in HTML.
|
EncodeForJavaScriptTag |
JSP tag that encode's it's body for use in JavaScript.
|
EncodeForURLTag |
JSP tag that encode's it's body for use in a URL.
|
EncodeForVBScriptTag |
JSP tag that encode's it's body for use in VBScript.
|
EncodeForXMLAttributeTag |
JSP tag that encode's it's body for use in a XML attribute.
|
EncodeForXMLTag |
JSP tag that encode's it's body for use in XML.
|
EncodeForXPathTag |
JSP tag that encode's it's body for use in XPath.
|
Encoder |
The Encoder interface contains a number of methods for decoding input and encoding output
so that it will be safe for a variety of interpreters.
|
EncoderConstants |
Common character classes used for input validation, output encoding, verifying password strength
CSRF token generation, generating salts, etc
|
EncodingException |
An EncodingException should be thrown for any problems that occur when
encoding or decoding data.
|
EncodingPatternPreservation |
String mutation utility which can be used to replace all occurrences of a
defined regular expression with a marker string, and also restore the
original string content.
|
EncryptedProperties |
The EncryptedProperties interface represents a properties file
where all the data is encrypted before it is added, and decrypted when it
retrieved.
|
EncryptedPropertiesUtils |
Command line utilities for reading, writing and creating encrypted properties files.
|
EncryptionException |
An EncryptionException should be thrown for any problems related to
encryption, hashing, or digital signatures.
|
EncryptionRuntimeException |
An EncryptionRuntimeException should be thrown for any problems related to
encryption, hashing, or digital signatures.
|
Encryptor |
The Encryptor interface provides a set of methods for performing common
encryption, random number, and hashing operations.
|
EnforceHTTPSRule |
This is the Rule subclass executed for <enforce-https> rules.
|
EnterpriseSecurityException |
EnterpriseSecurityException is the base class for all security related exceptions.
|
EnterpriseSecurityRuntimeException |
EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions.
|
ESAPI |
ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
|
EsapiConfiguration |
Enum used for initialization of esapi configuration files.
|
EsapiConfigurationType |
Supported esapi configuration file types.
|
ESAPICustomJavaLevel |
Definitions of customized Java Logging Level options to map ESAPI behavior to the desired Java Log output behaviors.
|
ESAPIErrorJavaLevel |
Deprecated.
|
ESAPIFilter |
|
EsapiPropertyLoader |
Generic interface for loading security configuration properties.
|
EsapiPropertyLoaderFactory |
Factory class that takes care of initialization of proper instance of EsapiPropertyLoader
based on EsapiPropertiesStore
|
EsapiPropertyManager |
Manager used for loading security configuration properties.
|
ESAPIWebApplicationFirewallFilter |
This is the main class for the ESAPI Web Application Firewall (WAF).
|
EventTypeLogSupplier |
Supplier implementation which returns a consistent String representation of
an EventType for logging
|
ExecuteResult |
The ExecuteResult class encapsulates the pieces of data that can be returned
from a process executed by the Executor interface.
|
Executor |
The Executor interface is used to run an OS command with reduced security risk.
|
ExecutorException |
An ExecutorException should be thrown for any problems that arise during the
execution of a system executable.
|
ExperimentalAccessController |
|
FileBasedACRs |
This class exists for backwards compatibility with the AccessController 1.0
reference implementation.
|
FileBasedAuthenticator |
Reference implementation of the Authenticator interface.
|
GeneralAttackSignatureRule |
This is the Rule subclass executed for <general-attack-signature> rules, which
are not currently implemented.
|
HashTrie<T> |
Trie implementation for CharSequence keys.
|
Hex |
Encode and decode to/from hexadecimal strings to byte arrays.
|
HTMLEntityCodec |
Implementation of the Codec interface for HTML entity encoding.
|
HTMLValidationRule |
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
|
HTTPMethodRule |
This is the Rule subclass executed for <restrict-method> rules.
|
HTTPUtilities |
The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
responses, sessions, cookies, headers, and logging.
|
IntegerAccessReferenceMap |
Reference implementation of the AccessReferenceMap interface.
