Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug found in union() method of EncoderConstants class. #194

Closed
meg23 opened this issue Nov 13, 2014 · 2 comments
Closed

Bug found in union() method of EncoderConstants class. #194

meg23 opened this issue Nov 13, 2014 · 2 comments
Labels
bug imported Priority-Medium

Comments

@meg23
Copy link

meg23 commented Nov 13, 2014

From coa...@gmail.com on November 12, 2010 17:21:58

The attached TestNG unit test will expose the bug within the union() method of the src\main\java\org\owasp\esapi\EncoderConstants.java source, and demonstrate the expected output.

Note: We appear to be using version 1.4, as this method has now been moved to the StringUtilities.java class. The logic is the same, though.

This issue isn't specific to an operating system or browser.

Here is a solution that fixes the problem –

 public static char[] union(char[]... list) {

   StringBuilder sb = new StringBuilder();



   for (char[] characters : list) {

           for (int i = 0; i < characters.length; i++) {

               if (!contains(sb, characters[i])) {

                   sb.append(characters[i]);

               }

           }

   }



     char[] toReturn = new char[sb.length()];

     sb.getChars(0, sb.length(), toReturn, 0);

     Arrays.sort(toReturn);

     return toReturn;

 }

Attachment: EncoderConstantsTest.java

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=184
@meg23
Copy link
Author

meg23 commented Nov 13, 2014

From coa...@gmail.com on November 13, 2010 12:04:25

This is actually a bug with the StringUtilities class, not the EncoderConstants class.

@meg23
Copy link
Author

meg23 commented Nov 13, 2014

From kevin.w.wall@gmail.com on September 29, 2014 17:27:46

This should be fixed as a result of fixing issue # 323 which was closed in July 2014 by revision r1943 .

Status: Fixed

@meg23 meg23 closed this as completed Nov 13, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug imported Priority-Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@meg23