search

Diewalkure / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
1 stars 0 forks source link

Exception in thread "main" java.lang.NoClassDefFoundError: org/owasp/validator/html/PolicyException #138

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

import org.owasp.esapi.ESAPI;
import org.owasp.esapi.codecs.*;

public class Test {
    public static void main(String [] args) {
        String XSSinput = "<script>alert(123)</script>;";
        boolean bHTML = ESAPI.validator().isValidSafeHTML("Test", XSSinput, 255, false);
        System.out.print("\nboolean: " + bHTML + "\n");
    }

What is the expected output? 
boolean: false

What do you see instead?
Exception in thread "main" java.lang.NoClassDefFoundError: 
org/owasp/validator/html/PolicyException
    at org.owasp.esapi.reference.DefaultValidator.getValidSafeHTML(DefaultValidator.java:240)
    at org.owasp.esapi.reference.DefaultValidator.isValidSafeHTML(DefaultValidator.java:227)
    at com.pgp.util.BrettTest.main(BrettTest.java:21)
Caused by: java.lang.ClassNotFoundException: 
org.owasp.validator.html.PolicyException
    at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
    ... 3 more

What version of the product are you using? On what operating system?
ESAPI 2.0 RC6 on Snow Leopard.

Original issue reported on code.google.com by logicalg...@gmail.com on 18 Aug 2010 at 10:39

GoogleCodeExporter commented 9 years ago 
You need the AntiSamy jar file and some others on your classpath. Check the 
dependencies on the website.

Original comment by planetlevel on 19 Aug 2010 at 12:21

GoogleCodeExporter commented 9 years ago 
Good morning. 

I'm trying to include ESAPI in my web application. 

Looking for my error I found this thread. I included antisamy in order to get 
rid of the same error specified by logicalgambit. 

The thing is that once included antisamy my application got another error in 
the same zone.

I can attach you the exception report. Have looked through everywhere but I 
didn't find the clue. If you could please help me with this issue.

The code where it fails it's this:

if (action == "correct_secure" &6 request.getParameter("area_editor") !="" && 
request.getParameter("area_editor") != null){
      String check = request.getParameter("area_editor");
      if (!ESAPI.validator().isValidSafeHTML ("area_editor", check, 5000000, false)){
             action= "error_area_editor";

Stacktrace:
    org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:401)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

And the current exception is this:

javax.servlet.ServletException: java.lang.NoClassDefFoundError: Could not 
initialize class org.owasp.esapi.reference.validation.HTMLValidationRule
    org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:862)
    org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:791)
    org.apache.jsp.validacion_005fseguridad_jsp._jspService(validacion_005fseguridad_jsp.java:341)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

I don't know if I must include any ValidationRule on validation.properties or 
ESAPI.properties or include any other class or anything.

I'm making my web application with netbeans running in Ubuntu 10.04 64 bits and 
the version of ESAPI is 2.0_rc7

Thank you

Original comment by GoTHMoG....@gmail.com on 20 Sep 2010 at 8:37

GoogleCodeExporter commented 9 years ago 
Can you please try the latest release candidate, rc10? This is not a bug, so 
I'm closing this out. And do not hesitate to continue this thread on esapi-user 
or esapi-dev

Original comment by manico.james@gmail.com on 2 Nov 2010 at 8:11

GoogleCodeExporter commented 9 years ago 

Add these lines to pom.xml

            <dependencies>
                  <dependency>
                  <groupId>owasp-esapi</groupId>
                  <artifactId>owasp-esapi</artifactId>
            </dependency>
            <dependency>
                  <groupId>antisamy</groupId>
                  <artifactId>antisamy</artifactId>
            </dependency>
            <dependency>
                  <groupId>commons-fileupload</groupId>
                  <artifactId>commons-fileupload</artifactId>
            </dependency>
      </dependencies>

Then try with a clean/package. In case, if its still not working try with a 
clean/install/package

Original comment by abhijitp...@gmail.com on 2 May 2011 at 6:08