堆栈内存溢出
  简体   繁体   English

无法启动 OWASP.ESAPI 库。 配置问题?

[英]Cannot make the OWASP.ESAPI library to start up. Configuration issue?

 原文  2021-12-07 10:29:03       spring-boot/ sql-injection/ esapi

问题描述

I need to set up this lib to encode the SQL queries.我需要设置这个库来编码 SQL 查询。 In my Spring Boot app (11th Java) I added to POM.xml the following dependency:在我的 Spring 引导应用程序(第 11 个 Java)中,我向 POM.xml 添加了以下依赖项:

<dependency>
    <groupId>org.owasp.esapi</groupId>
    <artifactId>esapi</artifactId>
    <version>2.2.0.0</version> 
</dependency>

Added to the resources the ESAPI.properties file w/ the following content:向资源中添加了 ESAPI.properties 文件,其中包含以下内容:

ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory

And during the unit test execution i catch this exception:在单元测试执行期间,我发现了这个异常:

java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.

BTW as a logging subsystem I use logback.顺便说一句,我使用 logback 作为日志记录子系统。

Adding stacktrace添加堆栈跟踪

"2021-12-07T14:18:54.298+03:00","level":"ERROR","logger_name":"bankclient.controller.GlobalControllerExceptionHandler","application":"BANKCLIENT","app_version":"undefined","thread_name":"main","message":"Undefined request processing error",
"stackTrace":"org.owasp.esapi.errors.ConfigurationException: SecurityConfiguration for Logger.LogEncodingRequired not found in ESAPI.properties
\org.owasp.esapi.reference.DefaultSecurityConfiguration.getBooleanProp(DefaultSecurityConfiguration.java:1354)
    at 
org.owasp.esapi.logging.slf4j.Slf4JLogFactory.<clinit>(Slf4JLogFactory.java:53)
    ... 147 common frames omitted

Wrapped by: java.lang.ExceptionInInitializerError: null
    at 
java.lang.Class.forName0(Class.java)
    at 
java.lang.Class.forName(Class.java:315)
    at  org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
    at 
org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
    at 
org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137)
    at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:153)
    at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:83)
    at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:67)
    ... 
139 common frames omitted

Wrapped by: java.lang.reflect.InvocationTargetException: null
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java)
    at  jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at  jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:566)
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
    ... 
134 common frames omitted

Wrapped by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
    at 
org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
    at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99)
    at  bankclient.repository.currency.JdbcCurrencyOperationRepository.findOperationsWithDateAndDocType(JdbcCurrencyOperationRepository.java:220)
    at bankclient.interactors.documents.currency.operations.CurrencyDocumentViewer.execute(CurrencyDocumentViewer.java:25)
    at

Why this exception is thrown?为什么会抛出这个异常? Did I missed some steps in configuration?我错过了配置中的一些步骤吗? Are there smth.有没有。 like a Spring Boot starter for esapi library?像 esapi 库的 Spring 启动器?

1 个解决方案

解决方案1
 0  2021-12-08 06:17:28

What is wrong is actually in plain sight.问题实际上是显而易见的。

stackTrace":"org.owasp.esapi.errors.ConfigurationException: SecurityConfiguration for Logger.LogEncodingRequired not found in ESAPI.properties

You are missing a property in your ESAPI.properties file, the Logger.LogEncodingRequired property is missing.您的ESAPI.properties文件中缺少一个属性,即缺少Logger.LogEncodingRequired属性。 Which is this message telling you (quite explicitly if I might add).这是这条消息告诉你的(如果我可以补充的话,非常明确)。

Add添加

Logger.LogEncodingRequired=false # Or true if you need this

to your properties and this error should be gone.到你的属性,这个错误应该消失了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 OWASP ESAPI 找不到我的 ESAPI.properties 文件,尽管它存在于目录中 - OWASP ESAPI can't find my ESAPI.properties file although it exists in directory ESAPI 记录器抛出 org.owasp.esapi.errors.ConfigurationException:HttpUtilities.MaxHeaderNameSize 的 SecurityConfiguration 类型不正确 - ESAPI Logger throwing org.owasp.esapi.errors.ConfigurationException: SecurityConfiguration for HttpUtilities.MaxHeaderNameSize has incorrect type 不兼容的 spring 引导版本导致应用程序无法启动。 我们如何识别 pom 中包含的错误版本 - Incompatible spring boot version causing application to not start up. How can we identify the wrong version included in the pom 如何在 Spring 引导应用程序启动时自动验证 @Configuration 类? - How are @Configuration classes validated automatically on Start Up of Spring Boot application? Spring 应用程序无法启动,出现异常 java.lang.IllegalStateException:无法加载配置 class:SpringAnnotPckg.JavaConfig - Spring application failing to start with the exception java.lang.IllegalStateException: Cannot load configuration class: SpringAnnotPckg.JavaConfig Spring Boot YAML自动数据源配置问题 - 未获取数据源URL - Spring Boot YAML Auto Data Source Configuration Issue - Data Source URL not picked up 如何修复使用Spring Security保护的应用程序中报告的OWASP不安全临时文件问题 - How to fix OWASP Insecure Temporary File issue reported in an application secured using Spring Security 使用ESAPI编码对象 - encode an object using ESAPI Spring 引导配置和配置属性问题 - Issue with Spring boot configuration and configuration properties 如何使SBT中的编译任务取决于Java源处理器库(spring-boot-configuration-processor) - How can I make the compile task in SBT depend on a java source-processor library (spring-boot-configuration-processor)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM