Kevin W. Wall
Kevin W. Wall
@noloader - Wait, what? You're saying if you run `mvn -Dtest=org.owasp.esapi.reference.crypto.ReferenceEncryptedPropertiesTest test` that you get test failures under Linux for Java 8??? I get: `[INFO] Tests run: 10, Failures: 0,...
@noloader wrote: > ```shell > $ grep -IR 'This method has been removed for security' > src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java: throw new UnsupportedOperationException("This method has been removed for security."); > src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java: throw new...
No big deal about the test. Spotbugs found that? Huh. That must be a known issue with String.replaceAll() then. -kevin -- Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall NSA: All your crypto...
@xeno6696 Where do you think that such a new test should go? In `src/test/java/org/owasp/esapi/waf/MustMatchTest.java` perhaps? At this point (hopefully getting close to a release), I don't know enough about the...
@noloader - So, please explain what you mean by "Patched with dynamic detection"? You mean _in the test itself_? If so, can you point to the specific line #s or...
Long ago, in a galaxy far, far away, @xeno6696 scribed thusly: > The short answer is that all of these need to be rewritten with new versions of Power mock...
Weird. I run on Linux Mint 19.2, and I don't get that error. I just check our 'develop' branch ( https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java#L79) and that method is still present. We do know...
One possibility maybe we can leverage the maven-surefire-plugim to allow skipping of *specific* tests. Then you could just script that to ignore what is failing for you. That may require...
IIRC, the reason we excluded xalan in the first place was that had a log of unpatched known vulnerabilities and we didn't rely on any functionality in xom that used...
A few things... I'm fine with making the OWASP Java HTML Sanitizer the default sanitizer, but we still have to leave the AntiSamy sanitizer in place as a alternate configuration,...