Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a632819

Browse files
jeremylongjeremylong
authored
Merge pull request OWASP#37 from kwwall/master
Changes to get owasp-java-encoder to work with ESAPI 2.2.0.0 and later
2 parents 4a45510 + 8daeb09 commit a632819

File tree

4 files changed

+59
-2
lines changed

4 files changed

+59
-2
lines changed

esapi/pom.xml

+1-1
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@
6363
<dependency>
6464
<groupId>org.owasp.esapi</groupId>
6565
<artifactId>esapi</artifactId>
66-
<version>[2.0,2.1)</version>
66+
<version>[2.2,3)</version>
6767
</dependency>
6868
</dependencies>
6969
</project>

esapi/src/main/java/org/owasp/encoder/esapi/ESAPIEncoder.java

+14
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@
3535
package org.owasp.encoder.esapi;
3636

3737
import java.io.IOException;
38+
import java.net.URI;
3839
import org.owasp.encoder.Encode;
3940
import org.owasp.esapi.Encoder;
4041
import org.owasp.esapi.codecs.Codec;
@@ -63,6 +64,7 @@
6364
* {@link org.owasp.esapi.Encoder#canonicalize(String)},
6465
* {@link org.owasp.esapi.Encoder#canonicalize(String, boolean)},
6566
* {@link org.owasp.esapi.Encoder#canonicalize(String, boolean, boolean)}</li>
67+
* {@link org.owasp.esapi.Encoder#getCanonicalizedURI(URI)}</li>
6668
*
6769
* <li>Decoding methods:
6870
* {@link org.owasp.esapi.Encoder#decodeForHTML(String)},
@@ -80,6 +82,7 @@
8082
* <li>Rarely-used or alternate compatible encoding:
8183
* {@link org.owasp.esapi.Encoder#encodeForVBScript(String)},
8284
* {@link org.owasp.esapi.Encoder#encodeForLDAP(String)},
85+
* {@link org.owasp.esapi.Encoder#encodeForLDAP(String, boolean)},
8386
* {@link org.owasp.esapi.Encoder#encodeForDN(String)}</li>
8487
* </ul>
8588
*
@@ -152,6 +155,11 @@ public String canonicalize(String s, boolean restrictMultiple, boolean restrictM
152155
return _referenceEncoder.canonicalize(s, restrictMultiple, restrictMixed);
153156
}
154157

158+
/** {@inheritDoc} */
159+
public String getCanonicalizedURI(URI dirtyUri) {
160+
return _referenceEncoder.getCanonicalizedURI(dirtyUri);
161+
}
162+
155163
/** {@inheritDoc} */
156164
public String encodeForCSS(String s) {
157165
return Encode.forCssString(s);
@@ -197,6 +205,11 @@ public String encodeForLDAP(String s) {
197205
return _referenceEncoder.encodeForLDAP(s);
198206
}
199207

208+
/** {@inheritDoc} */
209+
public String encodeForLDAP(String s, boolean b) {
210+
return _referenceEncoder.encodeForLDAP(s, b);
211+
}
212+
200213
/** {@inheritDoc} */
201214
public String encodeForDN(String s) {
202215
return _referenceEncoder.encodeForDN(s);
@@ -236,5 +249,6 @@ public String encodeForBase64(byte[] bytes, boolean wrap) {
236249
public byte[] decodeFromBase64(String s) throws IOException {
237250
return _referenceEncoder.decodeFromBase64(s);
238251
}
252+
239253
}
240254
}

esapi/src/test/resources/.esapi/ESAPI.properties

+38-1
Original file line numberDiff line numberDiff line change
@@ -1 +1,38 @@
1-
ESAPI.Encoder=org.owasp.encoder.esapi.ESAPIEncoder
1+
# Properties based on ESAPI 2.2.1.1's configuration/esapi/ESAPI.properties file.
2+
3+
ESAPI.Encoder=org.owasp.encoder.esapi.ESAPIEncoder
4+
5+
# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
6+
# Note that this is now considered deprecated!
7+
#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
8+
9+
# To use JUL, you need to obtain ESAPI's esapi-java-logging.properties and drop
10+
# it somewhere into your class path. You can get it from the ESAPI configuration
11+
# jar. (See Release 2.2.1.1 under GitHub for ESAPI/esapi-java-legacy.)
12+
ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
13+
14+
# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
15+
#ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
16+
# and do whatever other normal SLF4J configuration that you normally would do for your application.
17+
18+
# Note: The uncommented out ones are those needed for SLF4J. Others may be
19+
# needed if you change the ESAPI logger.
20+
#===========================================================================
21+
# ESAPI Logging
22+
# Set the application name if these logs are combined with other applications
23+
Logger.ApplicationName=ESAPI-Shim-Test
24+
# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
25+
Logger.LogEncodingRequired=false
26+
# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
27+
Logger.LogApplicationName=true
28+
# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
29+
Logger.LogServerIP=false
30+
# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
31+
# want to place it in a specific directory.
32+
#Logger.LogFileName=ESAPI_logging_file
33+
# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
34+
#Logger.MaxLogFileSize=10000000
35+
# Determines whether ESAPI should log the user info.
36+
Logger.UserInfo=false
37+
# Determines whether ESAPI should log the session id and client IP
38+
Logger.ClientInfo=false

esapi/src/test/resources/esapi-java-logging.properties

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
handlers= java.util.logging.ConsoleHandler
2+
.level= INFO
3+
java.util.logging.ConsoleHandler.level = INFO
4+
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
5+
java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
6+
#https://www.logicbig.com/tutorials/core-java-tutorial/logging/customizing-default-format.html

0 commit comments

Comments
 (0)