Skip to content

Commit b108050

Browse files
kwwallkwwall
committed
Changed regex for Validation.HTTPHeaderName to allow 50 char header name for fix ESAPI#351.
1 parent 165a00d commit b108050

2 files changed

Lines changed: 6 additions & 4 deletions

File tree

configuration/esapi/ESAPI.properties

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -440,7 +440,8 @@ Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
440440
Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
441441
Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
442442
Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
443-
Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
443+
# Note that max header name capped at 150 in SecurityRequestWrapper!
444+
Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
444445
Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
445446
Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
446447
Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
@@ -456,4 +457,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
456457

457458
# Validation of dates. Controls whether or not 'lenient' dates are accepted.
458459
# See DataFormat.setLenient(boolean flag) for further details.
459-
Validator.AcceptLenientDates=false
460+
Validator.AcceptLenientDates=false

src/test/resources/esapi/ESAPI.properties

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -440,7 +440,8 @@ Validator.HTTPScheme=^(http|https)$
440440
Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
441441
Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
442442
Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
443-
Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
443+
# Note that max header name capped at 150 in SecurityRequestWrapper!
444+
Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
444445
Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
445446
Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
446447
Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
@@ -462,4 +463,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
462463

463464
# Validation of dates. Controls whether or not 'lenient' dates are accepted.
464465
# See DataFormat.setLenient(boolean flag) for further details.
465-
Validator.AcceptLenientDates=false
466+
Validator.AcceptLenientDates=false

0 commit comments

Comments
 (0)