|
IntegerValidationRule |
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
|
IntegrityException |
An IntegrityException should be thrown when a problem with the integrity of data
has been detected.
|
InterceptingHTTPServletRequest |
The wrapper for the HttpServletRequest object which will be passed to the application
being protected by the WAF.
|
InterceptingHTTPServletResponse |
The wrapper for the HttpServletResponse object which will be passed to the application
being protected by the WAF.
|
InterceptingPrintWriter |
The PrintWriter needed to buffer outbound data generated by the application
being protected by the WAF.
|
InterceptingServletOutputStream |
This class was inspired by ModSecurity for Java by Ivan Ristic.
|
IntrusionDetector |
The IntrusionDetector interface is intended to track security relevant events and identify attack behavior.
|
IntrusionException |
An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack
in progress.
|
IPRule |
This is the Rule subclass executed for <detect-source-ip> rules.
|
JavaEncryptor |
Reference implementation of the Encryptor interface.
|
JavaLogBridge |
Contract for translating an ESAPI log event into an Java log event.
|
JavaLogBridgeImpl |
Implementation which is intended to bridge the ESAPI Logging API into Java supported Object structures.
|
JavaLogFactory |
LogFactory implementation which creates JAVA supporting Loggers.
|
JavaLogger |
ESAPI Logger implementation which relays events to an Java delegate.
|
JavaLogLevelHandlers |
|
JavaScriptCodec |
Implementation of the Codec interface for backslash encoding in JavaScript.
|
KeyDerivationFunction |
This class implements a Key Derivation Function (KDF) and supporting methods.
|
KeyDerivationFunction.PRF_ALGORITHMS |
|
LegacyHTMLEntityCodec |
Deprecated. |
Log4JLogBridge |
Deprecated. |
Log4JLogBridgeImpl |
Deprecated. |
Log4JLogFactory |
Deprecated. |
Log4JLogger |
Deprecated. |
Log4JLoggerFactory |
Deprecated. |
Log4JLoggerFactory.EsapiLog4JWrapper |
|
Log4JLogLevelHandlers |
Deprecated. |
LogAppender |
Contract interface for appending content to a log message.
|
LogFactory |
The LogFactory interface is intended to allow substitution of various logging packages, while providing
a common interface to access them.
|
Logger |
The Logger interface defines a set of methods that can be used to log
security events.
|
Logger.EventType |
Defines the type of log event that is being generated.
|
LogPrefixAppender |
LogAppender Implementation which can prefix the common logger information for
EventType, Client data, and server data.
|
LogScrubber |
Contract interface for cleaning log message output.
|
MustMatchRule |
This is the Rule subclass executed for <must-match> rules.
|
MySQLCodec |
Codec implementation which can be used to escape string literals in MySQL.
|
MySQLCodec.Mode |
Specifies the SQL Mode the target MySQL Server is running with.
|
NewlineLogScrubber |
LogScrubber implementation which replaces newline and carriage return values.
|
NullSafe |
|
NumberValidationRule |
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
|
ObjFactory |
A generic object factory to create an object of class T.
|
OracleCodec |
Implementation of the Codec interface for Oracle strings.
|
Parameter |
A simple object to represent a name=value HTTP parameter.
|
PathExtensionRule |
This is the Rule subclass executed for <restrict-extension> rules.
|
PercentCodec |
Implementation of the Codec interface for percent encoding (aka URL encoding).
|
PlainText |
A class representing plaintext (versus ciphertext) as related to
cryptographic systems.
|
PolicyDTO |
The point of the loaders is to create this
|
PolicyParameters |
|
PreparedString |
A parameterized string that uses escaping to make untrusted data safe before combining it with
a command or query intended for use in an interpreter.
|
PushbackSequence<T> |
|
PushBackSequenceImpl |
The pushback string is used by Codecs to allow them to push decoded characters back onto a string
for further decoding.
|
PushbackString |
The pushback string is used by Codecs to allow them to push decoded
characters back onto a string for further decoding.
