I use Code First approach and want to use DataAnnotation (or any other way, i.e. Fluent API) to specify allowed format of text. I.e. I want to use RegularExpressions to validate it etc. I want to do it on Data layer (not on client), I want to see constraints in SQL.
Is it possible?
If you are asking if you can see the regular expression constraint show up on the SQL Server side, the answer is no, SQL Server doesn't support Regex. If you want the EF engine to run validation for a DataAnnotation for a regular expression before it hits the database, then yes you can.
[System.ComponentModel.DataAnnotations.RegularExpression]
Related
I'm attempting to create a form step where one of the form step items is an email input. For this I want to validate the email against certain domains i.e.
#gmail.com, #icloud.com, #me.com
I can see we have an email answer format in the form of this:
ORKEmailAnswerFormat()
However I can't see anywhere in this type that allows me to apply a validation regex. Looking into this I see we have the following
ORKAnswerFormat.textAnswerFormatWithValidationRegex(validationRegex, invalidMessage)
I suppose this is my best option? If so, would anyone know of a regex (my regex isn't the greatest!) in swift that would handle the 3 domains stated above?
I have something like this...(not the greatest i know!)
[A-Z0-9a-z._%+-]+#gmail.com
[A-Z0-9a-z._%+-]+#(?:icloud|me|gmail)\.com
(or, if you don't care about capturing:)
[A-Z0-9a-z._%+-]+#(icloud|me|gmail)\.com
Now I made two modifications. I escaped the . and I made it so that the other two domains are options.
I suggest that you convert the whole thing to lower case. I don't know Swift, but you may be able to use one of its functions or the i modifier:
(?i)[0-9a-z._%+-]+#(icloud|me|gmail)\.com
I am interested in the possibility of providing a set of validation rules for user input values.
So for example a textbox called 'Today' might require a rule that looks something like
IsADate() and (Value >= Date())
My problem is that nobody can tell me what rules are needed. In order to deliver a solution I need users to be able to decide for themselves what rules they want.
It occurred to me I could create a database table containing a separate field for each input - each field having a user-definable check constraint and data type, but this is too limiting (in terms of how many rules I can define)
I could allow the users a UI which would effectively allow them to provide a where clause which then executes a select count(*) from dual where <plugin logic>
And then I started to think I am just database-obsessed.
Any thoughts?
I did something similar using application code and business logic. If you create a token parser based on some of your common business objects that you can load and evaluate for various views or forms then you can start to create a collection of custom variables.
#Date.CurrentDate
#Date.LastQuarter
#Customer.LastInvoiceNumber
#Customer.ZipCode
#Customer.MaxNumberOfOrderItems
If you expose your tokens in a list of rules for a particular field you can build a custom component that will let users build expressions like.
Value [ Greater Than ] [ #Customer.LastOrderNumber ] [ AND ]
Value [ Starts With ] [ #Customer.CustomerID ]
In my opinion this would be more flexible than using sql for validation.
If users have limited of Delphi / Pascal syntax knowledge, a quick solution is to let them create the validation as a pascal function, and use TJvInterpreter from JCL library.
Easy to use, simple to implement, that's a good work around !
Reference:
http://jvcl.delphi-jedi.org/JvInterpreter.htm
I have two questions regarding Fortify.
1 - Lets say I have a windows forms app, which asks for a username
and password, and the name of the textbox for password is
texboxPassword. So in the designer file, you have the following,
generated by the designer.
//
// texboxPassword
//
this.texboxPassword.Location = new System.Drawing.Point(16, 163);
this.texboxPassword.Name = "texboxPassword";
this.texboxPassword.Size = new System.Drawing.Size(200, 73);
this.texboxPassword.TabIndex = 3;
Fortify marks this as a password in comment issue. How can I suppress this by creating a custom rule? I don't want to suppress the whole issue because I still would like to catch certain patterns (such as password followed by = or : in comments) but the blanket search where any line that contains password is flagged is creating so many false positives. I looked into creating a structural rule but could not figure out how to remove the associated tag (where can I find the tag for password in comment anyways?)
