Comments (9)
We need more information to help you with this. What version of ESAPI are you using? What does your ESAPI.Logger property file say? It needs to be org.owasp.esapi.logging.java.JavaLogFactory
. If it says that, you are picking up a different ESAPI.properties file then the one you are intending to use (e.g., there may be one bundled as a resource in another direct or transitive jar that Maven pulls in) or some other dependency has made a direct reference to org.owasp.esapi.reference.JavaLogFactory
. Maybe run '`mvn -B dependency:tree` and check the output. If are you using any some dependency (e.g., OpenSAML, Shibboleth, etc.) that might be using a old version of ESAPI, that could be causing the problem.
from esapi-java-legacy.
thanks a lot @kwwall got it worked at last ,we need to add Easpi.properties file based on the same version what you have released
from esapi-java-legacy.
in a project how can we run this java -Dorg.owasp.esapi.logSpecial.discard=true
from esapi-java-legacy.
@kwwall can you please help with this, i will be waiting for your reply.
from esapi-java-legacy.
so -D has to be added however your application runs on your machine.
If you run in command line:
java -Dorg.owasp.esapi.logSpecial.discard=true myApp.jar
Otherwise if its running tomcat or Jetty locally you need to check your webserver's documentation as to how to pass in "-D" properties.
Tomcat is here, if using something else this should help your google-fu: https://stackoverflow.com/questions/372686/how-can-i-specify-system-properties-in-tomcat-configuration-on-startup
from esapi-java-legacy.
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
So this issue isn't that the file isn't being found, it's that you have features not working. The only time I've ever encountered this is if there's another copy of ESAPI loaded into the application context.
Coldfusion for example uses ESAPI, so if your app is running coldfusion, because ESAPI is a singleton, your app's version will have all sorts of problems.
I would investigate if your app deployment environment has a dependency on ESAPI. IF that is the case, the only solution I'm aware of would be to get access to the app environment's instance of ESAPI.
from esapi-java-legacy.
Otherwise, without a project duplicating your behavior that Kevin or I can just clone and run locally, there isn't much to go on here.
from esapi-java-legacy.
One important observation: Looks as though you perhaps promoted a previous version of ESAPI.properties without carefully reading the release notes when you upgraded your ESAPI version. Why do I think that? Because of this in your exception stack trace:
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
Note that it is referring to org.owasp.esapi.reference.JavaLogFactory
, but that class name was moved to a different package long ago. Find your ESAPI.properties file, look for your ESAPI.Logger property, and change the value from org.owasp.esapi.reference.JavaLogFactory
to org.owasp.esapi.logging.java.JavaLogFactory
and that will likely fix your problem.
Note more details are given at https://github.com/ESAPI/esapi-java-legacy/wiki/Configuration-Reference:-JavaLogFactory
from esapi-java-legacy.
@kwwall i used maven dependency added in project , and easpi.properties that all i downloaded from github EASPI legacy and added in resource folder , after using that sanitize parameter it is giving error, please give me the proper solution
from esapi-java-legacy.
Related Issues (20)
- canonicalize sees entity which isn't there HOT 7
- ESAPI excludes transitive dependency xalan from xom, but does not include it itself HOT 2
- Logs printed using println() are always printed and no option to disable them. HOT 2
- Insecure default signature key length HOT 3
- Change AntiSamy to eventually use SAX parser by default, but allow DOM parser to be used for backward compatibility
- Does esapi-java-legacy support jDK17 HOT 1
- Fix typo in comment in validation.properties files HOT 2
- Option to omit event type prefix in logs HOT 1
- Fix Encoder.encodeForLDAP and Encoder.encodeForDN so they are strictly conformant with Section 3 of RFC 4515 HOT 1
- decode method doesn't work proper for some strings HOT 3
- Revert Dependency Check goal from 'purge' to 'check' once NVD API stops returning 503 'Service Unavailable' errors HOT 1
- DefaultEncoder / getCanonicalizedURI returns mix encoding for HTML special characters HOT 5
- Fix Encoder.getCanonicalizedURI(URI) for the test case of a double-ampersand in the HTML Query HOT 1
- HTMLEntityCodec Mysteriously decodes &or HOT 11
- easpi .properties and validation properties are present but still it is throwing error and the application is failing do you have any solution for this HOT 3
- Validator.isValidSafeHTML() is vulnerable as per CVE-2023-4780 HOT 1
- Validation does not work with esapi jakarta jar HOT 3
- Getting org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. HOT 4
- ConcurrentModificationException HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from esapi-java-legacy.