Where can I find ESAPI.properties?

Question

Am trying to use OWASP ESAPI library in my web app to escape request parameters in JSPs as below ESAPI.encoder().encodeForHTML(request.getParameter()).

I have added esapi-2.1.0.jar under WEB-INF/lib but I get the below exception

org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail. org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)

But I couldnt find ESAPI.properties in the JAR file. Any idea where I can get this? Also where should I place this properties file? Please help.

Answer 1

Here is the reference: ESAPI installation guide.

You can download ESAPI.properties from here.

You can create ESAPI.properties file yourself and place the same content there. It should be placed in your 'src/main/resources' folder.

Also you will need validation.properties file to handle XSS, which should be placed in 'src/test/resources' folder.

Please make sure to change the application name in these properties file to your application as in

Validator.Redirect=^\\/test.*$

test should be replaced with your application name.

Answer 2

Ok since the above links are all broken or will be outdated in a while (e.g. link to a specific version) here is the Github Link:

https://github.com/ESAPI/esapi-java-legacy/tree/develop/configuration/esapi