search

batchu / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

1.4.2: missing configuration causes NullPointerException #94

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create a web app that uses ESAPI for html encoding
2. Do not install a esapi properties file
3. Call ESAPI.encoder().encodeForHTML(...)

What is the expected output? What do you see instead?
The method should function without the configuration. At the very least, a
error/exception explaining the issue should be used. Instead:

java.lang.NullPointerException
    org.owasp.esapi.reference.DefaultSecurityConfiguration.getResourceStream(DefaultSecurityConfiguration.java:675)
    org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:225)
    org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:143)
    org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:287)
    org.owasp.esapi.ESAPI.logFactory(ESAPI.java:220)
    org.owasp.esapi.ESAPI.getLogger(ESAPI.java:242)
    org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:83)
    org.owasp.esapi.ESAPI.encoder(ESAPI.java:127)

Please use labels and text to provide additional information.

Original issue reported on code.google.com by schal...@darkmist.net on 21 Jan 2010 at 6:05

GoogleCodeExporter commented 8 years ago 
This has been fixed in revision 977. getResourceStream now throws a
FileNotFoundException instead of a NullPointerException. As 
FileNotFoundException is
a IOException, this is actually handled gracefully by 
DefaultSecurityConfiguration.

Original comment by schal...@darkmist.net on 21 Jan 2010 at 6:18