Input Validation

TOS validates data in many fields in SecureTrack and SecureChange such as user names and email addresses. If a field contains invalid information, you will not be able to create or modify the field until the invalid information has been corrected.

Field Requirement Max characters

Access Type

Support only the following values: allow only, block only, allow all, block all

Tip: Restrict using enum.

N/A

Description

Should not contain:

  • XML or programming language tags such as <SCRIPT>

  • HTML attributes such as <div attr="...>

500

Destination

Standard characters, including digits 0-9, the following special characters: . - and cannot start or end with a dash (-)

63

Domain

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

Tip: Use the same pattern as for Zone Name in SecureTrack.

255

Email (SecureChange)

Standard email address format ([email protected]).

  • Username supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # / = ! ^ $ * ?

  • Domain is a list of dot-separated DNS labels. Each label consisting of uppercase and lowercase Latin characters (A-Z and a-z), digits 0-9 provided that top-level domain name is not all-numeric, and hyphen (-), provided that a hyphen is not the first or last character.

 255

Export Reports, User Name (SecureTrack)

Standard Unix user name format; standard characters, including digits 0-9, and the following special characters: _ -

32

First Name and Last Name (SecureChange)

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

Flows

Can be empty or one of the following values: HOST_TO_HOST, SUBNET_TO_HOST, HOST_TO_SUBNET

Tip: Restrict using enum.

N/A

New Object Service Comment (SecureTrack)

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

Cannot contain HTML code, JavaScript elements, XML, or programming language tags.

255

New Object Service Name (SecureTrack)

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

63

New Object Source or Destination Comment (SecureTrack)

Cannot contain HTML code, JavaScript elements, XML, or programming language tags.

255

Notes

Should not contain:

  • XML or programming language tags such as <SCRIPT>
  • HTML attributes, such as <div attr="...>
  • JavaScript URLs, such as http://example.org/foo.html?redirect
 4096

Password

Cannot contain spaces

128

Phone (SecureChange)

Standard phone number format. For details, see RFC 3966. Cannot contain alphabetic characters corresponding to digits.

31

Root URL in Host

Standard characters, including digits 0-9, the following special characters: = ! ^ + @ # $ % & * + and must start with a /

 

Rule Properties

List of properties separated by a ';'.

Note: Do not use { } characters.

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

Services/Applications

List of services/applications separated by a ';'.

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

Severity

Support only the following values: critical, high, medium, low

Tip: Restrict using enum.

N/A

Ticket subject (SecureChange)

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

TicURLs

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

User Email address (SecureTrack)

Standard email address format ([email protected]).

  • Username supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # / = ! ^ $ * ?

  • Domain is a list of dot-separated DNS labels. Each label consisting of uppercase and lowercase Latin characters (A-Z and a-z), digits 0-9 provided that top-level domain name is not all-numeric, and hyphen (-), provided that a hyphen is not the first or last character.

255

User First Name and Last Name (SecureTrack)

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

User Name (SecureChange)

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

63

Workflow Description (SecureChange)

Should not contain:

  • XML or programming language tags such as <SCRIPT>
  • HTML attributes, such as <div attr="...>
  • JavaScript URLs, such as http://example.org/foo.html?redirect

4096

Workflow Property First Name, and Last Name (SecureChange)

 Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

Zone Names (SecureTrack)

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

255

Zone Patterns

Supports standard characters in all Unicode-supported languages, including digits 0-9, and the following special characters: + - _ # @ . : / = ! ^ ( ) , [space]

Tip: Use the same pattern as for Zone Name in SecureTrack.