ESAPI Specification

From OWASP
Revision as of 00:29, 16 June 2011 by Chris Schmidt (Talk | contribs)

Jump to: navigation, search

Contents

Migration Strategy

  • ESAPI 2.1
    • Create new package org.owasp.esapi.core
    • Create new set of Interfaces in new package with each extending it's org.owasp.esapi counterpart
    • Deprecate methods in org.owasp.esapi Interfaces
  • ESAPI 2.5
    • Remove deprecated methods that were deprecated at or before ESAPI 2.0
    • Introduce new ServiceLocator API
  • ESAPI 3.0
    • Seperate Core API into it's own artifact/project called ESAPI-Core
    • Create new set of artifacts as outlined in ESAPI_Project_Structure
    • Introduce Core API Testing Suite

Core API

AccessController

Changes from ESAPI 2.0

  • Removed deprecated methods
  • Added Generic Stereotypes to the Key and Context parameters)

<Key,Context> void assertAuthorized(Key key, Context context)

<Key,Context> boolean isAuthorized(Key key, Context context)

AccessReferenceMap<Key>

<Type> Key addDirectReference(Type direct)

<Type> Type getDirectReference(Key key)

<Type> Key getIndirectReference(Type directReference)

<Type> Key removeDirectReference(Type directReference)

<Type> void update(Set<Type> directReferences)

Authenticator

User login() throws AuthenticationException

void logout() throws AuthenticationException

Codec

String encode(char c)

String decode(String s)

Encoder

String encode(String s)

String decode(String s)

void addCodec(Codec c)

Set<Codec> getCodecs()

void setCodecs(Set<Codec> codecs)

Encryptor

PlainText decrypt(CipherText cipherText, SecretKey secretKey) throws EncryptionException

CipherText encrypt(PlainText plainText, SecretKey secretKey) throws EncryptionException

MessageDigest hash(PlainText plainText, Salt salt, Integer iterations) throws EncryptionException

String seal(String data, Long timestamp) throws EncryptionException

String sign(String data) throws EncryptionException

String unseal(String sealedData) throws EncryptionException

void verifySeal(String sealedData) throws DataIntegrityException

void verifySignature(String signature, String data) throws InvalidSignatureException

Executor

ExecutorResult executeSystemCommand(ExecutorTarget target, Encoder encoder) throws ExecutionException

ExecutorResult

String getErrorOutput()

String getStandardOutput()

Integer getExitValue()

ExecutorTarget

Resource getExecutable()

Resource getWorkingDirectory()

OrderedMap<String,String> getParameters()

IntrusionDetector

void addEvent(String eventName, String message)

void addException(Throwable exception)

LogFactory

Still thinking this one through

Logger

Still thinking this one through

Randomizer

Boolean getRandomBoolean()

Byte[] getRandomBytes(Integer len)

String getRandomFilename(String extension)

String getRandomUUID()

Integer getRandomInteger(Integer min, Integer max)

Long getRandomLong(Long min, Long max)

Float getRandomReal(Float min, Float max)

String getRandomString(Integer len, char[] charSet)

Resource

<Native> FileHandle getHandle()

ServiceLocator

User

<Type> Type getAccountID()

String getAccountName()

Long getExpirationTime()

Integer getFailedLoginCount()

Long getLastFailedLoginTime()

String getLastHostAddress()

Long getLastLoginTime()

Long getLastPasswordChangeTime()

String getLocale()

Set<String> getRoles()

String getScreenName()

Boolean isAnonymous()

Boolean isEnabled()

Boolean isExpired()

Boolean isInRole(String role)

Boolean isLocked()

Boolean isLoggedIn()

Validator

<Type> Boolean isValid(Type data)

<Type> void assertValid(Type data)