FileBasedAuthenticator.verifyPasswordStrength does not calculate number of character sets correctly

GoogleCodeExporter commented 9 years ago

Latest ESAPI downloaded 25 June 2009 from
http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip

The verifyPasswordStrength calculates number of character sets using binary
searches like this:
Arrays.binarySearch(DefaultEncoder.CHAR_LOWERS, newPassword.charAt(i)) > 0

However, if newPassword.charAt(i) = 'a', the result of the binary search
will be 0 and the greater than comparison will return false.

Tests should be greater than or equal like this:
Arrays.binarySearch(DefaultEncoder.CHAR_LOWERS, newPassword.charAt(i)) >= 0

Original issue reported on code.google.com by stuart.l...@gmail.com on 25 Jun 2009 at 11:14

GoogleCodeExporter commented 9 years ago

This is a simple bug

Original comment by chrisisbeef on 29 Oct 2009 at 5:25

Changed state: Started
Added labels: Component-Logic, Milestone-Release2.0, Priority-High
Removed labels: Priority-Medium

GoogleCodeExporter commented 9 years ago

This issue was closed by revision r740.

Original comment by chrisisbeef on 29 Oct 2009 at 5:29

Changed state: Fixed

mway08 / owasp-esapi-java

FileBasedAuthenticator.verifyPasswordStrength does not calculate number of character sets correctly #17