•  17-06-2021
  •  | 
  •  

Domanda

I'm trying to use OWASP ESAPI in my project. but the problem is owasp documentation is too complicated too me. I'm trying using validation from esapi but i can't get the results even if there's no error.

import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Validator;

public void security(String s) {
        System.out.println("connect 1");
        Validator instance = ESAPI.validator();
        System.out.println("connect 2");
        System.out.println(instance.isValidInput("test", "xxxxx@gmail.com", "Email", 100, false));
    }

Here's the results if i try to run it 3 times:

    connect 1
    Attempting to load ESAPI.properties via file I/O.
    Attempting to load ESAPI.properties as resource file via file I/O.
    Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.22\bin\ESAPI.properties
    Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
    Found in 'user.home' directory: C:\Users\xxxx\esapi\ESAPI.properties
    Loaded 'ESAPI.properties' properties file
    Attempting to load validation.properties via file I/O.
    Attempting to load validation.properties as resource file via file I/O.
    Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.22\bin\validation.properties
    Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties
    Found in 'user.home' directory: C:\Users\xxxx\esapi\validation.properties
    Loaded 'validation.properties' properties file
connect 1
connect 1

as you can see there's no error and the properties loaded properly. my problem is why it stopped there. why 'connect 2' not printed? and why the results of instance.isValidInput not printed too?

È stato utile?

Soluzione

For Validation I have used this code directly where so ever I need to validate the User Input.

String validatedAlertId = ESAPI.validator().getValidInput("alertId", alertId, "AlertIdRejex", 25, false);

You may have something like this.

    public String security(String s) {
            System.out.println("connect 1");
            valiDatedString = ESAPI.validator().getValidInput("test", "xxxxx@gmail.com", "Email", 100, false);                
            System.out.println("connect 2"+valiDatedString);
            return valiDatedString
        }

// CALLING CLASS/OBJECT

AAAA.security This code has worked for me. For net beans and its configuration for the properties file check out this url.

Altri suggerimenti

You have not correctly set up the ESAPI resources path in esapi configuration. Once you've done that you should be golden.

Try this link:

ESAPI Resource Directory setup

Good you are using ESAPI. Firstly, is the project a maven or eclipse or ant or some other? Every type has a specific location for both the properties file to be placed so that they get loaded at the runtime whenever the ESAPI is called for the first time. Go through the ESAPI instal guide avaible in the google. But from the logs its clear that both the files have loaded successfully. post the further logs which you may have in the file. Probably the issue is that you are validating and trying to get an email address using the method getVAlidInput() and using a wrong regex. post the complete regex code and exception logs from the file and console.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top