|
| 1 | + |
| 2 | +# Solution for Issue #126: Global HTTP Validation Rules -> some possible improvements |
| 3 | + |
| 4 | +**Repository:** ESAPI/esapi-java-legacy |
| 5 | +**Issue URL:** https://github.com/ESAPI/esapi-java-legacy/issues/126 |
| 6 | +**Difficulty:** Medium |
| 7 | +**Estimated Time:** 2-4 hours |
| 8 | + |
| 9 | +## Issue Summary |
| 10 | +_From [wettstei...@gmail.com](https://code.google.com/u/108417551973747153004/) on April 20, 2010 04:06:42_ |
| 11 | + |
| 12 | +I'm a thankful user of the SafeRequest (1.4, in 2.0 |
| 13 | +SecurityWrapperRequest) which offers a very good protection against various |
| 14 | +kinds of injection attacks. |
| 15 | + |
| 16 | +I have some suggestions for improvements concerning the regular expressions |
| 17 | +in use. |
| 18 | + |
| 19 | +Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$ |
| 20 | +I would add the "-", since some frameworks (like DisplayTag) create |
| 21 | +ParameterNames of the kind "d-32... |
| 22 | + |
| 23 | +## Solution Approach |
| 24 | +1. Reproduce the bug locally |
| 25 | +2. Add test case that fails with current code |
| 26 | +3. Implement fix to make test pass |
| 27 | +4. Verify fix doesn't break existing tests |
| 28 | + |
| 29 | +## Files to Modify |
| 30 | +- Test files |
| 31 | + |
| 32 | +## Testing Strategy |
| 33 | +Add regression test that fails before fix and passes after |
| 34 | + |
| 35 | +## Implementation Steps |
| 36 | + |
| 37 | +### Step 1: Setup |
| 38 | +```bash |
| 39 | +# Clone the repository |
| 40 | +git clone https://github.com/ESAPI/esapi-java-legacy.git |
| 41 | +cd esapi-java-legacy |
| 42 | + |
| 43 | +# Create a new branch for this issue |
| 44 | +git checkout -b fix-issue-126 |
| 45 | + |
| 46 | +# Install dependencies (adjust based on project) |
| 47 | +# pip install -r requirements.txt # For Python |
| 48 | +# npm install # For JavaScript |
| 49 | +``` |
| 50 | + |
| 51 | +### Step 2: Implement Solution |
| 52 | +- [ ] Read and understand the codebase structure |
| 53 | +- [ ] Locate the relevant files |
| 54 | +- [ ] Implement the fix/feature |
| 55 | +- [ ] Follow code style guidelines of the project |
| 56 | + |
| 57 | +### Step 3: Testing |
| 58 | +- [ ] Run existing tests: `pytest` / `npm test` |
| 59 | +- [ ] Add new tests if needed |
| 60 | +- [ ] Verify all tests pass |
| 61 | + |
| 62 | +### Step 4: Submit Pull Request |
| 63 | +```bash |
| 64 | +# Commit changes |
| 65 | +git add . |
| 66 | +git commit -m "Fix #126: Global HTTP Validation Rules -> some possible improvements" |
| 67 | + |
| 68 | +# Push to your fork |
| 69 | +git push origin fix-issue-126 |
| 70 | + |
| 71 | +# Create PR on GitHub with description referencing issue |
| 72 | +``` |
| 73 | + |
| 74 | +## Pull Request Description Template |
| 75 | +``` |
| 76 | +Fixes #126 |
| 77 | +
|
| 78 | +## Changes |
| 79 | +- Describe what you changed |
| 80 | +
|
| 81 | +## Testing |
| 82 | +- How you tested the changes |
| 83 | +
|
| 84 | +## Checklist |
| 85 | +- [ ] Code follows project style guidelines |
| 86 | +- [ ] Tests added/updated and passing |
| 87 | +- [ ] Documentation updated if needed |
| 88 | +``` |
| 89 | + |
| 90 | +--- |
| 91 | +Generated by GitHub Issue Solver |
| 92 | +2026-01-29 22:24:59 |
0 commit comments