Improve ConfigurationException message thrown from EsapiPropertyLoaderFactory.createPropertyLoader()

ESAPI / esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.

https://owasp.org/www-project-enterprise-security-api/

Other

603 stars 364 forks source link

Improve ConfigurationException message thrown from EsapiPropertyLoaderFactory.createPropertyLoader() #735

Closed kwwall closed 1 year ago

kwwall commented 1 year ago

If the passed in configuration file name has neither a suffix of ".properties" or ".xml", then this is thrown:

throw new ConfigurationException("Configuration storage type [" + fileExtension + "] is not " +
                    "supported");

This exception message does not clearly convey what is expected for the ESAPI client to do to make it work.

Describe the solution you'd like Replace the current code, shown above, with something similar to this:

throw new ConfigurationException("Configuration path of [" + cfgPath + "] has unsupported file suffix." +
                    "Only .properties or .xml file suffix is supported.");

pintohen commented 1 year ago

I'll take a peek on this. I'll think of an appealing and intuitive message in order for everyone to understand what type of files shoud be supported.

kwwall commented 1 year ago

@HenriquePinto333 - Thanks. That would be great. If this is your first time contributing to ESAPI, be sure to read https://github.com/ESAPI/esapi-java-legacy#contributing-to-esapi-legacy.

Also, for a bit of context, you may want to read through the posts at https://groups.google.com/a/owasp.org/g/esapi-project-users/c/k9335ATXcoE on the ESAPI Project Users mailing list. (You should be able to read it even if you are not subscribed to the list.)