2 - Let's say I have a custom UI control. This control html encodes everything and in my context, it is good enough to avoid XSS. Needless to say, it is being flagged by Fortify. How can I suppress XSS when I have a certain control type in my UI and all of its methods are safe for XSS (they sanitize) in my context? I have tried a DataflowCleanseRule (with a label just to test the concept) and wanted to mark get_Text() and set_Text() as sanitizer functions, but it did not make a difference and Fortify still flagged it for XSS.
<DataflowCleanseRule formatVersion="3.16" language="dotnet">
<RuleID>0D495522-BA81-440E-B191-48A67D9092BE</RuleID>
<TaintFlags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION</TaintFlags>
<FunctionIdentifier>
<NamespaceName>
<Pattern>System.Web.UI.WebControls</Pattern>
</NamespaceName>
<ClassName>
<Pattern>Label</Pattern>
</ClassName>
<FunctionName>
<Pattern>_Text</Pattern>
</FunctionName>
<ApplyTo implements="true" overrides="true" extends="true"/>
</FunctionIdentifier>
<OutArguments>return</OutArguments>
</DataflowCleanseRule>
Thank you in advance for your help
This is parsed using regular expressions. Unless you think you are able to create a regular expression that can parse human language properly, I would leave it alone and just audit it as not an issue.
The Pattern tag uses a java regular expression in the body, so should be used as user2867433 suggested. However, you stated
This control html encodes everything and in my context, it is good enough to avoid XSS
If you are going to use a custom rule, this has to assume that it will work in EVERY context, as say in the future somebody writes a piece of code that uses get_Text and then places this directly into a piece of JavaScript, html encoding will do NOTHING to stop the XSS problem here. I would advise again to audit this as not an issue or a false positive due to the validation used and explain why it's good enough in that context
Within "Pattern" you can use Java-Regex. So it should work if you use [gs]et_Text
I would like to speed up some of my admin-generated modules by hydrating doctrine results with Doctrine::HYDRATE_ARRAY. Is this a good idea? How can I do it?
I don't think that you can do it that easy. All calls in the default admin generator theme use the Doctrine object (i.e. $model->id, and not $model['id']. To use arrays you would probably need to recreate the default theme, as well all calls that retrieve the objects.
Oh, and also the Admin Generator uses the generated forms as it's base for generating the displayed forms.
You would probably be better off optimizing other ways. Make sure you have to correct client side caching headers, optimize the sfViewCacheManager on the server side, use APC, use the doctrine query cache, etc...
This could include some more custom work (for example leveraging the view cache manager), but significantly easier to implement.
I agree with Grad van Horck. Also, make sure your index pages are using the minimum number of queries (easy to see in the development environment's web toolbar). Most of my modules are much more efficient after I create custom table_methods with the proper table joins and also include ONLY the fields I need to have loaded into the object.
Im trying to integrate a content filtering API. My plan was to use pre/post validators but I've lost may way somehow.
What i need to do is send the values to the content filtering service. If the response comes back that the content has been filtered it will also return a modified value for the field (basic profanity filtering... matches are replace with asterisks). Thats all well and good i can throw validation errors no problem - simple stuff.
However i dont want just throw errors. What needs to happen is that validation errors are thrown as normal, but the values are modified in the form for re-display.
Basically if someone posts something naughty i want them to get a validation error saying their post has been modified, they can re-submit the now "clean" post, or they can go about editing it to make it clean without the word replacements.
But do clean on a validator either throws an error OR returns cleaned values, not both. How can i go about implementing both? This will be used on many different forms with many different field names, so modifying methods on the form or a form base class isnt really an option - it needs to happen in the validation sub-framework somehow.
You can adjust this plugin for your needs http://www.symfony-project.org/plugins/WebPurifyPlugin