简单的 ESAPI 目录路径验证示例不起作用
Simple ESAPI Directory Path Validation Example Not Working
我已经构建了一个 ESAPITestValidator class 如下:
public class ESAPITestValidator {
Validator instance = ESAPI.validator();
ValidationErrorList errors = new ValidationErrorList();
File parent = null;
String path = new String("");
boolean status = false;
public boolean testGetValidDirectoryPath(String inputPath,String context)
{
try
{
parent = new File(inputPath).getParentFile().getCanonicalFile();
//String parent = ESAPI.securityConfiguration().getResourceFile("ESAPI.properties").getParentFile().getCanonicalPath();
path = instance.getValidDirectoryPath(context, inputPath, parent, true, errors);
status = true;
return status;
}catch(Exception exception)
{
exception.printStackTrace();
status= false;
}
return status;
}
}
现在我正在尝试从主 class 调用 testGetValidDirectoryPath(),如下所示:
public class HelloWorld {
public static void main(String[] args) {
ESAPITestValidator obj = new ESAPITestValidator();
if ( obj.testGetValidDirectoryPath("C:\Users\1730176\Downloads","C:\Users") )
System.out.println("Success");
else
System.out.println("Failure");
}
}
我还上传了 ESAPI.properties 和 Validation.properties 到与主节点和验证器 class 相同的源文件夹中。
但我收到以下异常:
System property [org.owasp.esapi.opsteam] is not set
System property [org.owasp.esapi.devteam] is not set
Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Arindam_Workspace\ESAPI_Workspace\ESAPIProofOfConcept\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory:
.esapi\ESAPI.properties
Found in 'user.home' directory: C:\Users30176\esapi\ESAPI.properties
Loaded 'ESAPI.properties' properties file
SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found
in ESAPI.properties. Using default: false
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Arindam_Workspace\ESAPI_Workspace\ESAPIProofOfConcept\
validation.properties
Not found in SystemResource Directory/resourceDirectory:
.esapi\validation.properties
Found in 'user.home' directory: C:\Users30176\esapi\validation.properties
Loaded 'validation.properties' properties file
Exception in thread "main" java.lang.NoClassDefFoundError:
javax/servlet/http/HttpServletRequest
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
at java.lang.Class.getMethod0(Class.java:2670)
at java.lang.Class.getMethod(Class.java:1603)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:77)
at org.owasp.esapi.ESAPI.validator(ESAPI.java:191)
at main.utility.ESAPITestValidator.<init>(ESAPITestValidator.java:20)
at main.core.HelloWorld.main(HelloWorld.java:16)
Caused by: java.lang.ClassNotFoundException:
javax.servlet.http.HttpServletRequest
at java.net.URLClassLoader.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
... 8 more
任何人都可以质疑我所做的事情或者我是否遗漏了什么?
JVM 正在查找 javax/servlet/http/HttpServletRequest class,而您尚未将其加载到 class 路径中。您需要在 class 路径中包含 java servlet API 的实现。请记住,ESAPI 是一个 web-based 库,如果您克隆实际的 esapi-java-legacy 项目并在那里进行单元测试,您可能会更轻松地进行测试。
我已经构建了一个 ESAPITestValidator class 如下:
public class ESAPITestValidator {
Validator instance = ESAPI.validator();
ValidationErrorList errors = new ValidationErrorList();
File parent = null;
String path = new String("");
boolean status = false;
public boolean testGetValidDirectoryPath(String inputPath,String context)
{
try
{
parent = new File(inputPath).getParentFile().getCanonicalFile();
//String parent = ESAPI.securityConfiguration().getResourceFile("ESAPI.properties").getParentFile().getCanonicalPath();
path = instance.getValidDirectoryPath(context, inputPath, parent, true, errors);
status = true;
return status;
}catch(Exception exception)
{
exception.printStackTrace();
status= false;
}
return status;
}
}
现在我正在尝试从主 class 调用 testGetValidDirectoryPath(),如下所示:
public class HelloWorld {
public static void main(String[] args) {
ESAPITestValidator obj = new ESAPITestValidator();
if ( obj.testGetValidDirectoryPath("C:\Users\1730176\Downloads","C:\Users") )
System.out.println("Success");
else
System.out.println("Failure");
}
}
我还上传了 ESAPI.properties 和 Validation.properties 到与主节点和验证器 class 相同的源文件夹中。 但我收到以下异常:
System property [org.owasp.esapi.opsteam] is not set
System property [org.owasp.esapi.devteam] is not set
Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Arindam_Workspace\ESAPI_Workspace\ESAPIProofOfConcept\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory:
.esapi\ESAPI.properties
Found in 'user.home' directory: C:\Users30176\esapi\ESAPI.properties
Loaded 'ESAPI.properties' properties file
SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found
in ESAPI.properties. Using default: false
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Arindam_Workspace\ESAPI_Workspace\ESAPIProofOfConcept\
validation.properties
Not found in SystemResource Directory/resourceDirectory:
.esapi\validation.properties
Found in 'user.home' directory: C:\Users30176\esapi\validation.properties
Loaded 'validation.properties' properties file
Exception in thread "main" java.lang.NoClassDefFoundError:
javax/servlet/http/HttpServletRequest
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
at java.lang.Class.getMethod0(Class.java:2670)
at java.lang.Class.getMethod(Class.java:1603)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:77)
at org.owasp.esapi.ESAPI.validator(ESAPI.java:191)
at main.utility.ESAPITestValidator.<init>(ESAPITestValidator.java:20)
at main.core.HelloWorld.main(HelloWorld.java:16)
Caused by: java.lang.ClassNotFoundException:
javax.servlet.http.HttpServletRequest
at java.net.URLClassLoader.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
... 8 more
任何人都可以质疑我所做的事情或者我是否遗漏了什么?
JVM 正在查找 javax/servlet/http/HttpServletRequest class,而您尚未将其加载到 class 路径中。您需要在 class 路径中包含 java servlet API 的实现。请记住,ESAPI 是一个 web-based 库,如果您克隆实际的 esapi-java-legacy 项目并在那里进行单元测试,您可能会更轻松地进行测试。