How to get started with ESAPI out of a servlet container -
could give considerations started using esapi on no-web context? came little test validates string defaultvalidator.isvalidcreditcard, got web-container dependency errors.
the following method consumed junit test:
@override public validationerrorlist creditcard(string value) { this.value = value; validationerrorlist errorlist = new validationerrorlist(); try { isvalid = validator.isvalidcreditcard(null, value, false, errorlist); }catch(exception ie){ system.out.println(">>> ccvalidator: [ " + value + "] " + ie.getmessage()); messages = (arraylist) errorlist.errors(); } return messages; }
this error (relevant part) of course i'm not running in container:
attempting load esapi.properties via file i/o. attempting load esapi.properties resource file via file i/o. found in 'org.owasp.esapi.resources' directory: c:\foundation\validation\providers\esapi\esapi.properties loaded 'esapi.properties' properties file attempting load validation.properties via file i/o. attempting load validation.properties resource file via file i/o. found in 'org.owasp.esapi.resources' directory: c:\foundation\validation\providers\esapi\validation.properties loaded 'validation.properties' properties file securityconfiguration encoder.allowmixedencoding not found in esapi.properties. using default: false securityconfiguration encoder.allowmixedencoding not found in esapi.properties. using default: false javax/servlet/servletrequest java.lang.noclassdeffounderror: javax/servlet/servletrequest @ java.lang.class.forname0(native method) @ java.lang.class.forname(class.java:264) @ org.owasp.esapi.util.objfactory.make(objfactory.java:74) @ org.owasp.esapi.esapi.httputilities(esapi.java:121) @ org.owasp.esapi.esapi.currentrequest(esapi.java:70) @ org.owasp.esapi.reference.log4jlogger.log(log4jlogger.java:434) ...
calls esapi..xxxmethods() raise dependency errors.
any advice started appreciate.
best,
jose
esapi has servlet filter api requires javax.servlet.servletrequest
on classpath. esapi owned owasp --> "open web application security project." therefore, esapi designed web applications in mind.
if you're not writing web application, either console application or rich client application. if don't expect use connect outside world, main secure practices need worry ensuring use safely parameterized queries, , data passed application source connected outside world escaped. that, thing need owasp's encoder project.
Comments
Post a Comment