Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Input Validation Error

 
Nelo Angelo
Ranch Hand
Posts: 44
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,

I was trying an input validation example taken from the OWASP ESAPI and I am getting the following error:

Error: Cannot make a static reference to the non-static method getValidInput(String, String, String, int, boolean) from the type Validator

Html:


Servlet


Any suggestions?
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the error message states getValidInput method is not a static method. but you have made a static method call which is wrong!
 
Nelo Angelo
Ranch Hand
Posts: 44
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thanks for the reply. I made proper adjustments to the syntax and now I am getting the following exception:


type Exception report


description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Servlet execution threw an exception


root cause

java.lang.NoClassDefFoundError: org/owasp/validator/html/PolicyException
com.example.web.InputValidation.doPost(InputValidation.java:44)



New Code:


 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
 
Kevin W. Wall
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nelo Angelo wrote:Hi,

Thanks for the reply. I made proper adjustments to the syntax and now I am getting the following exception:


type Exception report


description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Servlet execution threw an exception


root cause

java.lang.NoClassDefFoundError: org/owasp/validator/html/PolicyException
com.example.web.InputValidation.doPost(InputValidation.java:44)



New Code:




First, rather than using


I would recommend using:


Secondly, what version of ESAPI are you using? The latest version (which I would highly recommend) is 2.0.1.
Lots of bug fixes in ESAPI 2.0.x. The reason I ask is that ESAPI 2.0 has no PolicyException. In fact, Validator.isValidInput() throws IntrusionException not PolicyException. (See
http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Validator.html#isValidInput%28java.lang.String,%20java.lang.String,%20java.lang.String,%20int,%20boolean%29)

Thirdly, I'd recommend that you post ESAPI questions to the ESAPI-User mailing list if you have ESAPI specific questions. You can sign up for that mailing list at:
https://lists.owasp.org/mailman/listinfo/esapi-user

Hope this helps somewhat.
-kevin wall
 
Nelo Angelo
Ranch Hand
Posts: 44
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kevin W. Wall wrote:
Nelo Angelo wrote:Hi,

Thanks for the reply. I made proper adjustments to the syntax and now I am getting the following exception:


type Exception report


description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Servlet execution threw an exception


root cause

java.lang.NoClassDefFoundError: org/owasp/validator/html/PolicyException
com.example.web.InputValidation.doPost(InputValidation.java:44)



New Code:




First, rather than using


I would recommend using:


Secondly, what version of ESAPI are you using? The latest version (which I would highly recommend) is 2.0.1.
Lots of bug fixes in ESAPI 2.0.x. The reason I ask is that ESAPI 2.0 has no PolicyException. In fact, Validator.isValidInput() throws IntrusionException not PolicyException. (See
http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Validator.html#isValidInput%28java.lang.String,%20java.lang.String,%20java.lang.String,%20int,%20boolean%29)

Thirdly, I'd recommend that you post ESAPI questions to the ESAPI-User mailing list if you have ESAPI specific questions. You can sign up for that mailing list at:
https://lists.owasp.org/mailman/listinfo/esapi-user

Hope this helps somewhat.
-kevin wall



Hi kevin, thanks for the reply. I ran the code with the changes you suggested but the same exception keeps appearing.
I am using ESAPI 1.4.4.

Also, when I run other projects that use ESAPI (SqlInjection prevention), it runs successfully, but produces the following warning:



Thanks for the info about their mailing list. I forwarded this issue to them and hope that this problem would be fixed soon.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic