search

ibnemahdi / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

SecurityWrapperRequest seems to mishandle/swallow allowNull argument #178

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Unit test:

assertNotNull(safeRequest.getParameter("e1", false));

Code that mishandles this test (from SecurityWrapperRequest):   

 public String getParameter(String name, boolean allowNull, int maxLength, String regexName) {
        String orig = getHttpServletRequest().getParameter(name);
        String clean = null;
        try {
            clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, orig, regexName, maxLength, allowNull);
        } catch (ValidationException e) {
            // already logged
        }
        return clean;
    }

Original issue reported on code.google.com by manico.james@gmail.com on 6 Nov 2010 at 9:06

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 19 Nov 2010 at 2:38

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 20 Nov 2010 at 11:30

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 29 May 2012 at 3:25