search

ESAPI / esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
https://owasp.org/www-project-enterprise-security-api/
Other
603 stars 364 forks source link

Guard EncryptedProperties store operations due to Java 11 changes (GH #721) #730

Closed noloader closed 1 year ago

noloader commented 1 year ago

This check-in guards the EncryptedProperties self test failures due to Java 11 deprecating some write and store operations.

Previously the self test code would perform a write or store operation. This was Ok on Java 8 and 9, but causes an exception on Java 11.

EncryptedPropertiesUtils.storeProperties(encryptedFilePath, props, "<property value>");

This change guards the write and store operations, and skips the test if an UnsupportedOperationException is encountered.

boolean supported = true;
try {
    EncryptedPropertiesUtils.storeProperties(encryptedFilePath, props, "<property value>");
}
catch (UnsupportedOperationException ex) {
    supported = false;
}

if ( supported ) {
    // Continue with self test
}
else {
    // Print message that test was skipped
}
kwwall commented 1 year ago

@noloader - So, I did the following steps:

$ git clone git@github.com:noloader/esapi-java-legacy.git walton-pr730
$ cd walton-pr730
$ jdk 11   # Alias for a dot script that sets me up to use Java 11
$ mvn compile
$ mvn test

The 'mvn test' resulted in these errors, the same place you are experiencing them. I am running on a fully-patched Linux Mint 19.2, with a 4.15.0-189-generic kernel on x86_64 processor. The significant error output from 'mvn test' was:

[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   EncryptedPropertiesUtilsTest.testCreateNew:93 » UnsupportedOperation This method has been removed for security.
[ERROR]   EncryptedPropertiesUtilsTest.testLoadEncryptedAndAdd:165 » UnsupportedOperation This method has been removed for security.
[ERROR]   EncryptedPropertiesUtilsTest.testLoadPlaintextAndEncrypt:131 » UnsupportedOperation This method has been removed for security.
[ERROR]   ReferenceEncryptedPropertiesTest.testStoreLoad:160 » UnsupportedOperation This method has been removed for security.
[INFO] 
[ERROR] Tests run: 4274, Failures: 0, Errors: 4, Skipped: 0
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE

I've attached the Surefire report, but not sure it will help. org.owasp.esapi.reference.crypto.EncryptedPropertiesUtilsTest.txt org.owasp.esapi.reference.crypto.ReferenceEncryptedPropertiesTest.txt

kwwall commented 1 year ago

@noloader - BTW, this now is getting merge conflicts. That may be because I merged PR #720 after you created this PR and that PR was created before this. I presume you would want to keep the 'java 11' stuff.