|
RandomAccessReferenceMap |
Reference implementation of the AccessReferenceMap interface.
|
Randomizer |
The Randomizer interface defines a set of methods for creating
cryptographically random numbers and strings.
|
RedirectAction |
The class that indicates the user should be redirected to another location.
|
ReferenceEncryptedProperties |
Reference implementation of the EncryptedProperties interface.
|
ReplaceContentRule |
This is the Rule subclass executed for <dynamic-insertion> rules.
|
RequestRateThrottleFilter |
A simple servlet filter that limits the request rate to a certain threshold of requests per second.
|
RestrictContentTypeRule |
This is the Rule subclass executed for <dynamic-insertion> rules.
|
RestrictUserAgentRule |
This is the Rule subclass executed for <restrict-user-agent> rules.
|
Rule |
This is the base class for the WAF rules.
|
RuleUtil |
This is a small utility class for use by Rule subclasses.
|
SafeFile |
Extension to java.io.File to prevent against null byte injections and
other unforeseen problems resulting from unprintable characters
causing problems in path lookups.
|
SecurityConfiguration |
The SecurityConfiguration interface stores all configuration information
that directs the behavior of the ESAPI implementation.
|
SecurityConfiguration.Threshold |
Models a simple threshold as a count and an interval, along with a set of actions to take if
the threshold is exceeded.
|
SecurityProviderLoader |
This class provides a generic static method that loads a
java.security.Provider either by some generic name
(i.e., Provider.getName() ) or by a fully-qualified class name.
|
SecurityWrapper |
This filter wraps the incoming request and outgoing response and overrides
many methods with safer versions.
|
SecurityWrapperRequest |
This request wrapper simply overrides unsafe methods in the
HttpServletRequest API with safe versions that return canonicalized data
where possible.
|
SecurityWrapperResponse |
This response wrapper simply overrides unsafe methods in the
HttpServletResponse API with safe versions.
|
ServerInfoSupplier |
Supplier which can provide a String representing the server-side connection
information.
|
SimpleVirtualPatchRule |
This is the Rule subclass executed for <virtual-patch> rules.
|
Slf4JLogBridge |
Contract for translating an ESAPI log event into an SLF4J log event.
|
Slf4JLogBridgeImpl |
Implementation which is intended to bridge the ESAPI Logging API into SLF4J supported Object structures.
|
Slf4JLogFactory |
LogFactory implementation which creates SLF4J supporting Loggers.
|
Slf4JLogger |
ESAPI Logger implementation which relays events to an SLF4J delegate.
|
Slf4JLogLevelHandlers |
Enumeration capturing the propagation of SLF4J level events.
|
StandardEsapiPropertyLoader |
Loader capable of loading single security configuration property from standard java properties configuration file.
|
StringUtilities |
String utilities used in various filters.
|
StringValidationRule |
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
|
Trie<T> |
|
Trie.TrieProxy<T> |
|
Trie.Unmodifiable<T> |
|
Trie.Util |
|
UnixCodec |
Implementation of the Codec interface for '\' encoding from Unix command shell.
|
User |
The User interface represents an application user or user account.
|
UserInfoSupplier |
Supplier which can provide a String representing the client-side connection
information.
|
ValidationAvailabilityException |
|
ValidationErrorList |
The ValidationErrorList class defines a well-formed collection of
ValidationExceptions so that groups of validation functions can be
called in a non-blocking fashion.
|
ValidationException |
A ValidationException should be thrown to indicate that the data provided by
the user or from some other external source does not match the validation
rules that have been specified for that data.
|
ValidationRule |
|
ValidationUploadException |
|
Validator |
The Validator interface defines a set of methods for canonicalizing and
validating untrusted input.
|
VBScriptCodec |
Implementation of the Codec interface for 'quote' encoding from VBScript.
|
WindowsCodec |
Implementation of the Codec interface for '^' encoding from Windows command shell.
|
XMLEntityCodec |
Implementation of the Codec interface for XML entity encoding.
|
XmlEsapiPropertyLoader |
Loader capable of loading single security configuration property from xml configuration file.
|