UNPKG

node-esapi

Version:

OSWASP ESAPI4JS encoders port to node module

68 lines (61 loc) 2.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
/* * OWASP Enterprise Security API (ESAPI) * * This file is part of the Open Web Application Security Project (OWASP) * Enterprise Security API (ESAPI) project. For details, please see * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>. * * Copyright (c) 2008 - The OWASP Foundation * * The ESAPI is published by OWASP under the BSD license. You should read and accept the * LICENSE before you use, modify, and/or redistribute this software. */ $namespace('Base.esapi.properties'); Base.esapi.properties = { application: { // Change this value to reflect your application, or override it in an application scoped configuration. Name: 'ESAPI4JS Base Application' }, httputilities: { cookies: { ForceSecure: true } }, logging: { Implementation: org.owasp.esapi.reference.logging.Log4JSLogFactory, Level: org.owasp.esapi.Logger.ERROR, // For a console that pops up in a seperate window // Appenders: [ new ConsoleAppender(true) ], // To log to a logging service on the server // Appenders: [ new AjaxAppender( '/log/' ) ], // Default to log nowhere Appenders: [ ], LogUrl: false, LogApplicationName: false, EncodingRequired: true }, encoder: { Implementation: org.owasp.esapi.reference.encoding.DefaultEncoder, AllowMultipleEncoding: false }, localization: { StandardResourceBundle: ESAPI_Standard_en_US, DefaultLocale: 'en-US' }, validation: { Implementation: org.owasp.esapi.reference.validation.DefaultValidator, AccountName: '^[a-zA-Z0-9]{3,20}$', SafeString: '[a-zA-Z0-9\\-_+]*', Email: '^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$', IPAddress: '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$', URL: '^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\\'\\/\\\\\\+=&amp;%\\$#_]*)?$', CreditCard: '^(\\d{4}[- ]?){3}\\d{4}$', SSN: '^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$', HttpScheme: '^(http|https)$', HttpServerName: '^[a-zA-Z0-9_.\\-]*$', HttpParameterName: '^[a-zA-Z0-9_]{1,32}$', HttpParameterValue: '^[a-zA-Z0-9.\\-\\/+=_ ]*$', HttpCookieName: '^[a-zA-Z0-9\\-_]{1,32}$', HttpCookieValue: '^[a-zA-Z0-9\\-\\/+=_ ]*$' } };