我使用ESAPI jar进行验证。当我调用isValidInput(Context,input.trim(),ValidateConstant.APLHA_NUMERIC_TYPE,maxLength,true);或isValidInput(Context,input,ValidateConstant.NUMERIC_TYPE,maxLength,true); 并且特殊字符输入错误。 然后它会抛出一些像
org.owasp.esapi.errors.ValidationException: input: Invalid input. Please conform to regex ^[0-9]*$ with a maximum length of 15
at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)
at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:160)
at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:284)
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:214)
at org.owasp.esapi.reference.DefaultValidator.isValidInput(DefaultValidator.java:152)
at org.owasp.esapi.reference.DefaultValidator.isValidInput(DefaultValidator.java:143)
当我单独执行程序时会显示此信息。
如何在我的applicaion server.log文件中集成此Exception?
答案 0 :(得分:0)
IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions =日志,禁用注销
# rapid validation errors indicate scans or attacks in progress
# org.owasp.esapi.errors.ValidationException.count=10
# org.owasp.esapi.errors.ValidationException.interval=10
# org.owasp.esapi.errors.ValidationException.actions=log,logout
# sessions jumping between hosts indicates session hijacking
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
#===========================================================================
# ESAPI Validation
#
# The ESAPI Validator works on regular expressions with defined names. You can define names
# either here, or you may define application specific patterns in a separate file defined below.
# This allows enterprises to specify both organizational standards as well as application specific
# validation rules.