Search code examples
javasecurityowaspesapi

Error using esapi

I'm trying to use OWASP ESAPI in my project. but the problem is owasp documentation is too complicated too me. I'm trying using validation from esapi but i can't get the results even if there's no error.

import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Validator;

public void security(String s) {
        System.out.println("connect 1");
        Validator instance = ESAPI.validator();
        System.out.println("connect 2");
        System.out.println(instance.isValidInput("test", "[email protected]", "Email", 100, false));
    }

Here's the results if i try to run it 3 times:

    connect 1
    Attempting to load ESAPI.properties via file I/O.
    Attempting to load ESAPI.properties as resource file via file I/O.
    Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.22\bin\ESAPI.properties
    Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
    Found in 'user.home' directory: C:\Users\xxxx\esapi\ESAPI.properties
    Loaded 'ESAPI.properties' properties file
    Attempting to load validation.properties via file I/O.
    Attempting to load validation.properties as resource file via file I/O.
    Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.22\bin\validation.properties
    Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties
    Found in 'user.home' directory: C:\Users\xxxx\esapi\validation.properties
    Loaded 'validation.properties' properties file
connect 1
connect 1

as you can see there's no error and the properties loaded properly. my problem is why it stopped there. why 'connect 2' not printed? and why the results of instance.isValidInput not printed too?

Solution

  • For Validation I have used this code directly where so ever I need to validate the User Input.

    String validatedAlertId = ESAPI.validator().getValidInput("alertId", alertId, "AlertIdRejex", 25, false);

    You may have something like this.

        public String security(String s) {
            System.out.println("connect 1");
            valiDatedString = ESAPI.validator().getValidInput("test", "[email protected]", "Email", 100, false);                
            System.out.println("connect 2"+valiDatedString);
            return valiDatedString
        }

    // CALLING CLASS/OBJECT

    AAAA.security This code has worked for me. For net beans and its configuration for the properties file check out this url.