• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • paul wheaton
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Liutauras Vilda
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Piet Souris
Bartenders:
  • salvin francis
  • Mikalai Zaikin
  • Himai Minh

Issue with ESAPI

 
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i am running my application with ESAPI..



here my input contains filepath parameter filepath=C:\box\box.xml"

i am calling jsp using

but in jsp when i am trying to get that filepath i am getting path withpout file separator like cboxbox.xml

this is happing only with ESAPI if i removed ESAPI it works fine

here is my whole code


 
Sheriff
Posts: 3036
12
Mac IntelliJ IDE Python VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ravindra,

I added code tags to your post to make it easier to read. However, I'm still not sure what you're trying to do, and I'm vague on what problem you're seeing. Also, I don't see ESAPI at all. Can you clarify your problem a bit more?
 
ravindra patil
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As part of XSS Input Filtering i have added following lines in web.xml with

and in catalina.bat i have set

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\ESAPI"
where ESAPI folder contains ESAPI.properties files
as i said in my last post my parameter filePath is not coming with file separator . it removes "\"

 
Greg Charles
Sheriff
Posts: 3036
12
Mac IntelliJ IDE Python VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh, well, it might not be a matter of your code at all then. Windows' use of the backslash character as a file separator causes all kinds of headaches. That's because backslash generally means "escape" so it's forced to serve double-duty on Windows. You probably can fix your problem by escaping the backslash, i.e.:

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\\ESAPI"

Java recognizes the forward slash as a file separator even on Windows, so you can also probably do:

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:/ESAPI"
 
ravindra patil
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes You are correct issue is with backward Slash . replacing is with forward slash solves the problem ..

thanks a lot ...
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

ravindra patil wrote:As part of XSS Input Filtering i have added following lines in web.xml with

and in catalina.bat i have set

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\ESAPI"
where ESAPI folder contains ESAPI.properties files
as i said in my last post my parameter filePath is not coming with file separator . it removes "\"



Hi Ravindra,
Could you please let me know where is your web.xml location?
Is it the one in tomcat/conf folder?
regards,
rahoolm
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic