Overview of data validation
The application provides the Data Validation function for validating and sanitizing request inputs and outputs.
You can use the Data Validation function to allow only explicitly defined characters in the input and output requests, and drop all the other data. You can define your own validation rules for validating different request parameters. You can also encode data before you send it back to the user interface (UI).
Data validation or sanitization can be done for various kinds of inputs such as parameter name, parameter value, cookie name, cookie value. The application also supports regular expression-based validation.
Input validator
The Input Validator finds all the validation rules that are registered for a particular input, and validates. The Validator is called by a request wrapper to validate request inputs.
By default, to validate request inputs such as parameter value, parameter name, the Input Validator uses the regular expressions that are provided by the application. The application-shipped regular expressions are defined in the regularexpressions/sc_regularexpressions.xml file (located inside the <runtime_sandbox>/jar/platform_afc/5_7/platform_dv.jar).
Validation rule
A validation rule validates and sanitizes the input. A validation rule contains a property as input identifier for which validation must happen. A validation is started whenever the corresponding input request is accessed. A validation rule must specify the name of the input, it must validate. For example, to validate the value of a parameter, the validation rule must specify the name of that particular parameter. Multiple inputs with the same name can exist. All the validation rules must be registered with the Input Validator to validate the corresponding input.
Some validation rules are provided by the application. The application-shipped validation rules are defined in the validationrules/sc_validationrules.xml file (located inside the <runtime_sandbox>/jar/platform_afc/5_7/platform_dv.jar). These validation rules are started for all the inputs that belong to the same category. For example, all the HTTP Header names are validated against the HTTPHeaderName regular expression.
- Regular Expression-Based Validation Rule - This type of validation rule is designed to do regular expression-based validations. This validation rule type supports multiple allowlist and blocklist regular expressions.
- Java Based Validation Rule - This type of validation rule is designed to do Java based validation and sanitization of inputs. This validation rule type validates an input and then calls the getValidInput() method of the implementation class.