0

I need to accept resume content as a text and process the content. Before processing I thought of using ESAPI.validator().isValidInput to validate the resume content to confirm it doesn't contain malicious code. One of the parameters for isValidInput is regex expression to be validated against the input. Please help me to write a regex for resume content.

Pramod CA
  • 47
  • 3
  • 11
  • What have you tried so far? Give an example of what you are searching for and an example of what you would be searching. –  Aug 02 '12 at 09:38
  • My intent is to have a regular expression for text (in particular resume as a text). – Pramod CA Aug 02 '12 at 09:46
  • @Sean Kenyy: I am not sure what to write for resume text as it could contain all special characters, what i am interested is in to avoid any malicious code that could be an attack. Ex: xss attack. – Pramod CA Aug 02 '12 at 09:52
  • Regular Expressions are possibly not the right way of approaching this then. Certainly not if you are not highly familiar with them. It would have to be very large and impractical to encompass every possible language. If you have a good antivirus, it should do this for you. –  Aug 02 '12 at 09:59

1 Answers1

0

You could try demanding the upload to be in a specific file format e.g .txt .

A regex for this could be: \w:\\(.+\\)*?(.+\.txt)

I say .txt as a plain text file should be less likely to have embedded malicious code. Searching the actually text of a file isn't really your problem, an attack is more likely to come from a simultaneous upload.

  • Providing file upload is one of the option i already have in the application which accepts certain formats, beside that, i have text area which accepts resume text, hence my only concern is that it shouldn't accept any malicious code, which could damage the system. Apart from antivirus scan, do you have any other suggestions. – Pramod CA Aug 02 '12 at 11:02
  • Could any one give suggestions to make sure that the text area content doesn't contain malicious code. – Pramod CA Aug 08 '12 at 05:51
  • 1
    If it is in the text content, it shouldn't compile and/or run so there shouldn't be a problem. –  Aug 08 '12 at 08:11