项目依赖信息:
<!-- ESAPI Version 2.0.1 --> <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.0.1</version> </dependency>
示例代码:
package com.hxstrive.esapi;
import org.junit.Test;
import org.owasp.esapi.ESAPI;
/**
* ESAPI 示例
* @author hxstrive.com
*/
public class EsapiHello {
@Test
public void encoder() {
String val = ESAPI.encoder().encodeForJavaScript("<script> var i = 0; for(;;){ console.log(i++); } </script>");
System.out.println(val);
}
}运行示例代码,输出的错误信息:
Attempting to load ESAPI.properties via file I/O. Attempting to load ESAPI.properties as resource file via file I/O. Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\demo_workspace\demo_java\demo_example\ESAPI.properties Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties Not found in 'user.home' (C:\Users\Administrator) directory: C:\Users\Administrator\esapi\ESAPI.properties Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException Attempting to load ESAPI.properties via the classpath. SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader! Attempting to load validation.properties via file I/O. Attempting to load validation.properties as resource file via file I/O. Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\demo_workspace\demo_java\demo_example\validation.properties Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties Not found in 'user.home' (C:\Users\Administrator) directory: C:\Users\Administrator\esapi\validation.properties Loading validation.properties via file I/O failed. Attempting to load validation.properties via the classpath. SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/ (root)' using current thread context class loader! org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129) at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99) at com.hxstrive.example.esapi.EsapiDemo.encoder(EsapiDemo.java:14) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.junit.runner.JUnitCore.run(JUnitCore.java:137) at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68) at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47) at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242) at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70) Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) ... 24 more Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.logging.java.JavaLogFactory LogFactory class (org.owasp.esapi.logging.java.JavaLogFactory) must be in class path. at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108) at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137) at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154) at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:75) at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:59) ... 29 more Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.logging.java.JavaLogFactory at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:264) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74) ... 33 more
上面错误信息提示,org.owasp.esapi.logging.java.JavaLogFactory 类没有发现,即在 classpath 中,没有找到 org.owasp.esapi.logging.java.JavaLogFactory 类。
(1)引入版本更高的 ESAPI,如下:
<!-- ESAPI Version --> <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.5.2.0</version> </dependency>
查看依赖的包结构,如下图:
(2)继续运行示例代码,运行成功,输出信息如下:
\x3Cscript\x3E\x20var\x20i\x20\x3D\x200\x3B\x20for\x28\x3B\x3B\x29\x7B\x20console.log\x28i\x2B\x2B\x29\x3B\x20\x7D\x20\x3C\x2Fscript\x3E
川公网安备51010802032098
