esapi-java-legacy
esapi-java-legacy copied to clipboard
ESAPI
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
### Describe the Issue This issue is here to collect any TODO type reminders that need to be done as a special _one-off_ for the current release. A new one...
Hi Everyone/Kevin, I'm building ESAPI develop from GitHub on Ubuntu 20.04, x86_64, fully patched. I'm also seeing this on Fedora 36, x86_64, fully patched. `mvn test` is failing: ``` $...
#745 We set the directory for locating the ESAPI.properties within our resources in the following way. ``` String` rd = findConfigurationDirectory(...); // = 2.2 in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCE_DIRECTORY.value() + fileName); ```...
Our project uses the esapi library, but only for the encoding tools. We don't use esapi logging. I recently upgraded from v2.1.0.1 to 2.5.0.0, and I noticed that now it...
If special characters ( 测试 ) are present in name of file, then the esapi validator fails to match the input. These characters are encoded when passed to validator, but...
``` //Place in EncoderTest public void testESAPIPercentEncoding() { String input = "%E2%84%A2"; String expected = "™"; Encoder e = ESAPI.encoder(); assertEquals(expected, e.canonicalize(input)); } ``` It seems that the uri encoder...
[Extracted from a post by @noloader to the ESAPI-Project-Users list on August 22, 2022.] **Describe the bug** It looks like Randomizer.java is providing random UUIDs. The reference given is dead.[1]...
We either need a separate ESAPI Encoder User Guide or a suitable wiki page (either on the GitHub repo or the OWASP wiki) or a GitHub 'Gist' to document how...
When `mvn test` is run with JDK 9 or later, there are multiple JUnit test failures. E.g., when using OpenJDK 11, here are the failures: ``` [ERROR] Tests run: 19,...
SecureRandom.getInstance(SHA1) is to generate a pseudorandom number sequence by continuously performing SHA1. The right way: Use SecureRandom.getInstanceStrong() to generate random numbers.
