search

peval / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Temporary files not being cleaned up on WAF JUnit tests #55

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The WAF class InterceptingServletOutputStream is creating temporary
files via:

   this.out = new RandomAccessFile ( File.createTempFile("oew", ".hop"),
"rw" ); 

that are not being cleaned up when certain WAF JUnit tests are being run.
For example,

/tmp> ls -l oew7672934197290659613.hop
-rw------- 1 kevin users 57 2009-11-09 21:29 oew7672934197290659613.hop
/tmp> cat oew7672934197290659613.hop
   This is the body of a response for /here_is_the_2008
/tmp> 

I just found 81, mostly empty files of pattern

     /tmp/oew###################.hop

on my system. Most likely it was because of all the WAF tests that
were failing.  However might be a good idea to create an @AfterClass
annotation that cleans them up in case of test failures (or could do
in teardown() method as well).

I have not ran any WAF JUnit tests since they've been fixed so this
probably may have disappeared, but certainly has the potential to
reappear again at any time.

Original issue reported on code.google.com by kevin.w.wall@gmail.com on 12 Nov 2009 at 2:33

GoogleCodeExporter commented 9 years ago

Original comment by kevin.w.wall@gmail.com on 12 Nov 2009 at 2:33

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 1 Nov 2010 at 4:24

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 1 Nov 2010 at 6:03

GoogleCodeExporter commented 9 years ago

Original comment by chrisisbeef on 20 Nov 2010 at 9:51

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
I have similar issue in aplication running on WebLogic Server. Files like 
oew*.hop are not deleted form /tmp directory after http request and these files 
are still open which cause I get 'To many open files' exception (I have checked 
it using lsof command). Is there an option to force ESAPI to delete *.hop files 
after request ? Thanks in advance.

Original comment by miloshma...@gmail.com on 31 Aug 2012 at 8:38

GoogleCodeExporter commented 9 years ago 
Can somebody help me understand the necessity of creating temp files and 
reading the bytes when scanning the response? Issues like what Miloshmazur 
reported above would definitely occur, when implementing this in massive online 
banking applications.

Original comment by guru...@gmail.com on 5 Jul 2013 at 9:53

GoogleCodeExporter commented 9 years ago 
And one more thing, this is not hust specific to JUnit test cases. Even in 
regular application flow, temp file clean-up is not done.

Original comment by guru...@gmail.com on 5 Jul 2013 at 9:55

GoogleCodeExporter commented 9 years ago

Original comment by kevin.w.wall@gmail.com on 27 Sep 2014 at 3:17