FuseGuard Logo

fuseguard.components.filters
Component ScopeInjectionFilter

filters.BaseFilter
  |
  +--filters.ScopeInjectionFilter

This filter validates that input variables names dont use scopename.

Method Summary
public array getConfigurables()
          Returns a list of configurable properties
public string getDescription()
public boolean getIgnorePrefixList()
          Returns true if strictMode is enabled see setStrictMode
public string getName()
public boolean getStrictMode()
          Returns true if strictMode is enabled see setStrictMode
public string getThreatCategory()
          Returns validation
public numeric inspectRequest()
public numeric inspectVariable([variableName scope], [any varName], [any value])
public void setIgnorePrefixList(string prefixList)
          A list of prefixes that are allowed, eg fusebox,foo allows input variable names like fusebox.x and foo.x
public void setStrictMode(boolean strictMode)
          When set to true any variable with a dot in its name is blocked

Methods inherited from filters.BaseFilter
setAllowURIList, blockEnabled, ignoresVariable, setIgnoreURIList, setScopes, inspectsRequestBody, inspectsCGIScope, inspectsUrlScope, setFilterLevel, setAllowDenyOrder, filterVariables, denyURI, getFilterID, inspectsRequest, setFilterWhitelist, ignoreVariable, ignoreURI, getHelp, init, inspectVariables, getFilterComponent, getRequestLogMessageDetail, inspectsCookieScope, allowURI, setLogLevel, getBlockLevel, inspectsURI, logEnabled, hasIPWhiteList, getFilterInstanceName, filterEnabled, filterRequest, getIPWhiteListProvider, setFilterID, getFilterLevel, inspectResponse, logOnly, setIgnoreVariableList, setRequestLogMessage, setBlockLevel, setFilterInstanceName, inspectsFormScope, getLogLevel, getRequestLogMessage, getFirewall
 

Method Detail

getConfigurables

public array getConfigurables()
Returns a list of configurable properties


getDescription

public string getDescription()

getIgnorePrefixList

public boolean getIgnorePrefixList()
Returns true if strictMode is enabled see setStrictMode


getName

public string getName()

getStrictMode

public boolean getStrictMode()
Returns true if strictMode is enabled see setStrictMode


getThreatCategory

public string getThreatCategory()
Returns validation


inspectRequest

public numeric inspectRequest()

inspectVariable

public numeric inspectVariable([variableName scope], [any varName], [any value])
Parameters:
[variableName scope]
[any varName]
[any value]

setIgnorePrefixList

public void setIgnorePrefixList(string prefixList)
A list of prefixes that are allowed, eg fusebox,foo allows input variable names like fusebox.x and foo.x

Parameters:
string prefixList

setStrictMode

public void setStrictMode(boolean strictMode)
When set to true any variable with a dot in its name is blocked

Parameters:
boolean strictMode