slocumbf / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

SecurityConfigurationTest failure #42

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. checkout current trunk (revision 701)
2. mvn -Dtest=SecurityConfigurationTest test

What is the expected output? What do you see instead?
Tests should pass. One test errors.

What version of the product are you using? On what operating system?
trunk revision 701.
x86_64-unknown-linux-gnu/Debian Sid/Sun hotspot jvm 1.60 16

Please provide any additional information below.

The test that is failing is testGetResourceFile(). This test is as follows:
ESAPI.securityConfiguration().getResourceFile(null);
The current implementation of getResourceFile(String) in
DefaultSecurityConfiguration passes this null directly to new File()
causing a NullPointerException (NPE).

Looking at the end of the method, null is supposed to be returned if the
file is not found. The attached patch also returns null for a null filename
allowing the test to pass. The patch also updates the java doc to describe
returning null when the file is not found.

It's interesting to note that getResourceStream(String) would exhibit the
same behavior except it catches all Exceptions (including the NPE) and
tries the class loader instead.

Original issue reported on code.google.com by schal...@darkmist.net on 20 Oct 2009 at 5:38

Attachments:

GoogleCodeExporter commented 9 years ago
Updated patch to apply against trunk revision 741

Original comment by schal...@darkmist.net on 2 Nov 2009 at 11:07

Attachments:

GoogleCodeExporter commented 9 years ago
Patch applied in revision 751.

Original comment by schal...@darkmist.net on 4 Nov 2009 at 8:25