demba90 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

DecodeFromURL fails when the input is "%" (without quotes) #214

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Execute the code - 
ESAPI.encoder().decodeFromURL(ESAPI.encoder().encodeForURL("%")

What is the expected output? What do you see instead?
Expected output - "%" (without quotes)
Current output - 
Exception in thread "main" java.lang.NoClassDefFoundError: 
javax/servlet/ServletRequest
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Unknown Source)
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74)
    at org.owasp.esapi.ESAPI.httpUtilities(ESAPI.java:121)
    at org.owasp.esapi.ESAPI.currentRequest(ESAPI.java:70)
    at org.owasp.esapi.reference.Log4JLogFactory$Log4JLogger.log(Log4JLogFactory.java:275)
    at org.owasp.esapi.reference.Log4JLogFactory$Log4JLogger.warning(Log4JLogFactory.java:200)
    at org.owasp.esapi.reference.DefaultIntrusionDetector.addException(DefaultIntrusionDetector.java:65)
    at org.owasp.esapi.errors.EnterpriseSecurityException.<init>(EnterpriseSecurityException.java:96)
    at org.owasp.esapi.errors.EncodingException.<init>(EncodingException.java:59)
    at org.owasp.esapi.reference.DefaultEncoder.decodeFromURL(DefaultEncoder.java:409)
    at Test.main(Test.java:28)
Caused by: java.lang.ClassNotFoundException: javax.servlet.ServletRequest
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    ... 12 more

What version of the product are you using? On what operating system?
ESAPI_2.0_rc10.jar

Does this issue affect only a specified browser or set of browsers?
Browser independent

Please provide any additional information below.

Original issue reported on code.google.com by pkla...@gmail.com on 10 Mar 2011 at 7:44