Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where can I find ESAPI.properties?

Tags:

java

escaping

owasp

esapi

Am trying to use OWASP ESAPI library in my web app to escape request parameters in JSPs as below ESAPI.encoder().encodeForHTML(request.getParameter()).

I have added esapi-2.1.0.jar under WEB-INF/lib but I get the below exception

org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail. org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)

But I couldnt find ESAPI.properties in the JAR file. Any idea where I can get this? Also where should I place this properties file? Please help.

like image 549
Pro Avatar asked Mar 26 '15 03:03

Pro

People also ask

Where is Esapi properties file?

Configuration files (xml or . properties) can be found under the configuration/. esapi directory, and should be added to the . esapi configuration directory created above.

How do I create an Esapi properties file?

You can create ESAPI. properties file yourself and place the same content there. It should be placed in your 'src/main/resources' folder. Also you will need validation.

Is Esapi deprecated?

ESAPI for JavaScript: DEPRECATED - No longer supported; use at your own risk.

What is Esapi validator?

The Validator interface defines a set of methods for canonicalizing and validating untrusted input. Implementors should feel free to extend this interface to accommodate their own data formats. Rather than throw exceptions, this interface returns boolean results because not all validation problems are security issues.

2 Answers

Here is the reference: ESAPI installation guide.

You can download ESAPI.properties from here.

You can create ESAPI.properties file yourself and place the same content there. It should be placed in your 'src/main/resources' folder.

Also you will need validation.properties file to handle XSS, which should be placed in 'src/test/resources' folder.

Please make sure to change the application name in these properties file to your application as in

Validator.Redirect=^\\/test.*$

test should be replaced with your application name.

like image 77
Deepesh verma Avatar answered Sep 20 '22 11:09

Deepesh verma

Ok since the above links are all broken or will be outdated in a while (e.g. link to a specific version) here is the Github Link:

https://github.com/ESAPI/esapi-java-legacy/tree/develop/configuration/esapi

like image 25
Lonzak Avatar answered Sep 20 '22 11:09

Lonzak
Sign in to Comment

Related questions

How can I make a copy of a BufferedReader?
About the use of @ForceDiscriminator/@DiscriminatorOptions(force=true)
Hiding softkeyboard reliably
How to kill a thread which has a while(true)?
Java generics compile in Eclipse, but not in javac
What is the best way to inject a list with google-guice?
Logback: modify message via filter?
Java direct memory: using sun.misc.Cleaner in custom classes
Difference between javax.sql and java.sql?
How does the @Index annotation work in JPA 2.1? [duplicate]
How to run a single JUnit test method in Eclipse? [duplicate]
What is an <init> method in Java? Can it be overridden? [duplicate]
Setting up appium for iOS app test automation [closed]
Unable to retrieve post data using ,@Context HttpServletRequest when passed to OAuthTokenRequest using Oltu
JAXB: How to generate English Javadoc
freemarker - variable name with dot
Stream with sorted() before findFirst() is no longer lazy
How to check whether Quartz cron job is running?
Does JDBC have a maximum ResultSet size?
Class, Object, Trait, Sealed Trait in Scala

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!