Exceptions in org/owasp/esapi/errors should mark logger as transient

ibnemahdi / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java

Other

0 stars 0 forks source link

Exceptions in org/owasp/esapi/errors should mark logger as transient #148

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Try to serialize one of the exceptions, to a DB, file, etc.
2.
3.

What is the expected output? What do you see instead?
Exception should serialize since it extends Throwable which is serializable.  
Logger object prevents that.

What version of the product are you using? On what operating system?
ESAPI 2.0rc7 on linux

Please provide any additional information below.
For exceptions that have a logger, mark the member variable as transient.

Original issue reported on code.google.com by jtmel...@gmail.com on 24 Sep 2010 at 11:53

GoogleCodeExporter commented 9 years ago

Also created a patch to make things easier.  Turns out there were only 2 
classes that needed the change since most exceptions extend 
EnterpriseSecurityException

Original comment by jtmel...@gmail.com on 25 Sep 2010 at 2:49

Attachments:

ESAPI_2.0.transient_logger.melton.patch

GoogleCodeExporter commented 9 years ago

Deleted patch from previous comment.  I was given commit privs by Jim and I 
updated the IntrusionException and EnterpriseSecurityException classes to add 
the transparent keyword to the logger instance declaration, in order to allow 
serialization.  I ran the unit tests before and after the updates.

Original comment by jtmel...@gmail.com on 28 Sep 2010 at 6:11

Changed state: Fixed