esapi-java-legacy
esapi-java-legacy copied to clipboard
ESAPI
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
Removing support for esapi-java-logging.properties file from baseline. ConfigurationException is thrown if file is found on the path at runtime. Exception message links to a wiki page with instructions on how...
#### Describe the bug JavaLogFactory.java's readLoggerConfiguration function throws ConcurrentModificationException at this line ```java if (System.getProperties().keySet().stream().anyMatch(propKey -> "java.util.logging.config.class".equals(propKey) || "java.util.logging.config.file".equals(propKey))) ``` in a multi-threaded environment when another thread is concurrently setting...
Currently we are using org.owasp.esapi:esapi:2.4.0.0 and we are trying to upgrade it to latest non-vulnerable version org.owasp.esapi:esapi:2.5.3.1. We are getting below exception: Apr 17, 2024 6:01:22 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE:...
Couple of bugs discovered with DefaultEncoder.getCanonicalizedURI(URI) where 1.) We weren't fully handling relative URLs 2.) A canonicalize call was occurring twice always, when logically the intent was to treat queries...
_From [[email protected]](https://code.google.com/u/108155155500833528712/) on April 20, 2011 02:52:37_ What steps will reproduce the problem? 1.Use Validator.validateInput method for some validation. some people are facing error 2. Error comes java.lang.NoClassDefFoundError: org/owasp/esapi/errors/EncodingException 3....
Per Issue #824 Discovered bug where `%2C&html=&&` should throw a MixedEncodingException but instead constructs a URL sequence of `,&html=null&=null&` Note that this does not result in an exploitable URL string,...
### Discussed in https://github.com/ESAPI/esapi-java-legacy/discussions/823 Originally posted by **krog78** January 19, 2024 Hi, DefaultEncoder / getCanonicalizedURI returns mix encoding for HTML special characters in query string (and does not seem to...
This PR adds the property "Logger.OmitEventTypeInLogs" that will make event type information not be prepended in log messages when set to true (default false).
**Describe the bug** decode method doesn't work proper for some strings **Specify what ESAPI version(s) you are experiencing this bug in** 2.5.2 **To Reproduce** https://github.com/ESAPI/esapi-java-legacy I am using the test...
For the branch 'develop', I intentionally left the pom.xml in a state where the default goal for the Dependency Check plugin is set to 'purge' rather than 'check'. That's just...
