Issue ESAPI#403 -- uncovered the last magic number calls. This part of the issue is done!

Author: xeno6696

src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java

@@ -872,10 +872,11 @@ public void setCurrentHTTP(HttpServletRequest request, HttpServletResponse respo
      */
     public void setHeader(HttpServletResponse response, String name, String value) {
         try {
+        	SecurityConfiguration sc = ESAPI.securityConfiguration();
             String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
             String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 50, false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", 500, false);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
             response.setHeader(safeName, safeValue);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);

src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java

@@ -1063,7 +1063,7 @@ public boolean getForceSecureCookies() {
 	 * {@inheritDoc}
 	 */
 	public int getMaxHttpHeaderSize() {
-        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096 );
+        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096);
 	}
 
     /**

src/main/java/org/owasp/esapi/reference/DefaultValidator.java

@@ -1097,14 +1097,16 @@ public String getValidPrintable(String context, String input,int maxLength, bool
 	 * Returns true if input is a valid redirect location.
 	 */
 	public boolean isValidRedirectLocation(String context, String input, boolean allowNull) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull);
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
+		return ESAPI.validator().isValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull);
 	}
 
         /**
 	 * Returns true if input is a valid redirect location.
 	 */
 	public boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull, errors);
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
+		return ESAPI.validator().isValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull, errors);
 	}
 
 
@@ -1113,7 +1115,8 @@ public boolean isValidRedirectLocation(String context, String input, boolean all
 	 * will generate a descriptive IntrusionException.
 	 */
 	public String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
-		return ESAPI.validator().getValidInput( context, input, "Redirect", 512, allowNull);
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
+		return ESAPI.validator().getValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull);
 	}
 
 	/**

src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java

@@ -475,5 +475,8 @@ public void defaultPropertiesTest(){
 //		# Maximum size of HTTP header value--the validator regex may have additional values. 
 //		HttpUtilities.MaxHeaderValueSize=4096
 		assertEquals(4096, sc.getIntProp("HttpUtilities.MaxHeaderValueSize"));
+//		# Maximum length of a redirect 
+//		HttpUtilities.maxRedirectLength=512
+		assertEquals(512, sc.getIntProp("HttpUtilities.maxRedirectLength"));
 	}
 }

src/test/resources/esapi/ESAPI.properties

@@ -339,6 +339,8 @@ HttpUtilities.MaxHeaderValueSize=4096
 HttpUtilities.HTTPJSESSIONIDLENGTH=50
 # Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
 HttpUtilities.URILENGTH=2000
+# Maximum length of a redirect 
+HttpUtilities.maxRedirectLength=512
 # Maximum length for an http scheme
 HttpUtilities.HTTPSCHEMELENGTH=10
 # Maximum length for an http host