New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
java.lang.ExceptionInInitializerError in 2.0 version #71
Comments
From chrisisbeef on December 01, 2009 23:39:29 This test was replaced with testConcurrency() in EncoderTest. Status: WontFix |
From kevin.w.wall@gmail.com on December 02, 2009 17:39:39 I don't agree with the "WontFix" status. We should either delete the test or Summary: java.lang.ExceptionInInitializerError in 2.0 version |
From lake...@gmail.com on December 06, 2009 19:50:06 The issue seems to occur with my application too. I'm using DefaultEncoder class to encode javascript in the tag Is this a known issue? This issue never occurred with older version of the jar. Please help. Thank you. |
From chrisisbeef on December 06, 2009 20:30:27 Can you attach a code sample of how you are using the encoder? Status: Accepted |
From lake...@gmail.com on December 07, 2009 17:47:24 Unfortunately, I can't provide the actual code due to licensing reasons. But, I'm StringBuffer output = new StringBuffer(); |
From lake...@gmail.com on December 07, 2009 18:23:11 Here's a small simple test I just wrote...hope this helps. import org.owasp.esapi.Encoder; public class SimpleEncoderTest {
} Here's the output when I run it with ESAPI-2.0-rc4.zip Exception in thread "main" java.lang.ExceptionInInitializerError Here's the output when I run it with earlier version of the jar - My\x20funds\x20\x40\x20St.\x20Paul\x27s\x20Bank |
From planetlevel on December 07, 2009 19:47:16 This looks like the ESAPI.properties file can't be found on the classpath. |
From chrisisbeef on December 07, 2009 21:19:32 Beat me to the punch here. The problem here is the following line:
This requires that ESAPI.properties be loadable from the classpath. Please also note This exception is not an issue with the code itself, but perhaps this is a |
From planetlevel on December 08, 2009 05:56:25 At a minimum, we need a better error message. If possible, should we deploy with a |
From chrisisbeef on December 08, 2009 14:52:14 I think allowing the ESAPI to be used in an un-initialized state creates a couple I can definately look into the error messaging for this case. Changing the logger to I am not sure if this will make it into the 2.0-final release at this point. This This should be scheduled for 2.0.2 or a later patch revision Labels: -Priority-Medium Priority-Low OpSys-All Component-Logic Usability |
From lake...@gmail.com on December 08, 2009 18:09:20 Thanks for all the info guys. I agree with @planetlevel that it'd be convenient if With that said, how/where do I include this properties file to run this successfully? Also, what's the target date for final 2.0 release? Thank you again for all your help. |
From chrisisbeef on December 08, 2009 20:14:24 Originally we included the "default" ESAPI.properties in the jar, but we removed it @lakers8 (love the twitterification of the internet) - here are some links: http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/reference/DefaultSecurityConfiguration.html Also, the latest RC can be downloaded which includes documentation and installation |
From kevin.w.wall@gmail.com on May 08, 2010 19:20:51 Two things to note. One it was decided not to include a default ESAPI.properties file Secondly, has anyone ever checked this since Jim rewrote how the ESAPI.properties Since one would see that this problem could happen for almost any reference model
rather than via |
From lake...@gmail.com on May 25, 2010 17:17:23 Interesting observation folks. I tested this w/out setting ESAPI.properties and it I'm using 1.4.4 version and I'm not using any ESAPI.properties(not even a blank file, |
From manico.james@gmail.com on October 31, 2010 23:05:28 Ping. Thoughs on this? Labels: Milestone-Release2.0 |
From chrisisbeef on November 01, 2010 00:11:37 If exceptions are indeed being swallowed - this is no bueno. ESAPI should not be allowed to execute code paths in an unconfigured state. I will try to look into it this week. |
From kevin.w.wall@gmail.com on February 12, 2011 00:35:46 Chris, have you had a chance to look at this? Meanwhile, since it is rated as a low priority, I am changing it to the 2.1 milestone. Labels: -Milestone-Release2.0 Milestone-Release2.1 |
From kevin.w.wall@gmail.com on September 22, 2014 18:44:57 Labels: FirstBug |
Had to have been fixed in the intervening years. I cannot reproduce it. |
Bootstrapping the ESAPI logger related properties has long been an iffy proposition, but this probably got ixed when Manico rewrote the |
From lake...@gmail.com on November 23, 2009 21:07:54
What steps will reproduce the problem? 1. Running a simple test found here: https://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/test/java/org/owasp/esapi/reference/EncoderConcurrencyTest.java?spec=svn408&r=408 with new 2.0rc4 version. What is the expected output? What do you see instead? It should encode the javascript. I see this exception stack trace instead. What version of the product are you using? On what operating system? ESAPI-2.0-rc4.zip on Windows XP. Please provide any additional information below. Exception in thread "Thread-0" Exception in thread "Thread-1"
java.lang.Exceptio
nInInitializerError
at EncoderConcurrencyTest.run(EncoderConcurrencyTest.java:19)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.NullPointerException
at java.util.Properties$LineReader.readLine(Properties.java:365)
at java.util.Properties.load(Properties.java:293)
at
org.owasp.esapi.reference.DefaultSecurityConfiguration.loadProperties
FromStream(DefaultSecurityConfiguration.java:370)
at
org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurat
ion(DefaultSecurityConfiguration.java:507)
at
org.owasp.esapi.reference.DefaultSecurityConfiguration.(Default
SecurityConfiguration.java:207)
at org.owasp.esapi.ESAPI.(ESAPI.java:87)
... 2 more
java.lang.NoClassDefFoundError
at EncoderConcurrencyTest.run(EncoderConcurrencyTest.java:19)
at java.lang.Thread.run(Thread.java:595)
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=61
The text was updated successfully, but these errors were encountered: