BaseValidationRule.assertValid(String context, String input) causes NPE if input is not valid.

[meg23]

From [email protected] on December 30, 2010 18:12:59

What steps will reproduce the problem? 1. Invoke BaseValidationRule.assertValid(String context, String input) What is the expected output? What do you see instead? Expected output is either a successful return or a thrown ValidationException. Received output is a NullPointerException when input is not valid.

Version: 2.0_rc10 Please provide any additional information below. This problem is due to assertValid passing a null ValidationErrorList into the three argument getValid(String context, String input, ValidationErrorList errorList)- this method assumes that errorList is not null and will attempt to add the validation error to the list instead of throwing it. (See attached JUnit 4 Test Case)

Attachment: ESAPIBugReportTest.java

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=195

[meg23]

From [email protected] on December 30, 2010 15:18:59

I've attached what I think is an acceptable approach to resolving this issue.. sorry it's not in patch format.

Attachment: Patched_java.txt

[meg23]

From [email protected] on December 30, 2010 15:37:47

Rethinking my suggestion... (Though it probably needs to be done anyways). assertValid should probably call getValid(String, String) instead of getValid(String, String, ValidationErrorList).

[meg23]

From [email protected] on September 22, 2014 18:54:23

Labels: FirstBug

[meg23]

From [email protected] on September 26, 2014 20:12:00

Labels: Component-Validator

[kwwall]

Any fix will need to include suitable JUnit test(s) to demonstrate that it is fixed.