ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
Describe the bug
JavaLogFactory is not picked up from the ESAPI.properties file even after setting it via ESAPI.Logger key in properties file
*Specify what ESAPI version(s) you are experiencing this bug in
2.5.1.0
To Reproduce
I am trying to utilize the API ESAPI.encoder().encodeForSQL() for one of the Query executions to prevent SQL Injection in my code. When I execute the code it is throwing the below exception:
Connection failed with exception java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. !STACK 0 ConnectionException: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129) at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101) ... 4 more
Caused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) ... 7 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory cannot be found by xyz.qualifier LogFactory class (org.owasp.esapi.reference.Log4JLogFactory) must be in class path. at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108) at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:139) at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:155) at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:85) at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:109) at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:68) ... 12 more Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory cannot be found by xyz.qualifier at org.eclipse.osgi.internal.loader.BundleLoader.generateException(BundleLoader.java:529) at org.eclipse.osgi.internal.loader.BundleLoader.findClass0(BundleLoader.java:524) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:416) at org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:168) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:375) at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
In my ESAPI.properties file I have the below configuration for the logger where I am trying to use JavaLogFactory. But the ESAPI is trying to find the Log4JLogFactory which is not set anywhere in the properties file.
Expected behavior
I am currently making use of Java Util logging mechanism and trying to map org.owasp.esapi.logging.java.JavaLogFactory to the ESAPI.Logger key in properties file . The expected behavior is it should not throw the ClassNotFound Exception where it is trying to find the org.owasp.esapi.reference.Log4JLogFactory class which is not available and set anywhere in the properties file.
Platform environment (please complete the following information):
OS: Windows
Browser : Chrome
JDK version used with ESAPI: Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
SubashJanarthanan
commented
1 year ago
Describe the bug JavaLogFactory is not picked up from the ESAPI.properties file even after setting it via ESAPI.Logger key in properties file
*Specify what ESAPI version(s) you are experiencing this bug in 2.5.1.0
To Reproduce I am trying to utilize the API ESAPI.encoder().encodeForSQL() for one of the Query executions to prevent SQL Injection in my code. When I execute the code it is throwing the below exception:
Connection failed with exception java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. !STACK 0 ConnectionException: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129) at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101) ... 4 moreCaused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) ... 7 moreCaused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory cannot be found by xyz.qualifier LogFactory class (org.owasp.esapi.reference.Log4JLogFactory) must be in class path. at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108) at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:139) at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:155) at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:85) at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:109) at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:68) ... 12 more Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory cannot be found by xyz.qualifier at org.eclipse.osgi.internal.loader.BundleLoader.generateException(BundleLoader.java:529) at org.eclipse.osgi.internal.loader.BundleLoader.findClass0(BundleLoader.java:524) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:416) at org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:168) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:375) at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)In my ESAPI.properties file I have the below configuration for the logger where I am trying to use JavaLogFactory. But the ESAPI is trying to find the Log4JLogFactory which is not set anywhere in the properties file.
Expected behavior I am currently making use of Java Util logging mechanism and trying to map org.owasp.esapi.logging.java.JavaLogFactory to the ESAPI.Logger key in properties file . The expected behavior is it should not throw the ClassNotFound Exception where it is trying to find the org.owasp.esapi.reference.Log4JLogFactory class which is not available and set anywhere in the properties file.
Platform environment (please complete the following information):