search

andytanoko / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

A space in the filepath of the Eclipse workspace breaks WAF rules #60

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Anytime a developers workspace has a space anywhere in the filepath, like

C:\Documents and Settings\Jim\workspace_35

The WAF tests will all break.

Original issue reported on code.google.com by manico.james@gmail.com on 20 Nov 2009 at 1:48

GoogleCodeExporter commented 8 years ago 
Tentatively adding this to 2.0 - Arshan, if you have time, I think this is a
worthwhile fix to get in, if not we can reschedule for 2.1

Original comment by chrisisbeef on 2 Dec 2009 at 7:57

GoogleCodeExporter commented 8 years ago 
This does not only affect the WAF. I'm seeing tests fail in the 
AccessController and
Validator in addition to the WAF, but only when the workspace path has a space 
in it.

I believe this is part of a larger issue searching for the resources directory 
when
the workspace has a space in it. This is what I'm seeing:

getValidDirectoryPath
Seeking ESAPI.properties
  Not found in 'org.owasp.esapi.resources' directory or file not readable:
C:\Documents and Settings\Administrator\Desktop\Workspace\ESAPI\ESAPI.properties
  Not found in SystemResource Directory/resourceDirectory (this should never happen):
C:\Documents%20and%20Settings\Administrator\Desktop\Workspace\ESAPI\target\test-
classes\.esapi\ESAPI.properties
  Not found in SystemResource Directory/.esapi(this should never happen):
C:\Documents%20and%20Settings\Administrator\Desktop\Workspace\ESAPI\target\test-
classes\.esapi\ESAPI.properties
  Not found in SystemResource Directory: ESAPI.properties
  Not found in 'user.home' directory: C:\Documents and
Settings\Administrator\.esapi\ESAPI.properties

-------

So it looks like it's not finding the resources directory in the jar at all. 
After
running all the tests it has made a .esapi directory at C:\Documents and
Settings\Administrator\.esapi.

Here are what I think are the relevant code snippets. I can't quite see what the
problem is though.

private static String customDirectory = 
System.getProperty("org.owasp.esapi.resources");
...
f = new File( customDirectory, filename );
if ( customDirectory != null && f.canRead() )
...

Original comment by cyounk...@gmail.com on 18 Jan 2010 at 1:33

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 18 Jan 2010 at 2:22

GoogleCodeExporter commented 8 years ago 
Fixed in r963 for 2.0.

Original comment by craig.yo...@gtempaccount.com on 18 Jan 2010 at 5:48

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 18 Jan 2010 at 6:00